Simplio: Data Loss Prevention Policy

1. Introduction


“SIMPLIO” LOCATED IN KEIZERSGRACHT 482 1017EG AMSTERDAM NETHERLANDS, IS WILLING TO GRANT ACCESS TO THE APPLICATION TO YOU AS THE COMPANY OR THE LEGAL ENTITY THAT WILL BE UTILIZING THE APPLICATION (REFERENCED BELOW AS “MERCHANT”) ON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS OF THIS AGREEMENT (AS DEFINED BELOW). BY ENTERING INTO THIS AGREEMENT AS A MERCHANT, YOU REPRESENT THAT WE HAVE THE LEGAL AUTHORITY TO BIND YOU THE MERCHANT TO THIS AGREEMENT. MERCHANT AND SIMPLIO MAY EACH ALSO BE REFERRED TO AS A “PARTY” AND TOGETHER, THE “PARTIES”.

When this Data Loss Prevention Policy mentions Simplio or Simple Invoice or Simple Promotions and Upsells or Simple Order Printer or https://www.simplio.app or https://www.simpleinvoice.info, it refers to “we”, “us”, or “our”, and we will be acting as a Data Processor.

2. Definitions

Electronic commerce: Electronic financial services delivered via electronic means including, but not limited to, the Internet or other electronic delivery methods.

Encryption: This is the conversion of data into a form, called a cipher text, which cannot be easily understood by unauthorized people.

Authentication: This is the process of determining whether someone or something is, in fact, who or what it is declared to be. Depending on the transactions, a more stringent authentication process may be required.

Firewall: Any hardware and/or software designed to examine network traffic using policy statements (ruleset) to block unauthorized access while permitting authorized communications to or from a network or electronic equipment.

4. Purpose

If you have an Simplio subscription, this policy can be used as both a guideline and an overview of the management of Simplio application.

5. Policy Detail

Simplio is committed to enhancing member service through the use of many forms of e-commerce activities.

Electronic commerce activities include Simplio website, email, online invoice system, ACH transactions, ATM system, and online bill payment and services. They also include business-to-business transactions where interaction is conducted electronically between Simplio, its customers, and its business partners using the Internet as the communications network.

Simplio will build policies to protect sensitive data. Every policy will consist of some rules, such as to protect credit card numbers, PII, and social security numbers, if such policies are not already in place.

It is the practice of Simplio to safeguard member data at all times, including the processing of e-commerce transactions. The information must be protected at both the sending and receiving ends of each transaction. To accomplish this, there are several levels of protection applied to e-commerce activities.

6. Identify Sensitive Data

Simplio will identify all the confidential, restricted, and highly restricted data across the whole application and across the three categories, i.e. for data-in-transit, in-store, and in-use. In identifying the sensitive data, Simplio will define the scope within which the DLP Solution will function. Each data set analyzed will be considered as to whether or not leveraging the DLP product would be an efficient use of resources, whether the data is non-sensitive, or whether the DLP would be an effective tool in further securing the data. DLP products work with signatures to identify any restricted data when it is crossing boundaries. To identify the critical data and develop its signatures, there is a term in DLP products known as fingerprinting. Data is stored in various forms at various locations in the application and it requires identifying. Various products come with a discovery engine that crawls all searchable data in a given data store, index it and make it accessible through an intuitive interface that allows quick searching on data to find its sensitivity and ownership details.

7. Response Program

In the event Simplio suspects or detects unauthorized individuals have gained access to member information systems, Simplio will report such actions to appropriate regulatory and law enforcement agencies according to Simplio information security response procedures.

8. Compliance

Simplio policies are guided by mandatory compliance standards specified by governments and industry regulators, such as the PCI DSS, US Data Privacy Law, European Union General Data Protection Regulation as well as the United Kingdom Data protection laws. These standards outline how an organization should safeguard personally identifiable information (PII) and other sensitive data.

9. Support Services and Upgrades

To send us your questions, comments, or complaints or receive communications from us kindly email us; [email protected]

Last update: January, 2023