Appendix - Security

Pitchflow complies with the General Data Protection Regulation (GDPR) when processing personal data of individuals in the European Union (EU). To keep personal data safe, Pitchflow is implementing appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of the data. Here are some steps that Pitchflow is taking to secure its infrastructure in our EU-based cloud service:

Data Protection Officer: Pitchflow has appointed a Data Protection Officer (DPO) to ensure that its data protection policies and procedures are compliant with GDPR and to advise the organization on data protection matters. The DPO can be contacted at [email protected].

Data Encryption: Pitchflow uses encryption to protect data in transit and at rest. All sensitive data is encrypted using strong encryption algorithms, and keys are managed securely.

Access Control: Pitchflow has implemented strict access control measures to ensure that only authorized personnel have access to the personal data. Access to data is granted based on the principle of least privilege, which means that individuals have access only to the data they need to perform their job.

Data Backup and Recovery: Pitchflow ensures that backups of personal data are taken regularly and stored securely in a separate location. This helps in recovering the data in case of data loss or corruption, ensuring that the data is always available to authorized personnel.

Network Security: Pitchflow has implemented strong network security measures, including firewalls, intrusion detection and prevention systems, and regular vulnerability assessments. This helps to prevent unauthorized access to the network and protect against cyber attacks, reducing the risk of data breaches caused by external threats.

Regular Updates and Patches: Pitchflow keeps its software and systems up to date by installing regular updates and patches. This ensures that any security vulnerabilities are addressed promptly, reducing the risk of data breaches caused by software vulnerabilities.

Employee Training and Awareness: Pitchflow provides regular training to its employees on data protection, security best practices, and GDPR compliance. This helps to ensure that employees are aware of their responsibilities and understand how to protect personal data.

Data Protection Impact Assessments (DPIAs): Pitchflow conducts DPIAs for any new or significant changes to its processing activities. This helps to identify and mitigate any risks to personal data.

By implementing these measures, Pitchflow is ensuring that personal data is kept safe and secure in compliance with GDPR. It is also important for Pitchflow to regularly review and update its security measures to stay ahead of evolving threats and protect personal data against potential breaches.

Last changed 2022-03-27