Below is Amigo's policy relating to the privacy and security of the Client Data as defined in Amigo's contract with its Clients.
- Security Controls, Procedures, Policies and Logging.
The Marketing Services are operated in accordance with the following procedures to enhance security:
- Unique User identifiers to ensure that activities can be attributed to the responsible individual.
- New Authorised Users are provided unique links via email. Upon clicking such links, an Authorised User must create a password.
- User access log entries will be maintained, containing date, time, User ID, URL executed or entity ID operated on, operation performed (created, updated, deleted) and source IP address. Note that source IP address might not be available is NAT (Network Address Translation) or PAT (Port Address Translation) is used by the Client or its ISP.
- If there is a suspicion of inappropriate access, Amigo Technology can provide Client log entry records to assist in forensic analysis. This service will be provided to the Client on a time and materials basis.
- Logging will be kept for a minimum of 30 days.
- Logging will be kept in a secure area to prevent tampering.
- User Authentication
Access to the Marketing Services requires a valid User ID and password combination, which are encrypted via SSL while in transmission. Following a successful authentication, a random session ID is generated and stored in the User's browser to preserve and track sessions state.
- Incident Management
Amigo Technology maintains security incident management policies and procedures, including detailed security incident escalation procedures. Amigo Technology will promptly (within 48 hours) notify the Client in the event Amigo Technology becomes aware of an actual or reasonably suspected unauthorised disclosure of Client Data.
- Reliability and Backup
All Client Data is stored on a primary database service with a backup database server for redundancy. All Client Data, up to the last committed transaction, is automatically backed up on a regular basis.
The Marketing Services will not introduce any Viruses to the Client's systems. The Marketing Services may permit the upload of attachments; however such attachments are not executable within the Marketing Services. Additionally, the Marketing Services may pull in links to other Web sites that may contain malicious content; however, such Web sites are not executable within the Marketing Services.
- Data Encryption
Amigo Technology uses industry accepted encryption products to protect Client Data and communications during transmissions between the Client's network and the Marketing Services, including minimum 128-bit encryption and minimum 1024-bit RSA public keys for key exchange.
- System Changes and Enhancements
Amigo Technology plans to enhance and maintain the Marketing Services during the term of the Agreement. Security controls, procedures, policies and features may change or be added. Amigo Technology will provide security controls that deliver a level of security protection that is not materially lower that that provided as of the Effective Date.
- Transfer of Data outside the European Economic Area (EEA)
Amigo Technology engages third parties to store and process data, including personal data, on behalf of Amigo Technology. It is possible that such third parties may store personal data outside the EEA (including, by way of example, storage in the Cloud). Amigo Technology requires such parties to implement appropriate technological and organisational measures to protect the Client Personal Data and Client Customer Data against unauthorised or unlawful Processing and accidental loss, destruction, damage, alteration or disclosure.