GDPR
Tribeify and the General Data Protection Regulation
Our Commitment
Our Work
Personally Identifiable Information
Security and Compliance
Our information systems and infrastructure are hosted within Google Cloud services.
Security Policies
Our information security policies are regularly updated to ensure the privacy of our users’ database. The CTO and employees responsible for information security policies they need to develop to ensure data security.
Dedicated Security Personnel
Tribeify has a dedicated security team, which focuses on applications, networks, and system security. This team is also responsible for security compliance, education and incident response.
Access Control
Tribeify’s database can only be accessed via a Virtual Private Network or an SSH query, and requires multi-factor authentication. We have a strong password policy, which involves complexity, expiration, and lockout. Tribeify grants access to the information on as-needed basis and review the permission quarterly. After the termination of an employee, the system access is revoked within 24 hours.
Personnel
Tribeify conducts background screening at the time of hiring (to the extent permitted or facilitated by applicable laws and countries). In addition, Tribeify communicates its information security policies to all personnel, requires new employees to sign non-disclosure agreements, and provides ongoing privacy and security training.
Vulnerability Management and Penetration Tests
Tribeify has deployed a documented vulnerability management program, which includes periodic scans, remediation of security vulnerabilities on workstations, network equipment, servers, applications as well as identification. We use Google Cloud Services to scan all networks including test and production environments. The critical patches are fixed on priority and other patches are fixed as required. We regularly conduct internal and external penetration tests to ensure our system is void of any vulnerability.
Development
Our development team employs secure coding techniques and best practices, focused around the OWASP Top Ten. Developers are formally trained in secure web application development practices upon hire and annually. Development, testing, and production environments are separated. All changes are peer-reviewed and logged for performance, audit, and forensic purposes prior to deployment into the production environment.
Encryption
Tribeify encrypts data in transit using GFE is encrypted in transit with Transport Layer Security (TLS) or QUICcryptographic protocols.
Logging and Auditing
All the logs of applications and infrastructure systems are sent to a centrally managed log repository for analysis, security reviews and troubleshooting. In addition, it preserves the information as per the regulatory requirements. This information can be shared with customers in case a security incident occurs, which may, directly or indirectly, impact their data.
Asset Management
Tribeify incorporates an asset management policy, which includes identification, classification, retention, and disposal of information and assets. Devices and systems issues by Tribeify are equipped with best antivirus software and complete hard-disk encryption. The Company-issued devices will be used to access production networks and corporate data.
Information Security Aspects of Business Continuity Management
Tribeify adheres to the complete guidelines and policies to maintain the security incident response including investigation, remediation and public communication. These policies are checked after every six months.
GDPR Compliance
We ensure that all the services and resources we offer are compliant with GDPR requirements of any business associated with us. By engaging with MNP LLP., Tribeify continues to align and work towards GDPR compliance.
Complaints
Tribeify is subject to the General Data Protection Regulations and other privacy and security frameworks and regulations. Under those regulations, we are required to respond to data subject requests and concerns. To date, Tribeify has not received any relevant requests, concerns or complaints from data subjects, advocacy groups or regulators.
FAQs
What is GDPR?
Tribeify is subject to the General Data Protection Regulations and other privacy and security frameworks and regulations. Under those regulations, we are required to respond to data subject requests and concerns. To date, Tribeify has not received any relevant requests, concerns or complaints from data subjects, advocacy groups or regulators.
What is regulated by GDPR?
The GDPR will ensure that all businesses, irrespective of their physical presence within the EU, should adhere to the regulations forced by the laws when collecting, storing and transferring the data of EU individuals.
What is personal data?
Personal data, as explained by a GDPR, is a broad term, which covers any information relating to an identified or identifiable data subjects.
What is the difference between a data processor and a data controller?
A controller is defined as an entity that identifies the purpose, conditions, and means of the personal data protection process. A data processor, on the other hand, is a unit that is responsible for processing the personal data in support of the controller.
Does the GDPR require EU personal data to stay in the EU?
No, the GDPR doesn’t entail the personal data to remain within the EU, nor does it enforce any restrictions on data outside the EU. Data processing requirements by Tribeify and reference to the European Commission’s model clauses will persist to enable customers to legitimize the transmission of EU personal data outside the physical boundaries of the EU.
