EFFECTIVE DATE
26-9-2024
This Data Loss Prevention Policy is intended to supplement and not replace, in whole or in part, EcomEye’s Privacy Policy and Data Protection Policy. Data Loss Prevention (DLP) encompasses the processes and rules used to detect and prevent the unauthorized transmission or disclosure of Protected Information.
DEFINITIONS
● Data: means electronic information, whether stored digitally or in text, voice, code or visual representation or in any other electronic medium.
● Data-At- Rest: means stored or archived Data and includes, but is not limited to, Data stored on IT resources.
● Data-In-Motion: means Data that is traversing Vermax Network or otherwise being transferred electronically and web traffic utilizing Vermax’s IT resources.
● Data-in-Use: means Data that is being manipulated by a user and includes, but is not limited to, transferring Data.
● Protected Information: includes all of the following: Confidential Information, Transactional Records and Personal Data as defined in the Netherland’s GDPR Implementation Act (“UAVG”) and the EU General Data Protection Regulation (“GDPR”) and Proprietary Data of Vermax.
POLICY STATEMENT
As the operator of EcomEye, Vermax, Broekerstraat 26, 5595CW Leende, the Netherlands (“Vermax”, “we”, “us” or “our”) is bound by national and European Union law to protect certain information that is processed using its IT systems, hardware, and networks. Pursuant to these objectives, Vermax has a duty to actively prevent the loss of Protected Information.
It is the policy of Vermax to engage in sustained and substantial efforts to provide for the confidentiality and integrity of Protected Information;
● to promptly discover and remedy any Security Breach or misuse of IT resources; and
● to expeditiously take those measures needed to reduce the probability of a Security Breach or a misuse of IT resources.
PURPOSE
This Policy establishes the principles by which Vermax will identify, protect, and respond to the unauthorized disclosure of Protected Information by electronic means. The specific purposes of this Policy are to:
● further enable and affirm Vermax’s IT Team for monitoring and reporting compliance with Shopify requirements and applicable Data Protection Law in particular, the UAVG and the GDPR.
● authorize Vermax’s IT Team to take reasonable measures to secure Protected Information by using, among other techniques and methods, Data Loss Prevention (DLP) software and equipment to monitor, identify and block the unauthorized disclosure of Protected Information;
● prescribe mechanisms that help to identify and address areas of high risk for the unauthorized release of Protected Information and the misuse of data; and
● further reduce the risk of exposure and identity theft when Protected Information is used by Vermax as a primary identifier and to provide for the consistent, secure, and proper management of such information.
SCOPE
Based upon a determination made by Vermax’s senior management in accordance with the provisions of this and any related policy, Vermax’s IT Team may:
● access and examine Vermax’s computers and other IT resources and all Data (whether Data-In-Motion, Data-At-Rest, or Data-In-Use) utilizing IT resources in any manner whatsoever;
● monitor Vermax Network activities of individual computer users of IT resources; and
● conduct a forensic analysis of IT resources and the use and usage of such resources.
DETERMINATIONS
Vermax’s senior management may exercise the rights of Vermax and take one or more of the actions it reasonably determines that such action is necessary or appropriate to:
● protect the integrity or security of Protected Information or IT resources;
● protect Vermax from incurring liability;
● reduce the risk of the deliberate or unwitting disclosure of Protected Information or security features of Vermax’s Network that are not publically known;
● investigate unusual or excessive activity typically associated with illegal activity or activity that may be in violation of acceptable use of IT resources or data;
● investigate credible allegations of illegal activity or violations of policy; or
● comply with law or compulsory legal process.
PROBABLE VIOLATIONS AND NOTIFICATIONS
In the event that Vermax’s IT Team identify or are made aware of a probable violation of a policy through the misuse of an IT Resource, the incident shall be recorded in secure Information Security records system, and a notification and description of the incident shall be sent to Vermax’s senior management team for further review and analysis. If Vermax’s senior management team concurs that a probable violation has occurred or is likely to occur, Vermax’s senior management team shall promptly notify the CEO.
Upon receiving notification, the CEO shall then determine what additional notifications, if any, should be made, except that in all cases of suspected criminal activity the relevant authorities shall be promptly notified and in all cases when a reportable Security Breach is suspected, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
CONFIDENTIALITY
Vermax personnel having knowledge of, or access to, the equipment, software, data or methods shall be required to sign a Confidentiality Agreement as a condition of employment and continued employment. Such Agreement shall be in a form and substance as mutually agreed upon by the CEO. The Agreement will be maintained by Human Resources and reviewed annually.
EDUCATION AND TRAINING POLICY
The Vernex’ senior management team shall ensure that if employees are taken on, such employees are fully aware of their legal obligations according to the law by introducing a complete employees’ education and training program.
The timing and content of the training provided to the employees of the various departments will be determined according to the needs of Vermax. The frequency of the training can vary depending on the amendments of legal and/or regulatory requirements, employees’ duties, as well as any other changes in the financial system.
The training program aims at educating Vermax’s employees on the latest developments in the prevention of money laundering and terrorist financing, including the practical methods and trends used for this purpose.
BREACHES OF THE POLICY
Anyone who does not comply with this policy and is directly employed by Vermax, may be subject to disciplinary action as set out in the disciplinary procedures. Any other person covered by this policy, and found not to comply will be reported to the relevant office/employer. This may also result in Vermax terminating any contract.
REVIEW
Vermax will continue to review the effectiveness of this policy to ensure it is achieving its stated objectives on at least an annual basis and more frequently if required, taking into account changes in the law and organizational or security changes.
EXCEPTIONS TO POLICY
There are no exceptions to this Policy.
CONCERNS AND CONTACT
If you have any questions or comments about this policy or wish to report any concerns, please email [email protected].
EFFECTIVE DATE
The first version of this policy was issued on Friday, 11th of October, 2024, and is the current version. Any prior versions are invalid, and if we make changes to this policy, we will revise the effective date.