This page aims to outline the measures that Relokia (the Vendor) takes to safeguard personal and other customer data. Relokia considers data a primary asset and, as such, must be protected.
Scope of the Policy
This policy applies to all Relokia and customer data assets in any Relokia processing environment, on any media during any part of its life cycle. This policy covers the following entities or users:
- Full or part-time employees of Relokia who have access to Relokia or customer data.
Privacy By Design and By Default
Relokia considers data privacy at the onset of all projects, products, product development, and Services offered. It is never an afterthought. Relokia’s Data Protection Officer is involved in all issues, measures, and (software) designs related to security and has independent and direct access to all source code.
Safety Measures at Relokia
Relokia has installed numerous technical and organizational measures to ensure an appropriate (data) protection level. These measures include:
- The circumstances and purposes of the processing into account, and the projected probability and severity of a possible infringement of the law as a result of security vulnerabilities.
- Immediate detection of relevant infringements events.
Technical measures are divided into various subsections, each of them separately discussed.
- Employees' workstations (laptops & desktops) are encrypted using disk encryption.
- Employees access various web applications only using single-sign-on (SSO) and two-factor authentication (i.e., Google Oauth) and require a Virtual Private Network (VPN) when working remotely.
- Administrator access to the Relokia Platform Management interface is allowed only by VPN.
Production environment security
- Logging into the servers is only possible using public/private key exchange; passwords are not used.
- The administration panel requires two-factor authentication.
- All security updates are automatically installed, and the server is always up-to-date.
- Strict firewall configuration from the public internet that only allows HTTP and HTTPS access on load balancers.
- Communications to and from the servers and backups are only performed via secure channels (SSL / HTTPS).
- SSH is only accessible by private VPN. There is active monitoring (gray log + alerts) and banning incorrect login attempts (fail2ban).
- All (virtual) servers are hosted externally.
All personal data is kept using a retention period. Backup data is stored in proprietary binary format (“pseudo encrypted”) and separated per client. Graylog required for system monitoring has a retention period of 30 days max.
Hosting & Infrastructure
Relokia hosts its complete infrastructure at AWS. All our (virtual) servers & services and data storage are located within the European Union (Germany). This includes our backup copies stored in Amazon Web Services S3 (AWS), whose designated location is Germany (Frankfurt).
For instance, data center parks are protected from fire and natural disasters. Only authorized personnel can access via electronic access control terminals with a transponder key or admission card. Data parks are under 24/7 surveillance and are equipped with diesel power generators for autonomous mode.
All data silos are installed and managed in our infrastructure, except for Amazon S3, located in Germany. Each data silo can only be accessed through our Virtual Private Network:
- Public network traffic uses Secure Socket Layer (SSL).
- Private network traffic is currently unencrypted; we use HTTPS termination on LB.
All our data processing is based on events, single small pieces of immutable data that encapsulate a unique event that occurred in the past. We use these events to construct data representations and profiles, and since events are immutable, direct data transformation is not possible by default.
Other than correcting data belonging to a Data Subject, it is impossible to alter or correct data stored in our data silos, with the sole exclusion of Database Administrators.
We closely monitor data access and transformation. Audit logs of who accessed data are in place and stored for an unlimited period. We currently only monitor our centralized data access interfaces; native clients are not monitored.
Data-in-transit & Data-at-rest
Data-in-transit is defined by two categories: information that flows over the public or untrusted network, such as the internet, and data that flows in the confines of a private network, such as a corporate or enterprise Local Area Network (LAN). At Relokia, all data that flows through public networks is encrypted using SSL. Thus, our private networks are heavily protected and, thus, not accessible by the public, making it unnecessary to use SSL.
Data-at-rest is data that is not actively moving from device to device or network-to-network, such as data stored on a hard drive, laptop, or flash drive, or archived/stored in some other way. Data protection at rest aims to secure inactive data stored on any device or network. While data-at-rest is sometimes considered less vulnerable than data in transit, attackers often find data at rest a more valuable target than data in motion. At Relokia, all hard disks (or desktops, laptops, and servers) use disk encryption by default.
Data access and authentication
Only authorized tech engineers at Relokia have access to the source code, can work on custom migrations, and solve support cases on demand of the support staff. Different engineers have different access rights depending on their job requirements. All engineers have credentials, and some software parts can only be reached from specific IPs.
Relokia network security team protects your data against the most sophisticated electronic attacks. We use the best and proven practices of network security.
