GDPR/AVG

General Terms and Conditions

Privacy statement

Legislation and abuse

GDPR-compliant

ISO-27001 certification

Subverwerkers

Security data

We do everything to secure your data.

Laposta processes personal data. Below are a number of measures we have taken to ensure that this processing occurs as safely as possible.

These measures are part of our ISO 27001 certification. This is the international standard for information security. The certificate demonstrates that the organization has taken the necessary precautions to protect sensitive information against unauthorized access and manipulation.

Physical security measures

These measures are aimed at preventing unauthorized direct access to data.

  • Our data center is only accessible after registration and verification through a fingerprint;

  • Servers in the data center are housed in a locked cabinet;

  • There is a register that keeps track of who has keys and for what purpose, which is updated periodically.

Organizational security measures

The physical measures are pointless if there are no organizational measures associated with them. These can be agreements with employees, but also with customers or suppliers.

  • Agreements with employees regarding the handling of customer data (ethical code);

  • Awareness training in the field of privacy and information security;

  • Agreements on the handling of devices, for example: putting them in sleep mode when leaving the workplace, using networks and encryption, handling 'own' equipment;

  • Raising awareness among programmers about vulnerabilities and how to prevent them.

Technical security measures

In addition to the physical and organizational measures, there are technical measures that ensure the availability, continuity, and security of data.

  • Policies regarding access rights, passwords, and two-step verification;

  • Emergency power supplies;

  • Regular backups and their monitoring;

  • Professional server management with timely updates;

  • Continuous monitoring of servers and applications;

  • Regular pentests of both the network and the application;

  • Enforcing encrypted access to applications (with this website you can analyze our security, our SSL/TLS certificates for https)

  • Deliberate placement of all servers in a Dutch, accessible, and verifiable data center;
    Use SPF, DKIM, and TLS when sending newsletters.

Immediate notification in case of data loss

If data is lost despite all our measures, we will report this - as is legally required - as soon as possible to the main responsible party (our customer) and, if it is a serious leak, to our users.

Special personal data

Laposta implements security measures for its newsletter program and the personal data processed through this program in accordance with the ISO-27001 certification obtained in 2018. This newsletter program concerns a standard service. Laposta has not taken special/additional security measures tailored to your organization and/or the personal data processed by your organization through this program.

Laposta assumes that there are no sensitive personal data - such as special/criminal personal data as defined in the General Data Protection Regulation (GDPR) and/or citizen service numbers - processed through its newsletter program. The security measures taken are therefore not tailored to the possible processing of such special/criminal personal data and/or citizen service numbers. Laposta cannot guarantee that its program is suitable for processing such data. This could include health data and medical records, for example. Furthermore, data revealing political preferences or religious beliefs are also to be considered special personal data. This may be the case with email addresses of, for example, political parties or religious denominations.

In light of the above, your organization is itself responsible for assessing whether the security measures taken by Laposta are appropriate for the purpose for which your organization wishes to use the newsletter program. The assessment of the appropriateness and effectiveness of the implemented security measures for our working method is carried out annually by an independent and accredited auditor (KIWA). This auditor then issues an ISO27001 certificate including a Statement of Applicability. These documents are available upon request. Your organization indemnifies Laposta in this regard against damages, claims, and charges from your organization, the affected parties, and/or third parties, as well as fines imposed by the competent supervisory authority.