Domů » Nakládání s daty

Nakládání s daty

Data Handling Policy

Techtek s.r.o.

 

Data handling policy of Techtek s.r.o. includes measures to manage risk to the confidentiality, integrity, and availability of sensitive data in any form and represent a minimum standard for protection of this data. Controls required under applicable laws, regulations, or standards governing Personally Identifiable Information "PII" also apply. Everyone who creates, uses, processes, stores, transfers, administers, and/or destroys sensitive Data within Techtek s.r.o. is responsible and accountable for complying with these standards.

 

Definitions

  • Techtek website
    means an E-shop website owned and managed by Techtek s.r.o.
  • Application

refers to the Techtek s.r.o. software application which interfaces with the Amazon Marketplace APIs.

  • Customer

means any person or entity who has purchased items or services from Techtek s.r.o. or other External selling channel (Amazon, eBay,…) public-facing websites.

  • External selling channel (“ESC”)
    means a website or other system allowing placing orders to purchase products where Techtek s.r.o. participates as a seller (Amazon, Ebay, etc.)
  • Hold period

means maximum amount of time the data is being stored for immediate access after the order is dispatched and online confirmed to the customer.

  • Personally Identifiable Information (“PII”)

means information that can be used on its own or with other information to identify, contact, or locate an individual or to identify an individual in context. This includes, but is not limited to, a Customer name, address, e-mail address, phone number, gift message content, survey responses, payment details, purchases, cookies, digital fingerprint (browser, user device, etc), IP Address, geo-location, or Internet-connected device product identifier.

 

Data Purpose

All order and Customer data are collected with the purpose of allowing placing an order on a Techtek website; and allowing actions necessary for fulfilling an order either from Techtek website or from an external selling channel, including necessary accompanying items such as creating an invoice (where not provided by an ESC).

 

This does not include other data collected for operational purposes that are in no relation to information about individuals outside Techtek s.r.o. (e.g. currency rates).

 

Data Creation

 

Data Records within the Techtek s.r.o. are created through input from a Techtek website or via secure transfer from an ESC. These data records may be occasionally created or edited by the Seller with consent of the individual with purpose aligned with Data Purpose. Virtually all records include PII and are used to fulfill product orders for online Buyers.

 

It is essential that all records are created and maintained appropriately throughout their entire life cycle. Personally Identifiable Information (PII) contained in Techtek s.r.o.'s data records constitutes an area of critical concern because of the severe risk to Techtek s.r.o., its clients and connectivity partners should records be mishandled or information inappropriately accessed or disclosed. Consequently, records containing sensitive information & PII should exist only in areas where there is a legitimate and justifiable business need.

 

 

Access Management

 

The Techtek s.r.o. Application uses a unique ID assigned to each individual with computer access to Sensitive Information. Under no circumstances do we create or use generic, shared, or default login credentials or user accounts.

Each account has access only to sections and information necessary for them to perform their duties. We monthly reviews of accounts after any change in personnel and on a monthly basis, removing accounts that are no longer valid for access. We restrict employees from accessing or storing Sensitive data on personal devices through thorough security measures. We maintain and analyze a log of access and activity; responsible person is alerted in case of an anomaly is recorded.

 

 

Data Governance

 

Techtek s.r.o. keeps inventory of all software and physical assets with access to PII. This inventory is updated every 30 days. We keep records of all data processing activities, including but not limited to, specific data fields as well as how they are collected, processed, stored, used, shared, and disposed of as they apply to PII. This record is maintained for the purpose of establishing accountability and compliance with regulations. We follow our posted Privacy Policy as it applies to customer consent and data rights per all applicable data privacy regulations.

 

 

Network Protection

 

All Techtek s.r.o. Application servers and systems employ network separation and protection controls to prevent unauthorized access. Public access is restricted to approved users only.

 

 

Encryption and Storage

 

All PII is encrypted at rest using AES-256 industry standards. All cryptographic materials (encryption/decryption keys) and cryptographic capabilities used for encryption of PII at rest are only accessible to the Techtek s.r.o. system processes and services. We do not store PII in removable media (USB, Flash Drives, Etc.) or unsecured public cloud applications (Google Drive, Drop Box, Etc). No documents containing PII are ever printed on paper. 

 

Encryption in Transit

 

The Techtek s.r.o. Application encrypts all Sensitive Information in transit, when the data traverses a network, or is otherwise sent between hosts using HTTP over TLS (HTTPS). We enforce this security control on all applicable external endpoints used by customers as well as internal communication channels and during operational tooling. We do not use communication channels which do not provide encryption in transit even if unused.

 

 

Data Retention and Recovery

 

We retain PII only for the stated Data Purpose for no more than 30 days from order shipment. In the event that PII is lost, erased or unavailable for processing due to system crash or ransomware during the 30-day Hold Period, Techtek s.r.o. maintains a security backup copy of all PII.

This security backup copy is encrypted and meets all security requirements noted in this policy. All security backups are purged in an unrecoverable way at the end the 30-day Hold Period.

All PII data collected via Techtek website required by law for Tax purposes are stored as “cold” or offline (e.g., not available for immediate or interactive use) backup stored in a physically secure facility. All archived data on backup media are securely encrypted. 

All PII data collected from External selling channel (Amazon, eBay,…) required by law for Tax purpose are available also on the External selling channel website, so Techtek s.r.o. doesn’t need to retain archival copies of PII, therefore beyond the 30-day Hold Period, Techtek s.r.o. doesn’t not maintain backup media of any kind for PII. All security backups of data received from External selling channel (Amazon, eBay,…) are purged in an unrecoverable way at the end of the 30-day Hold Period.

 

 

Least Privilege Principle

 

Techtek s.r.o. employs fine-grained access control mechanisms when granting rights to any party using the Application, as well as the Application's operators, following the principle of least privilege. Application sections or features that PII are protected under a unique access role, and access is only granted on a "need-to-know" basis.

 

 

Pokračovat