Security Controls

We treat the security and privacy of our customer's data as a top priority. We've implemented the following controls to keep your data secure.

Technical and organisational security measures

Last updated: April 2023

  1. Internal data privacy and IT security policies, incl. procedures according to applicable laws and regulations, are implemented and regularly reviewed and updated as required.
  2. Appointment of individuals with data privacy and IT security responsibilities (e.g., IT security officer, data protection officer (if required under applicable law)).
  3. Access to personal data by individuals is subject to appropriate confidentiality obligations.
  4. Regular training of employees in data privacy and IT security. 
  5. Regular internal and external audits to check adherence to data privacy and IT security policies and assess/evaluate whether these are appropriate for ensuring protection of personal data.
  6. Use of encryption for storing of personal data. 
  7. Encryption of personal data in cases of online transmission or transport by means of mobile data carriers. 
  8. Appropriate segregation of data sets (e.g., segregation of data sets of different controllers, separation of test / development data and production data. 
  9. Implemented physical access authorisations (according to the sensitivity of the data and criticality of the processing) for employees and third parties. 
  10. IT system access control policy for employees and third parties accessing IT systems on the basis of need-to-know principle and taking into account the sensitivity and criticality of the processing. 
  11. IT systems accessible through unique and password protected user accounts (based on state of the art policies for creation of secure passwords). 
  12. Data back-up and recovery policies and procedures are implemented. 
  13. Implemented business continuity strategy, including recovery time objectives. 
  14. Sub-processors engaged by THRIVE have formalised, documented and controlled data processing arrangements in place. 
  15. Implemented Data Loss Prevention tools and techniques.