As a company that takes data security and privacy seriously, we recognize that DAESK’s information security practices are important to you. We have provided some general information below to give you confidence in how we secure the data entrusted to us.
Protection from Data Loss & Corruption
Databases are kept separate and dedicated to prevent corruption and overlap. Multiple layers of logic segregate user accounts from each other. Account data is mirrored and regularly backed up off-site.
Application Level Security
The passwords created by users registering accounts via the registration page on the DAESK website are hashed. Our own staff cannot view them. If a user loses their password, it can't be retrieved—it must be reset. All login pages (from our website and mobile website) pass data via TLS. The entire website is encrypted with TLS. Login pages have brute force protection. Our team perform security penetration tests throughout the year using different vendors.
Organizational & Technical Measures
Our premises are secured with electronic security keys and employees must sign non-disclosure agreements concerning user data. Data is stored in high-security third party data centers. We have defined procedures in place for detecting security breaches, and should the risks be significant and not mitigated by any of our technical or organizational measures we will notify our users individually so that they might take steps to respond to the breach.
Rights Under GDPR
With the coming into force of the GDPR data protection regulations, users and other visitors to our site who provide us with their personal data are afforded new rights. These rights include but are not limited to, viewing and correcting data held about you, receiving data held about you in a portable form and the “right to be forgotten” under which you may request that your data be deleted. We ask that any requests to exercise your rights under GDPR, or report a compliance breach, be directed to us by email at firstname.lastname@example.org.