Laposta has the ISO 27001-certification, which means that we take the necessary measures to protect sensitive information against unauthorised access and processing.

We process personal data. These are the measures we have taken to do this as securely as possible.

 

Physical Security Measures (Data Centre):

  • Accessible only after registration and verification via fingerprint;
  • Servers are stored in a locked cabinet;
  • A register keeps track of every keyholder and their justification for having it.

 

Organisational Security Measures Laposta:

  • Agreements with employees about handling customer data (code of ethics);
  • Awareness training in the field of privacy and information security;
  • Agreements about handling equipment;
  • Stimulate awareness with programmers of liabilities in the application and how to prevent them.

 

Technical Security Measures:

  • Policy regarding access rights, passwords, and two-step verification;
  • Emergency power supplies;
  • Regular backups;
  • Professional server management with timely updates;
  • Continuous monitoring of servers and applications;
  • Regular penetration tests of the network and the application;
  • Enforcing encrypted access to applications (analyse our security and SSL/TLS-certificates here);
  • All servers are deliberately placed in a Dutch data centre, accessible and controllable by us;
  • Use of SPF, DKIM, and TLS when sending newsletters.

 

Get Notified of Data Loss Immediately

If data is lost despite all our measures, we are legally required to report this. We always report this immediately to the person responsible (our customer) and in case of a serious leak to our users as well.

 

Special Category Data

Laposta takes security measures for the personal data processed through this application in accordance with the ISO-27001 certification awarded  to us in 2018. We offer a standard service. Laposta has not taken any special/additional security measures that are tailored to your organisation and/or the personal data processed by your organisation through this application.

When taking security measures, Laposta assumes that no sensitive personal data - such as special/criminal personal data as referred to in the General Data Protection Regulation (GDPR) and/or Citizen Service Numbers - is processed through its newsletter application. The security measures taken are therefore not tailored to the possible processing of such special/criminal personal data and/or Citizen Service Numbers. Laposta cannot therefore guarantee that its application is suitable for the processing of such data. Consider, for example, health data and medical data. Furthermore, data showing political preference or religious beliefs can also be regarded as special category data. This may possibly be the case with email addresses of, for example, political parties or religious groups.

In view of the above, your organisation is responsible for assessing whether the security measures taken by Laposta are appropriate for the purpose for which it wishes to use the newsletter program. The assessment of the suitability and effectiveness of security measures taken for our working methods is carried out annually by an independent and accredited auditor (KIWA). This will then issue an ISO-27001 certificate including a Statement of Applicability. These documents are available upon request. In this context, your organisation indemnifies Laposta against damage, entitlements, and claims from your organization, those involved and/or third parties, as well as fines imposed by the competent supervisory authority.