Last Updated: 20th of October 2022
The Data Controller's and Processor's privacy policies (including any relevant security policies) address the security of personal data.
The internal organization is appropriately designed to meet the specific requirements of data protection.
- Policies and procedures are in place and are checked regularly.
- Risks are evaluated and documented.
- Information is classified according to a policy.
- Appropriate measurements for the performance and effectiveness of security management are in place.
The change management process includes a data protection impact analysis and information security risk evaluation.
Personal data may only be utilized for process or system development activities and the testing associated therewith if they have been anonymized prior to their utilization or otherwise protected.
Measures prevent data processing systems from being used by unauthorized persons.
- Passwords are managed with a password manager.
- A password policy is in place and enforced through the password manager.
- Two-factor authentication is enforced where required by our policy.
Logical access to personal data is restricted.
Measures ensure that persons authorized to use the data processing systems may only access data for which they are authorized.
- Access is granted based upon the need-to-know principie (Principie of Least Privilege).
- Access is granted/revoked upon request. Revocation may also happen automatically after a set timeframe, or manually after a review was conducted.
- We have an authorization request process in place, with documentation of the user that needs access, the system, the requested permissions, the requester and the authorizer.
- As part of the HR on boarding process and HR off boarding process, access rights will be granted/revoked as well.
- We conduct regular reviews of logical access on all our systems, depending on the classification of information and document those reviews.
A secure development policy is in place to make sure insecure code is not introduced, existing code and third party libraries are regularly checked for vulnerabilities.
- Development needs to adhere to our secure development policy.
- All application code is peer reviewed.
- Used libraries are regularly scanned for known vulnerabilities.
There are measures in place to ensure that it can be verified what personal data has been entered into data processing systems, by whom and when.
The data subject has the possibility to obtain information on the processing of his/her personal data, to have such data corrected and deleted.
There are measures in place to prevent unauthorized reading, copying, modification or deletion of personal data during the transmission or transport of storage media.
- Third parties that process personal data have appropriate security controls in place.
- Unencrypted email attachments do not include confidential or sensitive information.
- Employees are regularly trained on preventing security incidents but also on how to react to such incidents, including the possible need to quickly report incidents to authorities and inform users.
- Employees are encouraged to report incidents.
If you have any further policy about this Technical and Organizational Measures, please contact us at:
Podder Audio Advertising S.L.
Calle Ribera, numero 1, entresuelo 1
46002 Valencia, Spain