Pazion, the company responsible for Order2Flow, actively guarantees security and privacy. In this statement, you can read which measures we take regarding these topics, as well how we handle your personal data.

Privacy and personal data

Processing personal data

We collect and process personal data in order to provide our services. We don’t collect special or sensitive personal data. These data are provided by you to either us or a third party with your permission. You grant this permission when you accept the cookies. Our employees that have access to these data are bound to secrecy. They do not send these data through unprotected channels. It is about these sorts of data:

  • first and last name;
  • (business) e-mail address;
  • (business) phone number;
  • your employer/company.

In case you have any questions about your personal data, please contact us.

Cookies

We use technical, analytical and functional cookies. The data we collect this way are anonymised when possible. When you visit our website and accept the cookies, these are saved as a small text file on your device.

Transparency about personal data

We always communicate about the purposes we use your data for. If you want to know more about this topic, you can contact us. You have the right to access your data.In addition, you have the right to withdraw your permission for collecting your data. You also have the right to data transferability/portability. This means we transfer your collected personal data to you as a computer file, or we transfer these data to a third party of your choice. In case you want to invoke one of these rights, you can contact us.

Please note that when you make a request to access your data, or if you want to invoke one of the other rights above, we do have to ask you for a photograph or a scan of your identity document. This way we are sure your data will be accessible to the right person. To guarantee your privacy, we ask you to blur or blacken these things: your photograph, the machine readable zone (thus the strip with numbers, on the low end of your passport), your passport number and your citizen service number. We will destroy this copy as soon as your request is met.

Sharing data with third parties

We only share your personal data with third parties if needed to provide our services. Of course we handle this discreetly. We have a data processing agreement with these parties.

GDPR compliance

We are seriously committed to achieving compliance with the GDPR (or AVG, as it is also known in Dutch). A lot of the applications and services we rely on are already compliant themselves. When this is not the case we devote special attention in order to achieve compliance anyway. In addition, we are compliant with the international ISO/IEC 27001 for information security.

Newsletter

You receive our newsletter if you either subscribed to receiving it, or if you are an existing customer of ours. Each newsletter offers you the possibility to unsubscribe.

Security, archiving and backups

Encryption

Our apps come with SSL certificates (Secure Sockets Layer). These are used to encrypt the communication towards the outside world. Our applications are also provided with SHA265 password encryption.

Data archiving

Data that are obliged to be archived are stored in compliance with the GDPR guidelines, as well as the Dutch Archiefwet (‘Archive Law’).

Encrypted backups

Our data backups are stored locally and offsite. In addition they are stored encrypted. Our backup server is of course protected. The server makes backups on a daily basis, on a block level, and encrypts them.

Security

We take the relevant security measures, including the use of spam filters, virus scanners, firewalls and intrusion detection tooling.

Incident response
  • We identify the incident: when did it happen, who had access to the system, and which third parties are involved?
  • We provide the right solution to the problem in case.
  • The priority of the actions we take depend on the scope, the kind of incident and the involved third parties.
  • We report to these parties within 24 hours.
  • We mitigate the impact of the incident as much as possible.
  • After recovering the system/systems in case we test them to check if there are no longer any problems with them and if they function again as expected.
  • After resolving the incident we critically evaluate our measures, in order to prevent repetition.
  • We keep the documentation (support) tickets and logs that relate to the incident.
Passwords

Our passwords are at least eight characters long and include an uppercase character, a numeral and a special character. Passwords are changed on a regular basis. In addition, we actively consult our customers to follow these guidelines for their own passwords.

Secure testing phases

Our apps’ test environments are separate locations. Access to them is limited, so only the right persons can access them. This way, access to sensitive (personal) data is protected.

Credentials protection

Credentials are stored in local config files. They are not stored in the code repository, but apart from them in a separate place.

Change management

Paul Groeneweg, Pazion’s owner, is responsible for incident management. He takes the lead in this and makes sure our organisation handles incidents in the right way.

Code vulnerabilities

The Docker images are scanned on a monthly basis to identify vulnerabilities in the code. In addition, we ensure that we solve these issues as soon as possible. We also update the packages in case, to keep the Docker images up to date and secure.

Our contact details

Do you still have any questions about our privacy and security measures? Then please get in touch with us:

Pazion/Order2Flow

Nieuwe Kade 18

026-3020038

info@pazion.nl