Security Measures

This document constitutes part of the Agreement / Contract HUB enters into with Clients.

Full details of the data protection and privacy policies governing this Agreement can be accessed through our Privacy and Legal Centre.

Visit Privacy and Legal Centre

Security Measures

As part of HUB’s security measures, the following security elements are implemented:

Access Control of Processing Areas

HUB implements suitable measures in order to prevent unauthorized persons from gaining access to the data processing equipment (namely telephones, database and application servers and related hardware) where the personal data are processed or used, including:
  • establishing security areas;
  • protection and restriction of access paths;
  • establishing access authorizations for employees and third parties, including the respective documentation;
  • all access to the data servers where personal data are hosted is logged, monitored, and tracked.

Access Control to Data Processing Systems

HUB implements suitable measures to prevent their data processing systems from being used by unauthorized persons, including:

  • use of adequate encryption technologies;
  • identification of the terminal and/or the terminal user to HUB and HUBs processing systems;
  • automatic temporary lock-out of user terminal if left idle, identification and password required to reopen;
  • automatic temporary lock-out of the user ID when several erroneous passwords are entered, logfile of events, monitoring of break -in-attempts (alerts);
  • and all access to data content is logged, monitored, and tracked.
 
 

Access Control to Use Specific Areas of Data Processing Systems

HUB commits that the persons entitled to use their data processing system are only able to access the data within the scope and to the extent covered by their respective access permission (authorization) and that personal data cannot be read, copied or modified or removed without authorization.

This is accomplished by various measures including:

 
  • employee policies and training in respect of each employee’s access rights to the personal data;
  • allocation of individual terminals and /or terminal user, and identification characteristics exclusive to specific functions;
  • monitoring capability in respect of individuals who delete, add or modify the personal data;
  • release of data only to authorized persons, including allocation of differentiated access rights and roles;
  • use of adequate encryption technologies;
  • and control of files, controlled and documented destruction of data.

Availability Control 

HUB implements suitable measures to ensure that personal data are protected from accidental destruction or loss, including:

  • infrastructure redundancy;
  • and backup is stored at an alternative site and available for restore in case of failure of the primary system.

Transmission Control 

HUB implements suitable measures to prevent the personal data from being read, copied, altered or deleted by unauthorized parties during the transmission thereof or during the transport of the data media.

This is accomplished by various measures including:
 
  • use of adequate firewall, VPN and encryption technologies to protect the gateways and pipelines through which the data travels;
  • certain highly confidential employee data (e.g., personally identifiable information such as National insurance numbers, credit or debit card numbers) is also encrypt ed within the system;
  • and providing user alert upon incomplete transfer of data (end to end check); and as far as possible, all data transmissions are logged, monitored and tracked.

Input Control

HUB implements suitable input control measures, including:
 
  • an authorization policy for the input, reading, alteration and deletion of data;
  • authentication of the authorized personnel;
  • protective measures for the data input into memory, as well as for the reading, alteration and deletion of stored data;
  • utilization of unique authentication credentials or codes (passwords);
  • providing that entries to data processing facilities (the rooms housing the computer hardware and related equipment) are kept locked;
  • automatic log-off of user ID’s that have not been used for a substantial period of time;
  • and proof established within HUB of the input authorization;
  • and electronic recording of entries.
 

Separation of Processing for different Purposes

HUB implements suitable measures to ensure that data collected for different purposes can be processed separately, including:

 
  • access to data is separated through application security for the appropriate users;
  • modules within the database separate which data is used for which purpose,
  • i.e. by functionality and function;
  • at the database level, data is stored in different normalized tables, separated per module, per Controller Client or function they support;
  • and interfaces, batch processes and reports are designed for only specific purposes and functions, so data collected for specific purposes is processed separately.

Documentation

HUB will keep documentation of technical and organizational measures in case of audits and for the conservation of evidence.  HUB shall take reasonable steps to ensure that persons employed by it, and other persons at the place of work concerned, are aware of and comply with technical and organizational measures.

Monitoring

HUB shall implement suitable measures to monitor access restrictions to data importer/sub-processor’s system administrators and to ensure that they act in accordance with instructions received. This is accomplished by various measures including:

  • individual appointment of system administrators;
  • adoption of suitable measures to register system administrators’ access logs to the infrastructure and keep them secure, accurate and unmodified for at least six months;
  • yearly audits of system administrators’ activity to assess compliance with assigned tasks, the instructions received by the data importer/sub-
  • processor and applicable laws;
  • keeping an updated list with system administrators’ identification details (e.g. name, surname, function or organizational area) and tasks assigned and providing it promptly to data exporter upon request.

This document constitutes part of the Agreement / Contract HUB enters into with Clients.

Full details of the data protection and privacy policies governing this Agreement can be accessed through our Privacy and Legal Centre.

Visit Privacy and Legal Centre