Data Security

Edit Page New Page Revisions

*content to be updated

GETPOS Data Security Policy

Last Updated: 31 Aug 2023

At GETPOS, protecting the security and privacy of our users' data is of utmost importance. This Data Security Policy outlines the measures we take to safeguard the confidentiality, integrity, and availability of the information we collect and process in the course of our business.

Scope

This policy applies to all data collected, processed, or stored by GETPOS, including but not limited to:

  • Personal data of customers

  • Financial data

  • Business transaction data

  • Any other proprietary or sensitive information

Data Collection and Usage

We collect data necessary for the operation of our services, including but not limited to:

  • User registration information (name, email, contact details)

  • Transactional data (order history, payment information)

  • Device and usage data (IP addresses, browser details)

All data collected is used in accordance with our Privacy Policy.

Data Protection Principles

GETPOS adheres to the following key data protection principles:

  • Lawfulness, Fairness, and Transparency: Data is collected and processed lawfully, fairly, and in a transparent manner.

  • Data Minimization: Only the data necessary for the specific purpose is collected.

  • Accuracy: Reasonable steps are taken to ensure that data is accurate and kept up-to-date.

  • Storage Limitation: Data is stored only for as long as necessary for the purposes for which it was collected.

  • Integrity and Confidentiality: Appropriate security measures are taken to ensure the protection of personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage.

Security Measures

1. Encryption

  • All sensitive data, including personal and financial information, is encrypted both at rest and in transit using industry-standard encryption protocols (e.g., TLS/SSL for data in transit, AES-256 for data at rest).

2. Access Controls

  • Access to data is restricted to authorized personnel only, based on the principle of least privilege. Multi-factor authentication (MFA) is implemented for access to sensitive systems.

3. Regular Audits and Monitoring

  • GETPOS regularly conducts security audits, vulnerability assessments, and penetration testing to identify and mitigate potential security risks.

  • Security logs are maintained and monitored to detect any suspicious activities.

4. Data Backups

  • Regular backups of critical data are performed and stored in a secure, encrypted format. Backup data is periodically tested for integrity and is stored in multiple locations to ensure disaster recovery.

5. Data Anonymization

  • Where applicable, personally identifiable information (PII) is anonymized or pseudonymized to limit the exposure of sensitive data.

6. Secure Software Development

  • GETPOS follows secure coding practices during the development of its software products, ensuring that security considerations are part of every stage of the software development lifecycle (SDLC).

Third-Party Services and Data Sharing

Where GETPOS utilizes third-party services (e.g., payment processors, hosting providers), we ensure that these providers comply with equivalent data security standards. Data sharing with third parties is limited to what is necessary for service provision and is governed by strict contracts and non-disclosure agreements (NDAs).

Incident Response

In the event of a data breach or security incident, GETPOS has established procedures to:

  1. Contain the breach: Immediately secure and isolate affected systems.

  2. Assess the impact: Evaluate the scope and severity of the breach.

  3. Notify affected parties: Inform impacted users and regulatory authorities where required by law.

  4. Remediate the breach: Take appropriate corrective actions to prevent future incidents.

  5. Review and learn: Post-incident analysis is conducted to enhance preventive measures.

Employee Training

All GETPOS employees receive regular training on data security practices, including recognizing phishing attempts, safe handling of sensitive data, and incident reporting procedures. Employees with access to sensitive data are subject to additional training and background checks.

Data Retention and Deletion

GETPOS retains user data only for as long as necessary to fulfill the purposes for which it was collected. Upon account closure or completion of a transaction, personal data is either anonymized or securely deleted in accordance with regulatory and operational requirements.

Compliance with Regulations

GETPOS is committed to complying with applicable data protection regulations, including:

  • The Indian IT Act, 2000, and amendments

  • The General Data Protection Regulation (GDPR) for any processing of EU citizens’ data

  • The California Consumer Privacy Act (CCPA) where applicable

We continuously review our policies and procedures to ensure compliance with evolving legal standards.

User Rights

Users have the right to:

  1. Access their data: Request a copy of the data GETPOS holds about them.

  2. Rectify inaccurate data: Request corrections to any incorrect or outdated information.

  3. Request data deletion: In certain circumstances, request the deletion of their personal data.

  4. Object to data processing: Opt-out of specific types of data processing, such as direct marketing.

Requests can be made by contacting GETPOS via our customer support channels. We aim to respond to all requests within 30 days.

Contact Information

For questions or concerns about data security, please contact:

GETPOS Data Security Team
F-468, 8B Industrial Area, Sector 74,
Pin Code: 140307, Mohali, Punjab
Email: info@getpos.in
Phone: +91-9878990102

GETPOS reserves the right to modify this Data Security Policy at any time. Changes will be posted to this document and users will be notified via email or through the GETPOS platform.

Previous Page

Left

Next Page

Right
On this page