Data Protection Policy

ABOUT IZOOLOGIC DATA SECURITY & PRIVACY PROTECTION

iZOOlogic protects hundreds of the world’s leading brands, across banking, finance and government from cybercrime. We provide strong cyber defense solutions to protect client digital assets.

iZOOlogic headquarters are based in the UK, with operations in the US and Australia. iZOOlogic is registered and has its head office at;

iZOOlogic Limited
Level 30, The Leadenhall Building,
122 Leadenhall Street,
EC3V 4AB, City of London,
UNITED KINGDOM
+44

The Data Protection Officer at iZOOlogic can be contacted at [email protected].

iZOOlogic is committed to protecting client data and has adopted many industry leading Data Protection strategies over and above the legal and compliance requirements.

Data Protection Policy

To maintain and deliver high value Information Security Services to Corporations and Government entities, iZOOlogic monitors, discovers, identifies, analyses, stores and retainssensitive and high value data such as client end user data, accounts credentials, financial data, or may obtains company information that is relevant to the market such as trade secrets, pricing regimes and schedules or product developments or trade secrets or designs, business and technical information relating to a party’s products and associated technology and any documents.

iZOOlogic operates under practices and to the frameworks of ISO/IEC 27001 (International Organization for Standardization – www.iso.org) and AICPA, Trust Services Principles and Criteria (System and Organization Controls (“SOC”)) (www.aicpa.org). iZOOlogic’s information security practices establish and govern areas of security applicable to iZOOlogic and customers’ use of iZOOlogic services.

iZOOlogic employs appropriate technical and organizational security practices protect and handle customer data. These involve iZOOlogic infrastructure, software, employees and procedures and takes into account the nature, scope and purposes of the processing as specified in the Subscriber Agreement. The security controls and practices are designed and intended to protect the confidentiality, integrity, and availability of customer data against the risks inherent in the processing of personal, financial and sensitive data, in particular risks from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to customer data transmitted, stored or otherwise processed. iZOOlogic continually works to strengthen and improve those security controls and practices.

Under no circumstances will iZOOlogic disclose any data to any other party without express approval of the concerned parties and original owner.

iZOOlogic maintains a comprehensive information security program that contains industry standard technical and physical safeguards designed to prevent unauthorized access to the data.

iZOOlogic limits access to personal information to those persons and authorized service providers who have a specific business purpose for maintaining and processing such information. iZOOlogic employees who have been granted physical access to data are made aware of their responsibilities to protect the confidentiality, and integrity of that information and receive relevant training and instruction.

iZOOlogic personnel, including employees and contractors, are subject to these practices and any additional policies that govern their employment or the services they provide to iZOOlogic.

iZOOlogic adopts industry leading practices for information security management and implements a multi-layered strategy where physical security, network infrastructure, software, and employee security practices and procedures all play a key role reinforced by robust governance and oversight.

iZOOlogic operates in secure offices, where physical access is restricted and requires layers of biometric or card authorisation. The Leadenhall Building is one of the most secure and restricted corporate offices in the City of London.

iZOOlogic only hosts infrastructure in High Security Data Centres where physical entry is highly restricted. iZOOlogic regularly audits the range of Data Centres used to host the iZOOlogic platforms.”.

iZOOlogic Access and System Security policies ensure Network and Server Security is constantly monitored for intrusion and is harden against attack. iZOOlogic infrastructure is High Availability with a redundant architecture and is “always on”. Firewalls, perimeter security controls, VPNs, and access-controlling routers are in place and configured to iZOOlogic standards to prevent unauthorized communications. Network based intrusion detection systems are configured to detect attacks or suspicious behaviour, and vulnerability scans are performed to identify potential weakness to the security and confidentiality of systems and data. iZOOlogic may, depending on the specific service, apply the following controls:

iZOOlogic’s access to its customers’ data is restricted to authorized personnel and access is granted after receiving proper approval from management. Only iZOOlogic employees with a need to know will be granted access to customer data for the sole purpose of providing customers with support. In addition, iZOOlogic provides a mechanism by which customers can control access to their environments and to their content by their authorized staff.

