Security / CSIRT

We implement appropriate technical and organizational measures to protect personal data and business information against:

• Unauthorized access or disclosure
• Accidental or unlawful destruction
• Alteration or loss

Our security practices are aligned with industry standards and applicable regulations, including GDPR.

Our Computer Security Incident Response Team (CSIRT) is responsible for:

• Monitoring and detecting security threats
• Responding to security incidents
• Coordinating with relevant authorities when necessary
• Implementing preventive measures
• Providing security awareness and training

If you discover a potential security vulnerability or incident affecting our systems, please report it immediately to our security team.

When reporting, please include:

• A detailed description of the issue
• Steps to reproduce the vulnerability (if applicable)
• Any supporting evidence (screenshots, logs)
• Your contact information for follow-up

We appreciate responsible disclosure and will acknowledge receipt of your report promptly.

Upon receiving a security report, our CSIRT follows a structured response process:

• Triage: Assess the severity and impact of the reported issue
• Investigation: Analyze the root cause and scope
• Containment: Implement immediate measures to limit damage
• Remediation: Apply fixes and patches
• Recovery: Restore normal operations
• Post-incident review: Document lessons learned and improve processes

In the event of a personal data breach, we will:

• Notify the relevant supervisory authority within 72 hours (where required by GDPR)
• Inform affected individuals without undue delay if there is a high risk to their rights and freedoms
• Document all breaches and remedial actions taken

We continuously review and improve our security measures through:

• Regular security assessments and audits
• Employee training and awareness programs
• Monitoring emerging threats and vulnerabilities
• Updating policies and procedures as needed