The General Data Protection Regulation (GDPR) is a Regulation of the European Union and, from 25 May 2018, it applies to all organisations that collect and process the personal data of EU citizens.
As a responsible, forward-looking business, Cerri AG is complying with the GDPR and ensure that effective measures are in place to protect the personal data of our customers.
Commitment to the security of personal data of Cerri.AG can be demonstrated through the policies of organization and effective data protection and information security controls.
Cerri.com AG strong committed to EU-U.S. and Swiss-U.S. Privacy Shield. Evidence of our compliance to these requirements is available on request.
Personal Information Collected
Cerri.com AG offers a variety of services that are collectively referred to as the “Service.” Cerri.com AG collects information from individuals who visit the Company’s Websites (“Visitors”) and individuals who register to use the Service (“Customers”).
When expressing an interest in obtaining additional information about the Service or registering to use the Service, Cerri.com AG requires you to provide the Company with contact information, such as name, company name, phone number, and email address (“Required Contact Information”). When purchasing the Service, Cerri.com AG requires you to provide the Company with financial qualification and billing information, such as billing name and address, credit card number, and the number of employees within the organization that will be using the Service (“Billing Information”). Cerri.com AG may also ask you to provide additional information, such as, number of employees, or industry (“Optional Information”). Required Contact Information, Billing Information, and Optional Information are referred to collectively as “Data About Cerri.com AG’s Customers.”
As you navigate the Company’s Websites, Cerri.com AG may also collect information through the use of commonly-used information-gathering tools, such as cookies and Web beacons (“Website Navigational Information”). Website Navigational Information includes standard information from your Web browser (such as browser type and browser language), your Internet Protocol (“IP”) address, and the actions you take on the Company’s Websites (such as the Web pages viewed and the links clicked).
Use of Personal Information Collected
The Company uses Data About Cerri.com AG’s Customers to perform the services requested. For example, if you fill out a “Contact Me” Web form, the Company will use the information provided to contact you about your interest in the Service.
The Company may also use Data About Cerri.com AG’s Customers for marketing purposes. For example, the Company may use information you provide to contact you to further discuss your interest in Cerri.com AG, the Service, and to send you information regarding the Company and its partners, such as information about promotions or events.
Cerri.com AG uses Website Navigational Information to operate and improve the Company’s Websites. The Company may also use Website Navigational Information in combination with Data About Cerri.com AG Customers, to provide personalized information about the Company.
Security of personal data
Cerri.com AG uses robust security measures to protect Customer Data from unauthorized access, maintain data accuracy, and help ensure the appropriate use of Customer Data. When the Service is accessed using the latest versions of Internet Explorer, Firefox, Chrome, Edge or Safari, Secure Socket Layer (“SSL”) technology protects Customer Data using both server authentication and data encryption. These technologies help ensure that Customer Data is safe, secure, and only available to the Customer to whom the information belongs and those to whom the Customer has granted access. Cerri.com AG also implements an advanced security method based on dynamic data and encoded session identifications, and the Company hosts its Websites in a secure server environment that uses firewalls and other advanced technology to prevent interference or access from outside intruders. Cerri.com AG also offers enhanced security features within the Service that permit Customers to configure security settings to the level they deem necessary.
We provide a comprehensive, user-friendly administration interface to authorized customer administrators that allows them to control access at the service, function and data level. User registration and deregistration and access rights management is achieved via this interface, access to which can by customer demand be protected if required by for example multi-factor authentication and other modern and established technologies.
Documented procedures for the allocation and management of secret authentication information, such as passwords, ensure that this activity is conducted in a secure way.
The use of utility programs within the customer cloud environment by Cerri.com employees is strictly controlled and audited on a regular basis.
Where we operate a single and physically separated customer installation, cloud customer resources are subject to strict segregation from each other, so that no access is permitted to any aspect of another customer’s environment, including settings and data.
Virtual machine hardening, including the closing of un-needed ports and protocols, is implemented as standard practice and each virtual machine is configured with the same degree of protection for malware as physical servers.
Transactions between the user (including administrators) and the cloud environment are encrypted using SSL by default and can get extended with IP-Filtering, customer AD directory authentication (SSO), Organisation based encryption. Customer data is encrypted at rest using keys managed by Cerri.com. Encryption is possible till single field level in the application.
Physical and environmental security
Cerri.com has procedures in place for the secure disposal and re-use of resources when no longer required by the cloud customer. These procedures will ensure that customer data is not put at risk.
Cerri.com makes customers aware of planned changes that will affect the customer cloud environment or services. This information gets provided via email to affected customer administrators and will include the type of change, scheduled date and time and, where appropriate, technical details of the change being made. Further notifications will be issued at the start and end of the change.
The capacity of the overall cloud environment is subject to regular monitoring by Cerri.com engineers to ensure that our capacity obligations can be fulfilled at cerri.com work time.
Encrypted backups of customer environments are taken to a standard cerri.com frequency and are retained for a default period of three months. Backups are stored at a separate location to the main location of customer data at a distance which is considered sufficient to represent a reasonable business continuity precaution. Backup samples are verified on a regular basis to confirm their integrity. Restoration from backup can be requested by the customer on a next business day basis.
Activity and transaction logs are recorded in the cloud environment and may be accessed by customer administrators. These include details of logins/logouts, data access and amendments/deletions.
All system and device clocks within the cloud environment are synchronized (via designated servers) to an external time source, details of which are available upon request.
The customer cloud environment is subject to regular vulnerability scanning using industry-standard tools. Critical security patches are applied in accordance with software manufacturers’ recommendations.
The intention of the GDPR is to protect the personal data of EU citizens wherever it is held; there are strict requirements governing where personal data can be transferred to and the measures that must be in place for such as transfer to be legal. Cerri AG ensures that we remain within the law at all times.