1.1.Keytrack New Zealand Limited (“Keytrack”, “The Company”) as a cloud-based software as a service business takes its responsibilities regarding the management of security very seriously. This document provides the policy framework through which effective management of Data Protection matters can be achieved. This Policy is addressed to Keytrack’s clients as well as to those individuals who will provide their personal data for processing (hereinafter – Data Subjects).
2.1. The purpose of this policy is to ensure that Keytrack’s staff shall comply with the provisions of New Zealand Law when processing personal data. Any serious infringement will be treated seriously and may be considered under disciplinary procedures. The company adheres to the privacy principles as laid down by New Zealand Privacy Act 1993, and positions for alignment with the EU GDPR. In accordance with these principles personal data shall be:
Processed fairly and lawfully and in a transparent manner in relation to the data subject;
Processed for specified, explicit and legitimate purposes only and not further processed in a manner that is incompatible with those purposes;
Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
Accurate and up to date;
Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
Not kept longer than necessary;
Processed in a manner that ensures appropriate security of the personal data;
Not transferred outside the countries of the European Economic Area or the EU without adequate protection.
4.1. Where external companies are used to process personal data on behalf of the Customer requesting Keytrack’s services, responsibility for the security and appropriate use of that data remains with the Customer.
Where a third-party processor is used by Keytrack:
a third-party processor may be chosen only when it provides sufficient guarantees about its security measures to protect the processing of personal data;
reasonable steps must be taken that such security measures are in place;
a written contract establishing what personal data will be processed and for what purpose must be set out and agreed;
5.1. Keytrack shall carry out the following specific measures to ensure data protection:
The Company uses a specially designed interface that makes it possible to submit the data directly to the Company’s secure servers;
The personal data accepted by the Company is always securely stored on the servers located in safe data centres;
Keytrack undertakes to preserve the personal data as long as it is necessary for the clients under applicable laws;
All persons dealing with personal data shall be officially authorised and must undergo special periodical training;
Keytrack shall hold data protection and security audits by an expert institution;
6.1. Keytrack uses commercially reasonable physical, electronic, and procedural safeguards to protect your personal information against loss or unauthorised access, use, modification, or deletion. Among other things, Keytrack encrypts sensitive information in transit. Keytrack security is managed in compliant web services. However, no security program is fool proof, and thus we cannot guarantee the absolute security of your personal or other information. Moreover, we cannot guarantee the safety of your information when in the possession of other parties, such as the Third-Party Data Controller.
6.2. Software and network security:
The Company will hold regular vulnerability scans against our full infrastructure. We will also have external, independent, penetration tests conducted on a periodic basis.
All engineering and development operations staff will be regularly trained on system, application and network security.
Our IT and container infrastructure is continuously monitored and audited for change.
Networks connections are protected by firewalls and are monitored by cyber security solutions to detect intrusions, suspicious activity, and denial of service attacks.
All our computers, laptops and servers utilise full disk/volume encryption and are installed with antivirus/malware protection which is automatically updated to the latest version and signatures available.
All user information is encrypted using TLS 1.2 or greater in transit.
6.3. Keytrack will continuously work to increase it’s security measures and update this policy with subsequent changes to its security efforts.
7.1. Where a Data Protection breach occurs, or is suspected, it should be reported immediately to the Data Protection Officer or the CEO, Richard Galbraith in person or via email at [email protected] The report should include full and accurate details of the incident including who is reporting the incident and what classification of data is involved.