bitapps data
security policy
BitApps
Group (Finland Oy, Germany GmbH and Poland Sp. Z.O.O.) is an ICT company
providing ICT solutions and apps for forest management. BitApps Group always
complies with all applicable laws and regulations. Responsibility is one of our
key values and a natural part of the organization’s business.
In
its daily operations, BitApps Group processes personal data and information
regarding customers and organizations. BitApps Group’s customers and
organizations trust us to protect their data, due to which data security is an
essential part of our business.
Our
data security policy defines the principles and methods by which we ensure a
suitable level of both information security and data protection, the lawful
processing of personal data, risk management, handling of incidents,
responsible operations and the implementation of quality services. We develop
and update our data security policy and other related procedures according to
the relevant legislation and regulations.
With
data security, we strive to ensure the confidentiality, integrity, availability
and quality of our data and data systems, and to implement built-in and default
data security and protection in all situations. Our operations comply with the
laws and regulations established for data protection and security.
We
implement and develop our data security using risk-appropriate and
cost-effective solutions. Security measures also manage the risks associated
with the introduction of new practices and technologies.
The
CEO and management team of BitApps Group are primarily responsible for the
implementation of data security and the creation of the necessary environment
for it. The management team appoints a data security group who is responsible
for the development and maintenance of the data security management system. The
management team defines the organization responsible for data security and the organization’s
responsibilities.
Security
work is included in every profession and job and is an ongoing process. We
require that each of our employees and partners adhere to this policy and
contractual obligations in their operations and are responsible for the
security of the data they manage. Each of our employees is required to report
any misconduct to our security officer or their supervisor. Our personnel are
bound by professional secrecy about the data they handle in the course of their
work, and a duty of confidentiality is recorded in employment contracts.
The
main responsibility for the data security of a particular data or service lies
with BitApps Group. BitApps Group is responsible for the IT system or service’s
data security, compliance with data security requirements, and the continuous
monitoring and development of information security.
It
is the responsibility of each data controller to report any security breaches
or suspected misconduct or breaches of security in accordance with the
applicable guidelines, laws and regulations.
Maintaining
and developing data security is an ongoing process in which we use
administrative, physical and IT solutions. We assess the likelihood and impact
of the risks associated with data processing on the quality of our operations
and strive to manage those risks through appropriate controls. We have a
security management system in place and are committed to continually improving
it and evaluating its suitability, adequacy and effectiveness.
We
monitor the implementation of our data security on a risk basis, also
considering new threats to the operating environment. We continually evaluate
our technical security and conduct regular security audits of key environments.
Our
data security group is authorized by the CEO and is thus independently
responsible for conducting security-related surveys and initiating problem
investigations. Monitoring and reporting on security at a general level is the
responsibility of each of our employees. The owners of our processes and
operations have an obligation to actively monitor and develop their
responsibilities. We train our staff regularly and maintain security awareness
through various measures.
Operating
models have been defined for handling and reporting possible security breaches.
Violation of our security policy and guidelines is considered a security
breach. We have defined procedures for dealing with violations and our
personnel process provides for appropriate sanctions. If necessary, we
co-operate with relevant authorities to resolve any issue regarding our data
security policy.
All
concerns, questions and suspected or known security incidents must be reported.
A report can be made to: inf@bitapps.fi
Reports
and messages sent will be directed to the Data Protection Officer (DPO) who
will then identify, assess and handle the matter in accordance with the
procedures and best practices in this policy. Under no circumstances should an
individual attempt to cover up or ignore a data security incident.
Upon
receiving a report of an incident, the DPO and the data security group will
conduct a brief preliminary investigation to confirm the incident and identify
and immediate actions to remedy the issue. Based on the assessment, the DPO and
the data security group shall further investigate, if necessary, to resolve any
reported incident.
BitApps
Group reviews its data security policy at regular intervals. In the event of
changes in the relevant regulations or organizational activities, we will
update the content of this policy as necessary. It is the responsibility of our
designated DPO and data security group to evaluate the matter and update its
content.
The
Board of Directors of BitApps Group has approved the data security policy on:
Version
30.1.2024