Persona.ly (“Persona.ly” “Company” or “we”) is fully committed to provide its clients and users transparency regarding the security measures which the Company has implemented in order to secure and protect Personal Data (as defined under applicable law, including the (i) EU General Data Protection Regulation (Regulation 2016/679) (“GDPR”); (ii) the EU e-Privacy Directive (Directive 2002/58/EC); and (iii) any national laws made under or pursuant to) processed by the Company for the purpose of providing its services as detailed in Persona.ly’s Privacy Policy.

This information security policy (“Information Security Policy”) summarizes Company’s security practices.

The Company has implemented, technical and organizational safeguards, and established a comprehensive information and cyber security program. The aforementioned is all in order to protect the Personal Data processed by the Company against unauthorized access thereto.Company takes best efforts in order to ensure its employees, as well as its clients, comply with its security protocols and this Information Security Policy.

Persona.ly ensures the protection of the physical access to the servers and facilities that store the Personal Data on Persona.ly’s behalf. Persona.ly has chosen the reputable Amazon and Digital Ocean, as its main cloud storage providers. Some of the Personal Data collected by Persona.ly is stored in the AWS data servers, for more information regarding the data security provided by AWS, please see: https://aws.amazon.com/security/. Furthermore, some of the Personal Data collected by Persona.ly is stored in the Digital Ocean’s data servers, for more information regarding the data security provided by Digital Ocean, please see: https://www.digitalocean.com/security/ Further, Persona.ly secures the physical access to its offices using a passcode to ensure that solely authorized individuals such as employees and authorized external parties (maintenance staff, visitor, etc.) can access Persona.ly’s offices. The Persona.ly’s offices include fire and smoke alarms in place. All data backups are stored in data safes protected from fire and water.

The access to Persona.ly’s systems is restricted, based on protections implemented therein in order to ensure appropriate approvals, as well as safeguards related to remote access and wireless computing capabilities. Solely permitted IP addresses as well as authorized services have access to the Persona.ly system. The systems are protected and solely authorized employees may access the systems by using a designated password. Each employee has a private password that allows access or use related to the Personal Data according position, and solely to the extent such access or use is required. There is constant monitoring of the access to the systems as well as real-time authentication protocols.

Persona.ly restricts the access to the Personal Data solely to its employees which have requirement to access it, all in order to ensure that Personal Data shall not be accessed, modified, copied, used, transferred or deleted without specific authorization. The access to the Personal Data, as well as any action performed involving the use of the Personal Data requires a password and user name, which is routinely replaced, as well as blocked when applicable. The user password is fully encrypted. The Company takes commercial reasonable precautions to prevent any SQL injections. In addition, all of the Company’s databases are isolated from the applicable source where the data is collected. Each employee is able to perform actions solely according to the permissions determined by Persona.ly. Each access is logged and monitored, and any unauthorized access is automatically reported. Further, Persona.ly is regularly reviewing its employees’ authorizations, to assess whether they are necessary and revokes access immediately upon termination of employment. Authorized individuals can solely access Personal Data that is established in their individual Authorization profiles. Specific security measures are in place to prevent an individual from attaining an overly powerful leading role through the concentration of various combined roles and access rights.

Persona.ly is investing efforts and resources in order to ensure cross organization compliance with its security practices, as well as continuously provides employees training in this regard. The Company strives to raise awareness to the risk involved in the processing of Personal Data. In addition, Persona.ly implemented applicable safeguards for its hardware and software, including firewalls and anti-virus software on applicable Company property in order to protect against malicious software as well as any intrusions to the Company’s systems.

The Company does not transfer any Personal Data outside of the Company’s datacenters. Backup files are checked with checksums daily and stored on a local disk. In order to minimize the risk of Personal Data being accessed by unauthorized third parties during an electronic transmission, Persona.ly has implemented applicable safeguards such as L2TP, IPsec (or equivalent protection), as well as encryption of the Personal Data prior to the transfer of any Personal Data.

Personal Data and raw data are all deleted at the time it is no longer required to provide the Persona.ly Services, all in accordance with applicable laws.

All of Persona.ly’s employees are required to execute an employment agreement which includes confidentiality provisions as well as applicable provisions binding them to comply with applicable data security practices. In addition, employees undergo a screening process applicable per regional law. In the event of a breach of an employee’s obligation or noncompliance with Persona.ly’s policies, applicable disciplinary actions are taken, including without limitation termination. In addition, prior to Persona.ly’s engagement with third party contractors, Persona.ly reviews such third party’s security policies, specifically information data security policies. Third party contractors may solely access the Personal Data as explicitly instructed by the Persona.ly. Furthermore, the destruction of Personal Data following termination of the engagement is included within the engagement between the parties. In addition, to the extent applicable, Persona.ly’s partners are required to execute an applicable Data Processing Agreement.

The Company has a backup concept which includes daily backups that has a named individual as fully responsible for the backups. Periodical checks are preformed to determine that the backup have occurred. There is an emergency plan in place in which the steps to be implemented are described and determined, including which persons particularly on the side of a contractor, to the extent applicable, or a Company employee are to be notified of an incident. Regular controls of the condition and labelling of data storage devices for data security. The existence and regular examination of emergency generators and overvoltage protection devices. In addition, permanent monitoring of all data backup operational parameters. Moreover, devices are in place to monitor the temperature and humidity in server rooms which host backups, at all times.

This Information Security Policy is an overview of Persona.ly security practices and may be updated from time to time, according to any applicable laws as well the company’s internal policies. The updated date at the top of the Information Security Policy will be reflected in the “last updated” heading.