Data protection is a key element of Moyyn. Protecting customers and clients data and earning their trust is pivotal to us. We have implemented and strive to develop technical and organizational measures to ensure secure processing of information at all stages.
Data protection is an integral element of our product and strategy. We keep data privacy and security as one of the core elements of our product design. We also defined a process for feeding legal requirements into the product development process on an ongoing basis and reviewing the application accordingly.
Our employees are bound to data secrecy and data protection in general and are made aware of the consequences of any breach. We also provide awareness regarding the handling of personal details, as well as data protection, on a regular basis. These awareness includes new legislation such as the European General Data Protection Regulation (EU GDPR).
We strive for continued improvement of the processes and structures ensuring data protection and information security like appointing a data protection officer and training staff on a regular basis.
In the unlikely event of a data breach, if personal data of a customer is affected and the breach is likely to entail a risk to the rights and the freedom of the customer’s staff, we will immediately notify the customer concerned, so as to enable them to fulfill their legal obligation to inform the regulatory authority and the individuals concerned.
We have appointed an internal team member, Aravinth Palaniswamy as Data Protection Officer. For further ifnormation on data privacy, please contact firstname.lastname@example.org
We generally assume that we are compliant with the essential requirements of the EU GDPR already today. This includes, in addition to the stipulations of art. 25 of EU GDPR re data protection by design and by default, supporting the customer in respecting the rights of data subjects such as the right to obtain erasure of personal details as well as the rights of access and data portability (chapter 3 of EU GDPR). Users can send a request to email@example.com to delete or modiufy their data and also stop processing their data further.
Any personal data that the application transmits to a client or other platforms are encrypted using Transport Layer Security (TLS), specifically HTTPS. This requires for a secure connection to be established between the two communicating partners (client and server) before any data can be transmitted.
We use Digital Ocean – Frankfurt data centre for hosting our services. DigitalOcean is certified in the international standard ISO/IEC 27001:2013. More info: https://www.digitalocean.com/legal/gdpr/
At Moyyn, only relevant teams have access to user data, for example, Product, Customer success and sales, Technology teams. This will be necessary to assist with the initial creation of an account as well as the processing of service enquiries. Access rights are granted on a need-to-know basis and documented. In addition, access to customers’ systems is logged. As a general rule, neither staff at the data centers nor at Digital Ocean employees have access to your data.
We run security and vulnerability checks regularly to check for unauthorized access. Also, in the client side, we log their activities to verify unauthorized access.
Access is granted purely via personalized user accounts, each of which is clearly assigned to an individual.
Access rights are generally designed to fulfill the requirements of art. 24 of EU GDPR regarding data protection by default. This means that all candidates with newly created user accounts have by default no rights beyond editing their own profile. The clients can view candidates profile in order to select them for interviews, but they have no access to edit any canddiates data.
We ensure continous availability of the system by enabling backups at regular intervals. In the unlikely event of a total failure of the system, the redundant structure of the data centers (productive and backup data) ensures that your data is not lost. In this case, we will ensure fastest-possible recovery in accordance with our disaster recovery concept.
Upon termination of the business relationship, individuals authorized accordingly by the customer can request delivery of the data in a machine-readable format. 30 days after termination of the agreement, the data shall then be irrecoverably deleted. In the unlikely event of Moyyn going out of business, this procedure remains on principle unchanged, as the customer is the owner of the data and Moyyn is merely an order processor and can/ will thus not dispose of the personal data in any other way.