Data Protection Policy

Version no. 1.0 / Last Date of modification March 2020

When using our services, customers are entrusting their data, including information about other individuals (i.e., personal data), into our care and it is one of our core duties to each Workspace Owner to ensure that appropriate measures are in place on our side for the protection of the personal data that are processed via his Workspace (“Relevant Data”). This Data Protection Policy (“Policy”) describes some of those measures, completing the Privacy Policy of KimboCare. All capitalised terms used in this Policy and not otherwise defined herein have the meanings ascribed to them in our Terms of Use.

 

1 Confidentiality

1.1

We place strict controls over our employees’ access to Relevant Data and are committed to ensuring that these data are not seen by anyone who should not have access to them.

1.2

The operation of the Service requires that some of our employees have access to the systems we use for processing Relevant Data (e.g., in order to diagnose a problem you are having with the Service, we may need to access your Workspace, including its Relevant Data). These employees are prohibited from using their access permissions to view Relevant Data unless it is necessary to do so.

1.3

We have technical controls and policies in place to ensure that any access to a Workspace is logged. All of our employees and contract personnel are bound to our policies regarding Relevant Data and the security of these data is a matter of great importance to us. We have technical controls and policies in place to ensure that any access to a Workspace is logged. All of our employees and contract personnel are bound to our policies regarding Relevant Data and the security of these data is a matter of great importance to us.

2. Service Infrastructure

2.1

The Service is hosted in data centers operated by industry-leading service providers who offer state-of-the-art physical and other protection for the cloud infrastructure underlying our Service user environment. These cloud providers are responsible for restricting access to the above infrastructure to authorized personnel only.

2.2

Each customer’s data are hosted in the public cloud resources allocated to us and segregated logically by the Service application. We use a combination of storage technologies to ensure that Relevant Data are protected from hardware failures and return quickly when requested.

3. Network Security

3.1

Network access to our production environment from open, public networks is restricted. Only a small number of production servers are accessible from the internet. Only those network protocols essential for delivering the Service to its users are open at our perimeter. 3.2 We employ the state of the art mitigations against distributed denial of service (DDoS) attacks at our network perimeter.

4. Availability

4.1

We understand that you rely on the Service to work, and are committed to making it highly-available so that you could count on it. The Service runs on systems that are “fault tolerant”, for failures of individual servers as well as entire data centers. Our operations team tests disaster-recovery measures regularly and staffs an around-the-clock on-call team to quickly resolve unexpected incidents.

5. Security Practice in Product Development

5.1

The secure practices are embedded into the whole product development cycle.

6. Access To The Services

6.1

The Service, howsoever accessed, requires all users to authenticate, and users are granted unique identifiers for that purpose.

7. Changes To This Policy

7.1

We may revise this Policy from time to time to reflect changes to the Service, applicable laws, regulations or standards or other changes that may occur in our business. We shall post the revised Policy (or, as the case may be, our new data protection policy) on the same webpage where we published this Policy or on such other webpage as we then may habitually use for publishing materials such as the Policy. We may also use the Service, email or other means for notifying customers of such policy changes. The revised Policy (or, as applicable, the new one) will be effective when posted as described unless the document itself specifies a later time for its entry into force.