The purpose of this page is to outline the measures that Relokia (the Vendor) takes to safeguard personal and other consumer data. Relokia considers data a primary asset and, as such, must be protected.
Scope of the Policy
This policy applies to all Relokia and customer data assets in any Relokia processing environment, on any media during any part of its life cycle. This policy covers the following entities or users:
- Full or part-time employees of Relokia who have access to Relokia or customer data.
Privacy By Design and By Default
Relokia considers data privacy at the onset of all projects, products, product development, and Services offered. It is never an afterthought. Relokia’s Data Protection Officer is involved in all issues, measures, and (software) designs related to security and has independent and direct access to all source code.
Safety Measures at Reloka
Relokia has installed numerous technical and organizational measures to ensure an appropriate (data) protection level. These measures include:
- Taking the circumstances and purposes of the processing into account, as well as the projected probability and severity of a possible infringement of the law as a result of security vulnerabilities.
- Enabling an immediate detection of relevant infringements events.
Technical measures are divided into various subsections, each of them separately discussed.
- All workstations (laptops & desktops) of employees are encrypted using disk encryption.
- Access to various web applications accessible by employees are using single-sign-on and two-factor authentication (Google Oauth) and require a Virtual Private Network (VPN) when working remotely.
- Administrator access to the Relokia Platform Management interface is only allowed by VPN.
Production environment security
- Logging into the servers is only possible by means of public/private key exchange; passwords are not used.
- The administration panel requires two-factor authentication.
- All security updates are automatically installed, and the server is always up-to-date.
- Strict firewall configuration from the public internet that only allows HTTP and HTTPS access on load balancers.
- Communications to and from the servers, as well as backups, are only performed via secured channels (SSL / HTTPS).
- SSH is only accessible by private VPN.There is active monitoring (gray log + alerts) and the banning of incorrect login attempts (fail2ban).
- All (virtual) servers are hosted externally.
All personal data is kept using a retention period. Backup data is stored in proprietary binary format (“pseudo encrypted”) and separated per client. Graylog required for system monitoring has a retention period of 30 days max.
Hosting & Infrastructure
Relokia hosts its complete infrastructure at Hetzner as of December 18, 2019. Our (virtual) servers & services and our data storage are located within the European Union (Germany). This includes our backup copies stored in Amazon Web Services S3 (AWS), Germany's designated location (Frankfurt).
Our hosting provider, Hetzner Online, takes special measures that provide the physical safety of the hardware.
For instance, data center parks are protected from fire and natural disasters. Only authorized personnel can access via electronic access control terminals with a transponder key or admission card. Data parks are under 24/7 surveillance and are equipped with diesel power generators for autonomous mode.
All data silos are installed and managed in our infrastructure, except for Amazon S3, located in Germany. Each data silo can only be accessed through our Virtual Private Network:
- Public network traffic uses Secure Socket Layer (SSL).
- Private network traffic is currently unencrypted; we use HTTPS termination on LB.
All our data processing is based on events, single small pieces of immutable data that encapsulate a unique event that occurred in the past. We use these events to construct data representations and data profiles, and since events are immutable, direct data transformation is not possible by default.
Other than correcting data belonging to a Data Subject, it is impossible to alter or correct data stored in our data silos, with the sole exclusion of Database Administrators.
We closely monitor data access and transformation. Audit logs of who accessed data are in place and stored for an unlimited period. We currently only monitor our centralized data access interfaces; native clients are not monitored.
Data-in-transit & Data-at-rest
Data-in-transit is defined by two categories: information that flows over the public or untrusted network such as the internet, and data that flows in the confines of a private network such as a corporate or enterprise Local Area Network (LAN). At Relokia, all data that flows through public networks is encrypted using SSL. Thus, our private networks are heavily protected and, thus, not accessible by the public, making it not necessary to be using SSL.
Data-at-rest is data that is not actively moving from device to device or network-to-network, such as data stored on a hard drive, laptop, flash drive, or archived/stored in some other way. Data protection at rest aims to secure inactive data stored on any device or network. While data-at-rest is sometimes considered less vulnerable than data in transit, attackers often find data at rest a more valuable target than data in motion. At Relokia, all hard disks (or desktops, laptops, and servers) use disk encryption by default.
Data access and authentication
Only authorized tech engineers at Relokia have access to the source code, can work on custom migrations, and solve support cases on demand of the support staff. Different engineers have different access rights depending on their job requirements. All engineers have their own credentials as well as some parts of the software can only be reached from specific IPs.
Relokia network security team protects your data against the most sophisticated electronic attacks. We use the best and proven practices of network security.
