A locked safe.

    How we protect personal information

    We take the responsibility of protecting your information seriously. We develop our website, products, and services using privacy-by-design and security-by-design approaches.

    We have a mature privacy management program with strong accountability. We do a privacy assessment at the early design or modification stage for every product and service that involves personal information. This way we ensure we find and reduce privacy risks before development or launch.

    We also have a well-established and robust security management program in place. This includes both cybersecurity and physical security risks. Also, our security program works together with our privacy team to help safeguard your information.

    A locked safe.
    A laptop displaying a security notification on screen.

    We base our information security and risk management program on recognized industry standards and best practices. This includes:

    • Firewalls
    • Encryption
    • Anti-virus software
    • Vulnerability scanning
    • Penetration testing
    • Patch management
    • Permission and role-based access controls
    • Multifactor authentication
    • Physical controls
    • Audit trails
    • Robust incident management protocols
    • Regular stress test exercises
    • Comprehensive employee training
    • Security information and event management (SIEM)
    • Intrusion Detection Systems (IDS) / Intrusion Prevention Systems (IPS)

    We sometimes rely on third-parties to provide technical support, infrastructure management, and other services. We may need to give them access to your information so they can provide these necessary services. Our third-party service providers are under strict contractual obligations designed to safeguard the information they access.