Skip to content
English - Belgium
Contact support
  • There are no suggestions because the search field is empty.

Technical and Organisational Measures

1. Introduction

This document provides a detailed overview of the security and data protection measures implemented by Beeple NV to ensure the confidentiality, integrity, and availability of customer data. It outlines the technical and organizational safeguards in place, covering key areas such as data protection principles, access control, encryption, incident response, employee training, and the procedures for handling data subject rights in compliance with relevant data protection regulations. This document serves as a reference for customers and stakeholders regarding Beeple's commitment to robust data security practices.

2. Company Information

  • Company Name: Beeple NV
  • Contact Information: support@beeple.eu
  • Data Protection Officer (DPO): Wouter Huybrighs
  • Security Officer: David Appels

3. Data Protection Principles

3.1 Data Minimization

The minimal data we process, necessary to use the application:

  • Personal identification data (first name and family name)
  • Contact information (e-mail address)
  • Location data (coordinates to indicate the geographic position of the user), only processed when using the check in/out module with geocoordination and user consent is given. This is used to:
    • Calculate the distance from the user’s location to work and how long it will take to get there (estimation).
    • Verify the location when the user checks in/out at work via the application.

 

Additional personal data can be processed based on the customer’s requirements. This is up to the discretion of the customer.

3.2 Purpose Limitation

Based on the processed data mentioned in the previous chapter, there are following processing activities:

  • Deliver the service
  • Support and consultancy
  • Gather anonymous feedback to improve the service

The purpose of these processing activities is considered necessary to provide the service.

3.3 Data Retention and Erasure

Customer-owned data is anonymized within 6 months after termination of the customer agreement.

4. Technical Security Measures

4.1 Access Control

Customers can configure following security measures in the application:

  • 2-factor authentication, including a setting to enforce two-factor authentication for administrators
  • External identity providers (SSO)
    • Microsoft
    • Google
    • Facebook
  • Settings for automatic password renewal after x months (amount of months is configurable in the application).

 

For authorization, roles-based access controls can be configured for admin users.

 

4.2 Data Encryption
  • In Transit: SSL/TSL
  • At Rest:
    - AWS KMS
    - AWS S3 encryption
    - AWS EBS encryption
    - AWS RDS encryption
    - Encryption protocol AES-256
4.3 Network Security
  • AWS Cloud Guardduty
  • Cloud Guardian Advanced
  • Cyber Threat Intelligence Service
  • Bug Bounty Program
  • MFA on all critical systems access
  • RBAC on all systems access
  • Permanent vulnerability scans on AWS databases
  • Strong API authentication/authorization tokens
  • BCP yearly reviewed, including detailed findings & measures to improve
4.4 Incident Response
  • Detection:
    • AWS Shield
    • Bug Bounty Program
    • Yearly Pentest
    • Dynamic Application Security Testing (Aikido)
    • Static Application Security Testing
  • Escalate
    • Customer can report a data breach incident to privacy@beeple.eu
  • Report
    • 72h after incident breach has been noticed (at the latest)
      • Report to impacted customers
      • Report to data breach authority

5. Organizational Security Measures

5.1 Certificates and audit assurance reports
  • ISO 27001
  • ISAE 3402 Type II
5.2 Employee Training

Via an online learning platform, each employee of Beeple must complete annual training concerning security, data protection and anti-corruption.

Additionally, each new employee of Beeple must complete courses related to password manager, two-factor authentication and phishing.

5.3 Vendor Management

Beeple Trust Center

The Data Protection Manager will inform the customers in case of any changes regarding product related vendors.

6. Data Subject Rights

6.1 Access and Portability

The customer can access the application and the data until the end date of the contract.

Customers can use excel, PDF and xml export templates themselves in the application, to export data, at any time. Standard export templates are available and customers can also add custom export templates.

Additionally, SQL datasets can be configured in a BI tool (e.g. via our partner Luzmo.com). These datasets remain available as well until the end of the contract.

6.2 Rectification and Erasure

Admin users in the application can, depending on access rights:

  • Delete a user, if the user has no planning or communication data and is not an administrator.
  • Archive (and anonymize) a user, if the user has no future planning data. Archiving the user only, means the data remains available on some screens in the application. Archiving and anonymizing a user, will anonymize all the data of the user.

 

If the setting to allow users to stop their own account is active, each user can initiate an account deletion request in the application. This will send an email to the configured recipient email address. Administrators with access to the user will also be notified in the application of this deletion request.