Security at SysAlly
SysAlly takes the security of your data very seriously. We respect data privacy and strive to
protect it by ensuring a safe and secure atmosphere for all our clients.
The European Union has passed the General Data Protection Regulation (GDPR) in 2016. It will be
enforced from May 25, 2018, and will replace the 1995 EU Data Protection Directive (Directive
95/46/EC). The norms of GDPR aims to unify and strengthen the security and protection of personal
data all over the EU.
SysAlly supports the GDPR and ensures all our services comply with the new norms by May 25, 2018.
We would like to share the measures implemented at
SysAlly
to get GDPR ready.
Roles and Scope of Processing Data
As between SysAlly and the Customer, the customer is the Data Controller of his/her data, and
SysAlly is its processor. While processing, SysAlly shall process data according to the customer’s
direction by following data protection policies as directed by GDPR. To manage and audit the
processed data, we have administered a Data Protection Officer (DPO).
Data Protection Policy
Being a server management company, we always have root server access. It helps us to detect, resolve
and mitigate any errors or bugs at the server level. Since root server access by default gives
access to unencrypted data stored in the server, we have taken the best efforts from our side not to
access, store, modify, delete or transmit any sensitive data whatsoever to any third party directly
or indirectly in any way.
At SysAlly, we pledge to follow a very transparent and secure data protection policy, where we
strive every day to safeguard the sensitive information located on the servers we work on at any
cost.
To ensure maximum network security, we have set up an SSH/RDP jumbox to access all servers from our
VPN/Private Network. That means, the server access is limited to a single jumbox server and this
will prevent any unauthorized access from unknown sources.
Data Access Control Policies
Log in when an incident occurs
The technical support team logs in to the server when an incident occurs. An incident alert can be
received through - support tickets, client chats or emails. Upon server incident alerts, our
engineers check the reported incident for implementing appropriate resolutions.
Since logging in happens only in situations like these, this limits any unnecessary and unauthorized
access to your servers, thus increasing the overall security of your data. Incidents can arise
anytime, our support team always monitors the server round-the-clock for any mishaps.
All our activities are logged in the process of incident resolution. A detailed report explaining
the incident and the implemented resolution will be provided for future reference.
Role-based information access
We follow a role-based information access policy, where our employees handle the data according to
the job roles they are assigned to. That is, the information that can be accessed by technical
support and the billing area will contain only the bare minimum amount of data required to do the
job.
Data Processing and Storage
All data from customers in European Union are stored at EU data centers itself, and processed
through locations - US, UK, and India. After receiving sole consent from the customers, SysAlly
handles all data in total compliance with GDPR.
Data Minimization
We follow the practice of Data Minimization where only the relevant personal information necessary
to accomplish a specific task is collected. Data minimization is one of the key points in GDPR, and
it limits the storage of any unnecessary personal information without relevant cause and consent.
We store the basic client credentials (email id and name) and credit card, paypal and any other type
of supported payment methods used in our billing details in our encrypted customer portal.
Account Deletion Policy
Every client has the power to exercise “right to forget” as given by GDPR, by making request to
delete personal data after the term with an enterprise or company expires.
At SysAlly, we comply with the rules laid out by GDPR and, once a customer leaves our services, the
mail ID and corresponding details are automatically deleted from our system.
Confidentiality of Processing
At SysAlly, any authorized person administered to process data of our clients shall be under the
obligation of confidentiality as prescribed by law.
If you would like to contact our Data Protection Officer please click here​ . If you
have any questions or need further clarifications regarding our policy, feel free to
get in touch with us.