AKAN GLOBAL CONSULTANT AND TRADE LIMITED, known as the "Company" or "we," demonstrates its commitment to ensuring transparency regarding the implementation of security measures and policies for the protection and security of personal data and personally identifying information (collectively referred to as "Personal Data"). The Company operates in accordance with applicable data protection laws, including the EU General Data Protection Regulation ("GDPR"), the upcoming California Consumer Privacy Act ("CCPA"), and any relevant national laws. These measures are in place to support the Company's services, as outlined in our Privacy Policy. Collectively, these regulations are referred to as the "Data Protection Regulation."
The "Security Policy" serves as a comprehensive document that highlights the Company's existing security measures, which have been implemented as of the "Last Updated" date mentioned above. This Security Policy will undergo periodic updates to align with applicable laws and internal policies.
To safeguard the Personal Data processed by the Company, a robust information and cyber security program has been established, incorporating both technical and organizational safeguards. These measures are put in place to ensure the protection of Personal Data.
Physical Access Control:
The protection of our servers and facilities, where Personal Data is stored, against unwanted and unauthorized physical access is ensured. Microsoft Azure, a reputable cloud storage provider, has been chosen as our storage platform. The Personal Data collected by the Company is securely stored in Azure data servers. For more information on the data security provided by Microsoft Azure, please refer to: https://privacy.microsoft.com/en-US/privacystatement
Furthermore, the Company implements passcode-based access control to secure physical entry into our offices, allowing only authorized individuals such as employees and authorized external parties (maintenance staff, visitors, etc.) to access the premises. Fire and smoke alarms are installed in our offices, and all data backups are stored in fire and water-resistant safes.
Security Risk Analysis and Management:
A thorough assessment of potential risks and vulnerabilities associated with the Company's Personal Data has been conducted to ensure the confidentiality, integrity, and availability of electronically protected Personal Data. Periodic testing of our disaster plan is carried out to ensure our readiness to handle any emergency or disaster scenario. Our servers are equipped with automated backup procedures. As mentioned earlier, our office is equipped with fire detectors, fire extinguishers, and other relevant measures to address the occurrence of natural disasters.
System Control:
Access to the Company's database is highly restricted to authorized personnel who have obtained prior approval, ensuring that only the appropriate individuals can access the Company's Personal Data. Safeguards related to remote access and wireless computing capabilities are implemented. Employees are required to adhere to the Company's password policy, which mandates secure password composition and allows access or use of Personal Data only as required by their respective roles.
The access to data and the passwords used for login access are constantly monitored. Additionally, the Company employs automatic captcha, a lock-out mechanism, and disables password-saving programs to prevent unauthorized login attempts to the Company's servers through password guessing. Electronic procedures are implemented to terminate inactive sessions as well.
Data Access Control
Restrictions are in place to ensure that only employees with authorized access can access the Personal Data. Permissions are granted by the Company's cyber security officer or the CTO. Personal Data information cannot be accessed, modified, copied, used, transferred, or deleted without specific authorization. Access to the Personal Data and any actions involving its use require a password and username, which are regularly changed and blocked when necessary. User passwords are fully encrypted. Each employee can only perform actions based on their assigned permissions. All access is logged, monitored, and any unauthorized access is automatically reported.
Removable Media and Media Controls
The use of electronic removable media follows the Company's policy to prevent data loss. The disposal of removable media adheres to the Company's policy on removable media disposition. Employees may remotely access the Personal Data in accordance with the Company's policy. Remote control by employees is subject to the use of specific remote-control software that ensures a secure and encrypted connection.
Organizational and Operational Security
The Company invests significant efforts and resources to ensure compliance with its security practices. Employees receive ongoing training and periodic updates on security procedures. The Company aims to raise awareness of the risks associated with processing Personal Data. Applicable safeguards, such as web content filtering, firewalls, and anti-virus software ("Protection Measures"), are implemented on Company hardware, software, or employee computers to protect against viruses, worms, Trojan identifications, or any other malicious software. The Protection Measures cannot be deactivated by any user except the Company's cyber security officer in accordance with Company policies.
Transfer Control
All transfers of Personal Data between the client side and the Company's servers are protected using encryption safeguards. The Personal Data is encrypted before transfer. The Company's servers adhere to industry best standards for protection. Additionally, the destruction of Personal Data after termination of engagement is outlined in the contract between the parties. Where applicable, the Company's business partners enter into a Data Processing Agreement in accordance with applicable laws.
Data Retention
The Company retains Personal Data for the duration necessary to provide the services or as mandated by applicable laws. While individuals have the right to request data deletion, it is important to note that this request is not absolute and is subject to limitations outlined in the Company's Privacy Policy. The specific guidelines for data retention and deletion are detailed in the aforementioned policy, ensuring compliance with data protection regulations.
Job Control
Every employee of the Company is required to enter into an employment agreement that includes confidentiality provisions and relevant data protection clauses. These provisions bind employees to adhere to the Company's policies, particularly the computer security policy, which safeguards the handling of Personal Data. Additionally, employees undergo a screening process in accordance with regional laws to ensure their suitability for handling sensitive information.
In cases where an employee breaches their obligations or fails to comply with the Company's policies, the Company enforces appropriate repercussions to ensure compliance with the established rules. This enforcement is carried out in accordance with the Company's sanction policy, which outlines the disciplinary measures and corrective actions to be taken.
Furthermore, before engaging with third-party contractors, the Company conducts a thorough review of their security policies, specifically their information data security policies. This review ensures that the contractors' policies align with the Company's stringent standards for data security protection. Third-party contractors are granted access to Personal Data only in accordance with explicit instructions provided by the Company, ensuring that access is limited and controlled. By imposing these measures, the Company maintains a high level of data security throughout its operations and collaborations.