CODE TECH - EN
  • 👋Welcome
  • Backoffice
    • 🤝Backoffice structure
    • 📅Code Tech scheduling
  • Support
    • 👋Service
    • 🗓️Technical Support
  • Technology
    • 💻Infrastructure
    • 📖Architecture
  • Gateway
    • 🔁Gateway Cripto
    • 🤑Gateway FIAT
  • Policies
    • 💶Transaction policy
    • 💰Payment policy
    • 🔐Security Policy
    • 🚀Compliance
      • KYC and AML
      • Regulatory Compliance
      • Dispute resolution
  • 💹Politics Money laundering
  • 📖LGPD Privacy Policy
Powered by GitBook
On this page
  1. Policies

Security Policy

Data security policy

1. Introduction

Data security is of the utmost importance in our financial gateway company. This policy aims to protect players' financial and personal data by maintaining data integrity, confidentiality and availability.

2. Objective

The aim of this policy is to establish comprehensive guidelines to ensure data security. This includes protecting financial data through encryption and robust security measures and respecting the privacy of players' personal data in compliance with regulations.

3. Responsibilities

3.1. Data Security Team

The data security team is responsible for ensuring that security measures are implemented and maintained. Their responsibilities include:

  • Developing security policies and procedures.

  • Constantly monitoring data security.

  • Coordinating the response to security incidents.

3.2. Senior Management

Senior management is responsible for promoting and supporting the company's data security culture. Their responsibilities include:

  • Allocating the resources needed to implement security measures.

  • Defining the data security strategy.

  • Supporting the data security team on critical issues.

3.3. Staff

All employees are responsible for complying with data security policies. Their responsibilities include:

  • Protecting confidential information.

  • Reporting security incidents or breaches.

  • Participating in data security training.

3.4. External Audit

External audits are carried out regularly by independent third parties to assess compliance with data security measures.

4. Financial Data Protection

4.1 Encryption of Financial Data

4.1.1 All financial data, including transactions and payment information, must be encrypted during transmission.

4.1.2 Secure and up-to-date encryption protocols must be used.

4.2. Secure Storage of Financial Data

4.2.1 Stored financial data must be protected by security measures such as firewalls, access controls and intrusion detection systems.

4.2.2 Retention of financial data must comply with applicable regulations.

4.3 Financial Security Audit

4.3.1 Financial data security must be regularly audited to identify vulnerabilities and ensure compliance.

4.3.2 Audit reports should be used to improve security practices.

5. Personal Data Protection

5.1 Collection and Processing of Personal Data

5.1.1 The collection and processing of players' personal data must be carried out transparently and in compliance with privacy regulations.

5.1.2. Players must be informed of the purpose of the collection and have the right to access and correct their personal data.

5.2 Management of Access to Personal Data

5.2.1 Access to personal data must be restricted to employees who need this information to carry out their duties.

5.2.2 Access control and employee authentication must be strict and in accordance with best security practices.

5.3 Rights of Data Subjects

5.3.1 Players have rights over their personal data, including the right to access, rectify and delete personal information.

5.3.2 The company must respond promptly to requests from data subjects and comply with privacy regulations.

6. Regulatory Compliance

6.1 General Data Protection Regulation (GDPR)

6.1.1 The company must fully comply with the GDPR, including explicit consent to the processing of personal data.

6.1.2 The company must appoint a Data Protection Officer (DPO) in accordance with the GDPR.

6.2 Local regulations

6.2.1 The company must comply with all data protection regulations specific to each jurisdiction in which it operates.

6.2.2 The compliance team must monitor local regulations and update policies accordingly.

7. Incident Response Plan

7.1 Definition of incidents

7.1.1 Data security incidents must be clearly defined and categorized.

7.1.2 An incident is any event that compromises the confidentiality, integrity or availability of data.

7.2 Notification procedures

7.2.1 The company must have clear notification procedures to inform regulatory authorities and data subjects of security incidents.

7.2.2 Notifications must be made within the time limits specified by the applicable regulations.

7.3 Mitigation and recovery

7.3.1 The data security team must coordinate actions to mitigate incidents and ensure the recovery of affected data.

7.3.2 Contingency plans must be established to ensure continuity of operations.

8. Data Security Training

8.1 Initial training

8.1.1 All employees must receive data security training during onboarding.

8.1.2. Initial training should cover relevant policies, procedures and regulations.

8.2 Ongoing training

8.2.1 Regular data security training should be provided to keep staff aware and up to date.

8.2.2 The data security team should coordinate this training.

9. Monitoring and Auditing

9.1 Security monitoring

9.1.1 The company must constantly monitor data security using monitoring and intrusion detection tools.

9.1.2 Alerts and anomalies must be investigated and dealt with promptly. 9.2 Internal Data Security Audit

9.2.1 Regular internal audits should be conducted to assess compliance and the effectiveness of security measures.

9.2.2 Audit reports should be used to improve security.

9.3 External Data Security Audits

9.3.1 Independent external audits should be conducted to verify compliance with security regulations and standards.

9.3.2 The findings of the external audit should be used to improve data security.

10. Review and Update

This policy will be reviewed periodically to ensure that it complies with constantly evolving regulations and best data security practices.

11. Documentation and Archiving

All records relating to data security, including audit reports and training, must be kept and archived in accordance with applicable regulations.

12. Conclusion

Data security is a priority in our company. Protecting players' financial and personal data is key to maintaining customer trust and complying with regulations. Compliance with security best practices is a commitment that all employees must follow. Our company strives to maintain the highest standards of data security to ensure the integrity and privacy of our players' data.

Links

🚀 Integrity

Code Tech guarantees the integrity and security of the information passed through its applications and services.

✊ Due diligence

Code Tech is committed to ensuring diligence in all aspects of our work. We employ thorough and careful processes in our operations to ensure that all actions are carried out with the utmost attention to detail. Diligence is a core value in our organizational culture, reflecting our commitment to excellence, transparency and accountability in all our undertakings.

💪 Responsibilities

Code Tech attaches the highest importance to the responsibilities we assume. We recognize that every action we take has an impact and, as such, we are responsible for our decisions and behavior. We take responsibility for our commitments, whether in relation to customers, employees or the environment.

PreviousPayment policyNextCompliance

Last updated 1 year ago

More information:

🔐
https://codetech.one