Relokia offers the following preventive measures:
- DDoS preventions;
- network posture assessment.
We have the following organizational measures in place concerning security:
- Centrally organized public key (key) registration for access to the servers; a key can be withdrawn within several minutes (during office hours Monday to Friday, 09.00 - 00:00 GMT+2).
- Code review is required for all software that communicates with the Database.
- Use of a development model for software that works with minor updates on each occasion to minimize the security impact of the updates.
- Only the employees who must maintain the Database server have access.
- Audit-logging of all attempts to login into the Database server.
- Employees cannot physically access the servers.
- All employees are obliged to maintain confidentiality (see Confidentiality).
- The backup system enables (disaster) recovery to be carried out within several hours (during office hours Monday to Friday, 09.00 - 00:00 GMT+2).
Regularly, we scan all systems to prevent any vulnerabilities. The software is constantly updated, so all connections to the previous version are limited, logged, and checked.
We comply with your confidentiality and guarantee that all your data is 100% secure before, during, and after the migration. We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure, or data destruction. These include internal reviews of our data collection, storage, and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where we store personal data.
All employees of Relokia have signed an explicit clause in their employment contract that enforces confidentiality during the employment contract as well as thereafter - regardless of the manner in which and the reasons for which the employment contract has ended - to refrain from making any statement to third parties, in any way, directly or indirectly, or in any form, about data of a confidential nature in connection with the business of Relokia and/or affiliated companies.
Relokia does not work with any subcontractors that provide services that relate directly to the provision of the principal services as described in this document. Concerning ancillary and auxiliary services provided by third parties (e.g., telecom, hosting), when possible, Relokia makes appropriate and legally binding contractual arrangements and takes appropriate inspection measures to ensure the data protection and the data security of the Client’s data, even when such services are outsourced.
Relokia offers an escrow service that guarantees the continuation of our services for at least six months. Our escrow services are provided by an alternative business entity, i.e., Relokia, which is part of the Relokia family.
Relokia has disaster recovery (DR) procedures, policies, and scripts defined and in place.
Segregation of Duty (SoD)
The basic concept underlying segregation of duties is that no employee or group should be in a position to perpetrate or conceal errors or fraud in the normal course of their duties. In general, the principal incompatible duties to be segregated are:
- Authorization or approval of related transactions affecting those assets
- Custody of asset
- Recording or reporting of related transactions
The importance of SoD arises from the consideration that giving a single individual complete control of a process or an asset can expose the organization to risk. Principally, several approaches are optionally viable as partially or entirely different paradigms:
- Sequential separation (two signatures principle)
- Individual separation (four-eyes principle)
- Spatial separation (separate action in separate locations)
- Factorial separation (several factors contribute to completion)
Increased protection from fraud and errors must be balanced with the increased cost/effort required. Relokia currently has installed the following:
- Audit trails are in place: server logging, data access logging, configuration changes, user auditing, etc. See technical measures.
- Our development methodology encapsulates code reviews and merge requests, both enforce the “four-eyes principle.”
- We have off-site backups stored outside our main data center to bypass force majeure at a single location.
The location of data
All data collected by Relokia is stored electronically in Germany on the Hetzer Online data center. Authorized entities of Relokia can only access the data. No outside sources are allowed to connect to the database.
Relokia scans its systems to prevent any vulnerabilities on a regular basis. The software and applications are constantly updated, so all connections to the previous version are limited, logged, and checked.
We absolutely comply with your confidentiality and guarantee that all your data is 100% secure at all times. We take appropriate security measures to protect against unauthorized access or unauthorized alteration, disclosure, or destruction of data.
These include internal reviews of our data collection, storage and processing practices, and security measures, as well as physical security measures to guard against unauthorized access to systems where we store personal data.
Certification & Compliance
The data centers of Relokia are compliant with ISO/IEC 27001:2013 since the hosting provider, Hetzner Online has achieved this certificate.
Relokia uses 2Checkout and PayPro to accept payments. Both providers are certified PCI Level 1 Service Providers, the most stringent level of certification available in the payments industry. You can verify this by checking 2checkout’s fraud protection policy and PayPro’s compliance page.
Relokia does not collect, store or process your payment data. As mentioned above, all payments are made via 2Checkout and PayPro.
How to report a security vulnerability?
If you believe you’ve found a security vulnerability, please contact us at contact [at] relokia [dot] com. Also, include the following information to help investigate the case:
- Description of the location and potential impact of the vulnerability;
- A detailed description of the steps required to reproduce the vulnerability (POC scripts, screenshots, and screen captures are all helpful to us).