Security at SysAlly
SysAlly takes the security of your data very seriously. We respect data privacy and strive to protect it by ensuring a safe and secure atmosphere for all our clients.
The European Union has passed the General Data Protection Regulation (GDPR) in 2016. It will be enforced from May 25, 2018, and will replace the 1995 EU Data Protection Directive (Directive 95/46/EC). The norms of GDPR aims to unify and strengthen the security and protection of personal data all over the EU.
SysAlly supports the GDPR and ensures all our services comply with the new norms by May 25, 2018.
We would like to share the measures implemented at SysAlly to get GDPR ready.
Roles and Scope of Processing Data
As between SysAlly and the Customer, the customer is the Data Controller of his/her
data, and SysAlly is its processor. While processing, SysAlly shall process data according to the customer’s direction by
following data protection policies as directed by GDPR. To manage and audit the
processed data, we have administered a Data Protection Officer (DPO).
Data Protection Policy
Being a server management company, we always have root server access. It helps us to detect, resolve and mitigate any errors or bugs at the server level. Since root server access by default gives access to unencrypted data stored in the server, we have taken the best efforts from our side not to access, store, modify, delete or transmit any sensitive data whatsoever to any third party directly or indirectly in any way.
At SysAlly, we pledge to follow a very transparent and secure data protection policy, where we strive every day to safeguard the sensitive information located on the servers we work on at any cost.
To ensure maximum network security, we have set up an SSH/RDP jumbox to access all servers from our VPN/Private Network. That means, the server access is limited to a single jumbox server and this will prevent any unauthorized access from unknown sources.
Data Access Control Policies
Log in when an incident occurs
The technical support team logs in to the server when an incident occurs. An incident alert can be received through - support tickets, client chats or emails. Upon server incident alerts, our engineers check the reported incident for implementing appropriate resolutions.
Since logging in happens only in situations like these, this limits any unnecessary and unauthorized access to your servers, thus increasing the overall security of your data. Incidents can arise anytime, our support team always monitors the server round-the-clock for any mishaps.
All our activities are logged in the process of incident resolution. A detailed report explaining the incident and the implemented resolution will be provided for future reference.
Role-based information access
We follow a role-based information access policy, where our employees handle the data according to the job roles they are assigned to. That is, the information that can be accessed by technical support and the billing area will contain only the bare minimum amount of data required to do the job.
Data Processing and Storage
All data from customers in European Union are stored at EU data centers itself, and processed through locations - US, UK, and India. After receiving sole consent from the customers, SysAlly handles all data in total compliance with GDPR.
We follow the practice of Data Minimization where only the relevant personal information necessary to accomplish a specific task is collected. Data minimization is one of the key points in GDPR, and it limits the storage of any unnecessary personal information without relevant cause and consent.
We store the basic client credentials (email id and name) and credit card, paypal and any other type of supported payment methods used in our billing details in our encrypted customer portal.
Account Deletion Policy
Every client has the power to exercise “right to forget” as given by GDPR, by making request to delete personal data after the term with an enterprise or company expires.
At SysAlly, we comply with the rules laid out by GDPR and, once a customer leaves our services, the mail ID and corresponding details are automatically deleted from our system.
Confidentiality of Processing
At SysAlly, any authorized person administered to process data of our clients shall be
under the obligation of confidentiality as prescribed by law.
If you would like to contact our Data Protection Officer please click here . If you
have any questions or need further clarifications regarding our policy, feel free to
get in touch with us.