Relokia offers the following preventive measures:
- DDoS preventions;
- network posture assessment.
We have the following organizational measures in place concerning security:
- Centrally organized public key (key) registration for access to the servers; a key can be withdrawn within several minutes (during office hours Monday to Friday, 09.00 - 00:00 GMT+2).
- Code review is required for all software that communicates with the Database.
- Use a development model for software that works with minor updates on each occasion to minimize the security impact of the updates.
- Only the employees who must maintain the Database server have access.
- Audit-logging of all attempts to login into the Database server.
- Employees cannot physically access the servers.
- All employees are obliged to maintain confidentiality (see Confidentiality).
- The backup system enables (disaster) recovery to be carried out within several hours (during office hours Monday to Friday, 09.00 - 00:00 GMT+2).
Regularly, we scan all systems to prevent any vulnerabilities. The software is constantly updated, so all connections to the previous version are limited, logged, and checked.
We comply with your confidentiality and guarantee that all your data is 100% secure before, during, and after the migration. We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure, or data destruction. These include internal reviews of our data collection, storage, processing practices, and security measures, and physical security measures to guard against unauthorized access to systems where we store personal data.
All employees of Relokia have signed an explicit clause in their employment contract that enforces confidentiality during the employment contract and thereafter - regardless of how and the reasons for which the employment contract has ended - to refrain from making any statement to third parties, in any way, directly or indirectly, or in any form, about data of a confidential nature in connection with the business of Relokia and/or affiliated companies.
Relokia does not work with any subcontractors that provide services that relate directly to the provision of the principal services as described in this document. Concerning ancillary and auxiliary services provided by third parties (e.g., telecom, hosting) when possible, Relokia makes appropriate and legally binding contractual arrangements and takes appropriate inspection measures to ensure the client's data protection and data security, even when such services are outsourced.
Relokia offers an escrow service that guarantees the continuation of our services for at least six months. Our escrow services are provided by an alternative business entity, i.e., Relokia, which is part of the Relokia family.
Relokia has disaster recovery (DR) procedures, policies, and scripts defined and in place.
Segregation of Duty (SoD)
The basic concept underlying the segregation of duties is that no employee or group should be able to perpetuate or conceal errors or fraud in the ordinary course of their duties. In general, the principal incompatible duties to be segregated are:
- Authorization or approval of related transactions affecting those assets
- Custody of asset
- Recording or reporting of related transactions
The importance of SoD arises from the consideration that giving a single individual complete control of a process or an asset can expose the organization to risk. Principally, several approaches are optionally viable as partially or entirely different paradigms:
- Sequential separation (two signatures principle)
- Individual separation (four-eyes principle)
- Spatial separation (separate action in separate locations)
- Factorial separation (several factors contribute to completion)
Increased protection from fraud and errors must be balanced with the increased cost/effort required. Relokia currently has installed the following:
- Audit trails are in place: server logging, data access logging, configuration changes, user auditing, etc. See technical measures.
- Our development methodology encapsulates code reviews and merges requests; both enforce the “four-eyes principle.”
- We have off-site backups stored outside our main data center to bypass force majeure at a single location.
The location of the data
All data collected by Relokia is stored electronically in Germany at the AWS data center. Authorized entities of Relokia can only access the data. No outside sources are allowed to connect to the database.
Relokia scans its systems to prevent any vulnerabilities regularly. The software and applications are constantly updated, so all connections to the previous version are limited, logged, and checked.
We comply with your confidentiality and guarantee that all your data is 100% secure at all times. We take appropriate security measures to protect against unauthorized access or unauthorized alteration, disclosure, or destruction of data.
These include internal reviews of our data collection, storage, and processing practices, security measures, and physical security measures to guard against unauthorized access to systems where we store personal data.
Certification & Compliance
The data centers of Relokia are compliant with ISO/IEC 27001:2013 since the hosting provider, AWS.
Relokia uses PayPro Global to accept payments. PayPro Global is a certified PCI Level 1 Service Provider, the most stringent level of certification available in the payment industry. You can verify this by checking PayPro’s compliance page.
Relokia does not collect, store, or process your payment data.
How to report a security vulnerability?
If you believe you’ve found a security vulnerability, don't hesitate to get in touch with us at contact [at] relokia [dot] com. Also, include the following information to help investigate the case:
- Description of the location and potential impact of the vulnerability;
- A detailed description of the steps required to reproduce the vulnerability (POC scripts, screenshots, and screen captures are all helpful to us.)