iZOOlogic implements measures to prevent customer data from being read, copied, altered or deleted by unauthorized parties during rest, transmission and transport. The iZOOlabs Incident Management portalis secured via https which provides a minimum of 128-bit encryption. The private key used to generate the cipher key is at least 2048 bits.

iZOOlogic propriety platform ensure client data is logically or physically segregated to ensure client data is siloed from all other data, including other client data.

iZOOlogic employees that may have access to customer data are subject to confidentiality agreements. iZOOlogic employees are required to periodically complete training that relates to Data Security.

iZOOlogic employs internal processes for regularly testing, assessing, evaluating and maintaining the effectiveness of the technical and organizational security measures described here. iZOOlogic employs independent third parties to conduct reviews and ensure compliance of the iZOOlogic Data Security Policy including the effectiveness of administrative and technical controls.

Data Access and Integrity

All personal and company data collected, recovered, detected, monitored and stored by iZOOlogic that relates to client corporation and government entities or any personal identifiable information that relates to the client or business function of iZOOlogic is stored for the duration of the client Subscriber Agreement plus a minimum of 7 years. All data is stored in a secure environment and is made available via the client online web portal or hardcopy documentation via written request by clients of where it is a legal requirement governed by a court order. Current and previous clients will be notified in writing at the time of such requests.

Any data breach of the iZOOlogic system that relates to the client data will be immediately mitigated as early as possible and the client or previous client will be notified in writing within 7 days.

Onward Transfer of Data

As a global company, iZOOlogic may transfer personal or corporate data outside of the country where the data is collected where data protection standards may be different, however, under no circumstances will iZOOlogic disclose any data to third parties without express written notification and approval.

iZOOlogic hosts infrastructure in many different jurisdictions to comply with local data privacy laws and central bank / financial regulatory standards. No sensitive client data will be shipped outside of their country with express client authorization and approval of the client. In conducting core monitoring services, iZOOlogic will identify many end user artefacts and sensitive data that relates to client organisations such as compromised credit cards and email accounts, bank/financial accounts and details, hacking tools, source code, phishing kits and other privileged information.

iZOOlogic will use best endeavours tomonitor and identify compromised and/or sensitive data, securely recover compromised and/or sensitive data;attempt to provide mitigation at the point of compromise and return such data and artefacts back to the client at the earliest time via the iZOOlabs Incident Management portal.

Data Retention Policy

IZOOlogic will hold client data for the period of the Subscriber Agreement, plus 7 years. All data will provided to the client in real during the term of the Subscriber Agreement and at any time upon request seven years thereafter. Non-client data will be stored for seven years and is available upon request at anytime.

Terms of Service

iZOOlogic resources and client data are generally accessible via the iZOOlabs Incident Management Portal requiring log in account credentials. The User of iZOOlogic secure resources are responsible for maintaining the confidentiality and security of the account credentials and for any and all activity that occurs under your account. The User should not in any circumstance pass on or distribute iZOOlogic account credentials via any means, electronically, written or verbal. You agree to notify iZOOlogic of any unauthorized use or breach of your account at the absolute earliest time.

Information on the iZOOlogic websites, portals, documentation or electronic mail, written documentation is the Intellectual Property of iZOOlogic, parts thereof, may not be copied, transmitted or disclosed to any third parties other than direct employees of client organisations.

Contact Information of our Data Protection Officer

The Data Protection Officer is responsible for overseeing questions in relation to the iZOOlogic Data Security Policy and any requests to exercise your legal rights.

If you have any queries about the iZOOlogic Data Security Policy the Data Protection Officer can be contacted at [email protected] or The Data Protection Officer, iZOOlogic Limited, Level 30, The Leadenhall Building, 122 Leadenhall Street, EC3V 4AB, City of London, UNITED KINGDOM.