Privacy and Data Security

Compliance with privacy rules:

All sensitive data and docs are kept and treated in accordance to Italian Privacy Rules (Legislative Decree no. 196 of 30 June 2003, which implements EU Privacy Directive). All paper documents are kept in a secure and monitored archive

Email service:

our email provider is UK ISO certified datacenter and all emails encrypted in transit using SSL/TSL protocols: 1024-bit RSA End-user Keys, 2048-bit RSA CA Keys

Data destruction:

all docs are destroyed with a micro shredder, kept separate from general disposal and removed and disposed of in way to protect dissemination of sensitive data. All PII in electronic format are destroyed and deleted by our IT provider using the Kroll Ontrack Eraser Software 4.0, which is a NATO approved software.

Storage:

our server is kept by an external provider ISO 14001 certified. Our provider guarantees the following encryption standards: AES-256 encryption for data at-rest and in-transit, covering both locally- and cloud-stored data; Active Directory & LDAP integration for user authentication and single-sign on; Private encryption key management, allowing customers to have exclusive access to their data; SHA-1 fingerprinting to ensure data integrity; X.509 certificates preventing man-in-the-middle attacks. We have a daily backup system. Only our IT providers have access to our server, none of our staff can access the server remotely.

Use and retention:

In accordance to our Privacy Policy, personal information is handled only by our Staff and disclosed to Government Offices and Gov. Officials. Documents with personal information are stored in a secured area, while all electronic information are stored in our server which has the following specifications: (i) weekly patch management on Microsoft operative system and server; (ii) all our computers have operative system Windows 7 e Windows server 2008R2 (iii) the anti-virus software is monitored and updated on a daily basis; (iv) the backup on the server is encrypted with AES algorithm (v) we have in place a remote backup service with monthly retention.

Security for Privacy:

Measures implemented include: (i) paper documents are stored in a restricted secure area; (ii) all electronic data are stored in an external server kept by an external provider ISO 14001 certified which guarantees the following encryption standards: AES-256
encryption for data at-rest and in-transit, covering both locally- and cloud-stored data; Active Directory & LDAP integration for user authentication and single-sign on; Private encryption key management, allowing customers to have exclusive access to their data; SHA-1 fingerprinting to ensure data integrity; X.509 certificates preventing man-in-the-middle attacks ; (iii) password protected access to each computer; (iv) information on computer screens and manual files are kept hidden from visitors to our offices; (v) back-up procedures in operation for computer held data, including off-site back up; (vi) we have taken reasonable measures to ensure that our Staff is informed and comply with our security policies; (vii) all waste papers, printouts, etc. are disposed according to the rules of the Italy Privacy Code.

Our partners:
Mazzeschi S.r.l. Project co-financed under Tuscany POR FESR 2014-2020