/
1. Purpose
This policy defines the Tradoly approach to ensuring the security and integrity of its systems, users, and data in compliance with GDPR Article 32.
2. Security Controls
- Encryption: All sensitive data transmitted via HTTPS/TLS.
- Authentication: Multi-factor login and session timeouts.
- Access Control: Role-based access limited to authorized personnel.
- Network Security: Firewalls, intrusion detection, and DDoS protection.
- Backup & Recovery: Regular encrypted backups and business continuity plan.
- Patch Management: Regular updates and vulnerability fixes.
3. Monitoring and Audits
Tradoly performs continuous monitoring, periodic penetration testing, and external audits to maintain compliance with security standards.
4. Incident Response
Any data breach will be:
- Logged and investigated immediately.
- Reported to the AEPD within 72 hours if it poses a risk to users.
- Communicated to affected individuals without undue delay.
5. User Responsibilities
Users must:
- Maintain confidentiality of login credentials.
- Use strong passwords.
- Notify Tradoly immediately of unauthorized access.
6. Continuous Improvement
Tradoly continuously improves its security framework by adopting industry best practices such as ISO 27001 principles and periodic internal reviews.