The security of your personal data and non-personal data is important to UAB Syno International and its subsidiaries (hereinafter – “SynoInt”). In addition to our company policies, your personal data is protected by the EU General Data Protection Regulation (GDPR), the Republic of Lithuania Law on Legal Protection of Personal Data and other applicable international and local legal acts.
SynoInt is ensured that appropriate organizational and technical measures are implemented in order to protect personal and non-personal data from random or unlawful destruction, changing or disclosure as well as from any other kind of unlawful processing. By these measures are ensured such security level which would be appropriate for the type of data and the risk of processing.
Also, we appreciate your confidence in us and we are committed to protecting and managing your personal and non-personal data responsibly. We provide a list of main security measures publicly. Below is information about how we protect your data and information when services are provided.
Reliability of employees and access control
Before recruiting, the SynoInt investigates that candidates were not punished in the past for offenses of data protection, information security, confidential and commercial secrets.
All employees of the SynoInt are of impeccable reputation.
The main requirements of the employees are to ensure the quality, timeliness, transparency and objectivity of the provided services.
Employees’ access to personal and non-personal data is provided through a special system that is called “System access management”. Employees groups are granted different access rights. Access rights to personal data are reviewed on an ongoing basis.
Also, employees are educated about the information security, working with the software, to work with personal data. At least once in half a year, employees are provided special trainings on personal data protection and information security.
All employees’ actions with personal data are reviewed from time to time using the “log files” of the information systems and databases.
All employees strictly adhere to all applicable statutory requirements.
Furthermore, SynoInt communicates its information security policies to all personnel, requires new employees to sign non-disclosure and confidential agreements.
All the premises of the SynoInt provides the highest level of security.
The following security features are available on all premises of the SynoInt:
Servers and backups
All information and data are stored on servers and systems located in the European Union. We use third-party servers “Amazon”. All servers are licensed.
We have to inform, that “Amazon” represents, warrants and covenants to the SynoInt that according to “Amazon” policies, security is the highest their priority and they comply all applicable international laws and rules for personal and non-personal data protection and information security.
For data recovery we would use automatic database snapshots provided by “Amazon”. Recovery process is simple and easily testable. We have backups for all data from our customers, not just for critical systems.
SynoInt ensure that systems, applications, network components and other computing devices are protected from malicious activity by implementing the appropriate controls such as anti-virus, firewalls, and intrusion prevention systems.
All data is stored in the Virtual Private Cloud (VPC) in “Amazon”. All data in the databases is encrypted. Access to this data is only available via secure VPN connection or via encrypted connection using our web applications.
All computers in the office are setup to automatically receive updates. Updates for servers are provided by “Amazon”. Minor updates are applied automatically, major updates are applied during planned maintenance windows in a rolling update fashion, avoiding downtimes. Latest security patches are applied to all operating systems, applications, and network infrastructure to mitigate exposure to vulnerabilities.
Penetration Testing: sometimes we plan to use external organizations perform penetration tests.
Software development practices
Our development team employs secure coding techniques and best practices.
Development, testing, and production environments are separated.
All changes are peer reviewed and logged for performance, audit, and forensic purposes prior to deployment into the production environment.
Furthermore, SynoInt developers work with PHP, Symfony, MySQL, etc. also the latest compiler toolset, use manual code review, minimize unsafe function use, eliminate weak cryptography, etc.
SynoInt ensures passwords protection. The main requirements and SynoInt position is:
SynoInt can not disclose the received personal data to third parties except in cases provisioned by the law.
For a variety of data processing operations, SynoInt can use data processors` services. All processors must comply the highest security requirements. All processors are verified and the SynoInt has the right to audit data processors how they implements and keeps requirements of personal data and information security.
Handling of security breaches
The SynoInt is responsible for the confidentiality and security from the moment the personal data is received. Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot always guarantee absolute security. However, in case a threat has been determined or justifiable suspicions arise the SynoInt informs You about such event. Our breach notification procedures are consistent with our obligations under various state and federal laws and regulation, as well as any industry rules or standards that we adhere to.
The SynoInt reserves the right to inform and notify law enforcement authorities about security breaches.
You should note that SynoInt did not have any security breach.
The SynoInt has developed all security and privacy documentation. The main documents are prepared:
Your responsibilities and your rights by this policy
Keeping your data secure also requires that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems.
Also if you are interested in a deeper discussion about our Security Policy or should you have any queries regarding the above policy, please email us at email@example.com or write to UAB Syno International (for data protection) Vilniaus street 35, Vilnius, 01119, Lithuania.
LST ISO/IEC 27001:2013
The ISO 27001 standard is an international standard defining the requirements for an information security management system to enable an organization to assess risks and put in place appropriate controls to protect the confidentiality, integrity and availability of information. Compliance with the requirements of this standard confirms that the information security management system of the institution and the institution itself can be trusted by ensuring information security.
SynoInt pays special attention to the security of information processed by SynoInt and our clients.
Information security includes three main aspects:
The main purpose of information security is to ensure the proper and effective management of information security and to prevent disruption of operations due to the confidentiality, integrity and availability of information violations. Other information security objectives are determined during the evaluation of the management of SynoInt.
All SynoInt employees participate in the process of ensuring information security. SynoInt employees who are responsible for information protection, they are constantly monitored for the information to be managed in accordance with the law the requirements of the acts.
In order to ensure the confidentiality, integrity and availability of information processed by the SynoInt, SynoInt is in process creating information security management system.
SynoInt intends to open information security management system in 2018 second part and to start certifying according to ISO 27001 until at the end of 2018.
LST EN ISO 9001:2015
ISO 9001 standard helps organizations adapt to changing environments. It improves the ability of organizations to meet their customers’ expectations, focus on growth and ensure sustainable success. Also, in this ISO 9001 specifies requirements for quality management systems.
Due to the fact that technology promotes greater expectations of customers and businesses, SynoInt is currently doing its preparatory work to ensure the highest quality of services provided. For this reason, SynoInt starts to create / implement Quality Management System and a plan of Risk Management related with Quality Management.
Currently monitoring of the SynoInt’s services is underway. Data analysis, non-compliance management procedure, risk assessment, improvement of services is also carried out.
SynoInt intends to create SynoInt`s quality management system according to ISO 9001 until at the end of 2018 and expects to start certifying until at the middle of 2019.
ISO compliances changes
Any changes to this ISO compliances will be posted on this website and take effect immediately. This ISO compliances is also used by the following sites:
Note: The main and updated version of these ISO compliances are posted on www.synoint.com.
If you are interested in a deeper discussion about ISO compliances or should you have any queries regarding the above this document, please email us at firstname.lastname@example.org or write to UAB Syno International (for data protection) Vilniaus street 35, Vilnius, 01119, Lithuania.
Any changes to this Security Policy will be posted on this website and take effect immediately.
The main and always updated version of this Security Policy is posted on www.synoint.com.
This Policy were last updated on the April 16th, 2018.
This Security Policy is governed by the law of the Republic of Lithuania.
Any dispute, controversy, disagreement or claim arising out of or in connection with the Security Policy, as well as issues of the violation, termination or validity / invalidity hereof shall be settled by mutual negotiations.