Data Compliance

Data Compliance Document for data.isyndicate.io

International Syndication Company LLC. Last updated: September 2023


Table of Contents

  1. Introduction

  2. Purpose

  3. Scope of Compliance

  4. Definitions

  5. Data Collection Methods

  6. Data Elements Collected

  7. Data Storage and Encryption

  8. Data Access and Export Controls

  9. Data Validation

  10. Security Measures

  11. Data Audits and Accountability

  12. Incident Response and Data Breach Procedure

  13. Data Protection Officer (DPO)

  14. Training and Awareness

  15. Non-Compliance Penalties

  16. Amendments

  17. Contacts


1. Introduction

This document outlines the practices and guidelines concerning data compliance for the web application data.isyndicate.io.


2. Purpose

To establish and describe how data.isyndicate.io collects, processes, stores, and manages sensitive and non-sensitive data.


3. Scope of Compliance

This policy applies to all data stored within the data.isyndicate.io platform.


4. Definitions

  • Administrator: Users with the highest level of data access.

  • Manager: Users with limited data oversight.

  • Resource: External contributors to the database.


5. Data Collection Methods

  • Manual Entry: By staff and resources.

  • Automatic Collection: Through integration with mailbooster.icrmsoftware.com for email validation.


6. Data Elements Collected


7. Data Storage and Encryption

  • Storage: Data stored on AWS AlmaLinux instance.

  • Encryption: AES 256-bit encryption for at-rest data.


8. Data Access and Export Controls

  • Administrator: Can export up to 10k records in CSV.

  • Manager & Resource: Can view but not export.


9. Data Validation

  • Email Validation: Through integration with mailbooster.icrmsoftware.com.


10. Security Measures

  • Firewall: AWS firewall services in place.

  • Access Control: Strict role-based access controls.


11. Data Audits and Accountability

  • Logs: Access logs and action trails maintained for audit.

  • Accountability: Regular compliance checks.


12. Incident Response and Data Breach Procedure

  • Response Team: Managed by DPO.

  • Notification: Within 72 hours of identifying the breach.


13. Data Protection Officer (DPO)

  • Name: Mr. Chris York

  • Role: Overall compliance oversight.


14. Training and Awareness

  • Mandatory Training: For all team members.


15. Non-Compliance Penalties

  • Fines: Applicable as per policy.


16. Amendments

This document is subject to change to remain compliant with legal and technological advancements.


17. Contacts

  • DPO: Mr. Chris York

Last updated