Information Security Policy
[Last modified: December 27, 2018]
MacSearch (“Company” or “we”) is committed to provide transparency regarding the security
measures which it has implemented in order to secure and protect Personal Data (as defined under
applicable law, including the EU General Data Protection Regulation (Regulation 2016/679) (“GDPR”))
processed by the Company for the purpose of providing its services as detailed in our Privacy Policy.
This information security policy (“Policy”) outlines the Company’s current security practices as of the
“Last Updated” date indicated above.
As part of our GDPR compliance process, we have implemented, technical organizational monitoring
protections, and established an extensive information and cyber security program, all with respect to
Personal Data processed by us. We take best efforts to ensure our employees and contractors comply
with this Policy.
Physical Access Control
The Company ensures the protection of the physical access to the data servers which store the Personal
Data processed by the Company and stores its data solely with third party hosting provider which have
obligated to provide sufficient security measures. Company works with Amazon Web Services
datacenter and XGlobe Ltd, as its main storage and web farm service providers, therefore if you need
more information Company recommends that you review Amazon’s security policy available here and
XGlobe’s here. Further, entrance to Company’s offices is protected by electronic means. Alarm system,
monitoring and protection is implemented outside the working hours.
System Control
Access protection for all Personal Data processing systems through user authentication. Access to
Company’s database is highly restricted, the restrictions are through protections implemented therein in
order to ensure that solely the appropriate prior approved personnel, can access the database. Wireless
access is always made through protected VPN. Safeguards related to remote access and wireless
computing capabilities are implemented therein. The databases are protected and solely authorized
personnel may access such database by using a designated password. Company’s personnel are assigned
with a private password that allows strict access or use related to Personal Data all in accordance with
position, and solely to the extent such access or use is required. Company carries out regular and
random security tests on the system. Further, Company’s systems include network firewalls and anti-
malware software on desktops and laptops.
Data Access Control
There are restrictions in place in order to ensure that the access to the Personal Data is restricted to
employees which have a requirement to access it, all in order to ensure that Personal Data shall not be
accessed, modified, copied, used, transferred or deleted without specific authorization. The access to
the Personal Data, as well as any action performed involving the use of the Personal Data requires a
password and user name, which is routinely changed, as well as blocked when applicable. Each
employee is able to perform actions solely according to the permissions determined by the Company.
Further, Company has ongoing review of which employees’ have authorizations, to assess whether
access is still required. Company revokes access immediately upon termination of employment.
Organizational and Operational Security
The Company invests a multitude of efforts and resources in order to ensure compliance with the
Company’s security practices, as well as provides employees training. The Company strives to raise
awareness to the risk involved in the processing of Personal Data. In addition, the Company
implemented applicable safeguards for its hardware and software, including firewalls and anti-virus
software on applicable Company hardware and software, in order to protect against malicious software.
Transfer Control
All transfer of Personal Data is protected using applicable safeguards. Company’s database is protected
by industry best standards. All data transfer is secured and encrypted.
Availability Control
The Company’s servers include an automated backup procedure. The Company has a backup concept
which includes daily automated backups.
Data Retention
Personal Data and raw data are all deleted as soon as such data and Personal Data is no longer required
in order for the Company to provide or operate its Services, all in accordance with applicable laws.
Job Control
All of Company’s personnel are required to execute an agreement which includes confidentiality
provisions as well as applicable provisions binding them to comply with applicable data security
practices. In the event of a breach of obligation or non-compliance with Company’s policies, the
Company includes repercussions to ensure compliance with the Company’s policies. Furthermore, the
destruction of Personal Data following termination of the engagement is included within the contract
between the parties.