Information encryption policy
Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free circulation of these data (RGPD) establishes that the Responsible or Person in Charge must determine the most appropriate technical and organizational measures to guarantee a level of security appropriate to the risk.
For this reason, FERTINYECT SL has adopted an information encryption policy with the aim of safeguarding the confidentiality, integrity and authenticity of the personal data processed by the organization.
FERTINYECT SL has adopted the following measures:
- Use of electronic signature: The electronic signature will be used in commercial exchanges and in procedures with Public Administrations.
- SSL web certificates: The company must acquire a web certificate to guarantee the security of information on a website.
- Encryption of sensitive data when contracting external services: It must be verified that the contracted external service uses encrypted channels for communications and encryption tools in the treatment of sensitive information.
- Encryption of sensitive data when application developments are requested: It must be verified that the access credentials are encrypted when web developments or apps that involve user login are requested.
- Access from outside with VPN: The company must enable encrypted VPN channels that guarantee the confidentiality and integrity of the communications of the Wi-Fi use policy and external connections when they have workers or authorize access from outside to the servers of the facilities the company.
- Authorized Encryption Algorithms: Encryption algorithms must be applied and reviewed by the company to prevent the use of outdated encryption systems.
- Authorized applications for cryptographic uses: You must have a list of authorized applications for cryptographic purposes.
- Use of secure communication protocols: The company must provide workers with updated cryptographic protocols for the use of their activity and training.