ELSSI has in place a Data Security Management System in order:
- To ensure its full compliance with the relevant applicable legal and regulatory provisions,
- To protect its interests and the interests of those transacting therewith and entrust it with the use and transfer of their confidential data
- To ensure the availability, integrity and confidentiality of information which is reproduced, received and exchanged in the context of its activities.
- To maximize the reliability of the IT resources of the company.
Harmonizing its activities with the General Data Protection Regulation (GDPR), ELSSI observes the following principles:
- Legality, Objectiveness and Transparency, when it processes personal data in a lawful and transparent manner, with respect to the data subject.
- It collects the data for specified, express and lawful purposes and this data is not further processed in a manner that contradicts these purposes.
- Data collected is only the data deemed appropriate and relevant and is limited to the purpose for which it is processed.
- Data is accurate and when required, it is updated, taking all necessary safeguards for the prompt deletion or rectification of personal data which is inaccurate in terms of the processing purposes.
- Data is retained in a form that allows for the identification of the data subjects only for the period required for the personal data processing purposes.
- Data is processed in a manner that guarantees the advisable security of personal data, including inter alia the protection thereof against unauthorized or illegal processing and random loss, destruction or damage, with the use of the appropriate technical or organisational measures.
- ELSSI is responsible and is capable of proving its compliance with the above principles.
The application of the Data Security Management System serves the following objectives:
- Protection of the records retained, computer resources and transferred information at the services of the company against any threat, internal or external, intentional or random,
- Systematic assessment of risks that concern the security of information, aiming at the proper and timely management thereof,
- Data archiving, avoidance of viruses and external penetration, systems access monitoring and control, recording of all security incidents and management of unanticipated events,
- Constant informing of the administration and personnel in relation to data and information security and conduct of training seminars for the personnel,
- Full commitment of the Administration of the company to the due application and constant improvement of the Data Security Management System which is in compliance with the requirements of the General Data Protection Regulation (GDPR).
Cyprus June 18, 2018