LAST UPDATED: MARCH 2021
In the course of providing services, Tugger will receive, store, and manage sensitive data through Tugger systems. Due to contractual, legal, and regulatory obligations, Tugger must maintain strict confidentiality of such data at all times.
When we say, “we,” “our,” or “us,” we’re referring to Tugger Limited, a UK limited liability company, our employees, directors, officers, affiliates, and subsidiaries.
When we say “you” or “your,” we are referring to the person or entity that’s registered with us to use the Tugger Services.
When we say “Sensitive Data” we are referring to any data that is classified as restricted or as client data.
As the safeguarding of Sensitive Data is critical to Tugger, all questions regarding the care of Sensitive Data should be directed to firstname.lastname@example.org.
Tugger will comply with data protection law and principles outlined in the General Data Protection Regulation (“GDPR”), which means that Sensitive Data will be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes and not used in any way that is incompatible with those purposes.
- Accurate and kept up to date.
- Maintained only for as long as necessary.
- Kept secure and protected against unauthorised or unlawful processing and against loss or destruction using appropriate technical and organisational measures.
We process Sensitive Data only on the instructions of our customer. If you have any questions relating to such data processing, please contact us via email at email@example.com.
- Tugger allows data extraction from a number of difference sources and services.
- Our staff are trained regularly on data handling and security.
- Our systems are regularly monitored.
- Data transfers are handled over Encrypted TLS/SSL HTTPS connections.
- Data extracted is stored on Tuggers servers.
- All extracted Tugger data is stored in UK data centres.
- You have the right to request for us to delete your extracted data on our servers at any time.
- The extracted data is for you only.
- No data will be extracted without your explicit authorisation.
- We use a number of Application Programming Interfaces (“API’s”) to access only the data we require.
- You can disable access to your connections at any time.
We have measures in place to prevent unauthorised access to IT systems holding Sensitive Data. These measures include:
- Password procedures (incl. special characters, minimum length, forced change of password).
- No access for guest users or anonymous accounts.
- Central management of system access.
- Access to IT systems subject to approval by HR management and IT system administrators.
We have measures in place to prevent authorised users from accessing Sensitive Data beyond their authorised access rights and prevent the unauthorised input, reading, copying, removal, modification or disclosure of Sensitive Data. These measures include:
- Differentiated access rights.
- Access rights defined according to duties.
- Automated log of user access via IT systems.
- Measures to prevent the use of automated data-processing systems by unauthorised persons using data communication equipment.
We have measure in place to prevent the unauthorised access, alteration or removal of Sensitive Data during transfer, and to ensure that all transfers are secure and are logged. These measures include:
- Compulsory use of encrypted private networks for all data transfers.
- Encryption using a VPN for remote access, transport and communication of data.
- Creating an audit trail of all data transfers.
We have measures in place to ensure all Sensitive Data management and maintenance is logged, and an audit trail of whether data have been entered, changed or removed (deleted) and by whom must be maintained. These measures include:
- Logging user activities on IT systems.
We have measures in place designed to ensure that Sensitive Data is protected against accidental destruction or loss. These measures include:
- Installed systems may, in the case of interruption, be restored.
- Systems are functioning, and that faults are reported.
- Stored Sensitive Data cannot be corrupted by means of a malfunctioning of the system.
- Uninterruptible power supply (UPS).
- Business Continuity procedures.
- Remote storage.
- Anti-virus/firewall systems.
We have measures in place to allow Sensitive Data collected for different purposes to be processed separately. These measures include:
- Restriction of access to data stored for different purposes according to staff duties.
- Segregation of business IT systems.
- Segregation of IT testing and production environments.
Updates to the Data Policy
We reserve the right to modify the Data Policy at any time, so please review it frequently. You can see when the Data Policy was last updated by checking the “last updated” date displayed at the top of the Data Policy.
If you have any questions regarding the Data Policy, please contact us by email at firstname.lastname@example.org.