PRIVACY AND INFORMATION SECURITY POLICY
GPM INVEST & TRADE INC (“Wixxir”) is committed to protecting the confidentiality of personal and financial information of its users. The measures taken to prevent unauthorized access, disclosure, modification or destruction of this information are as follows:
· Develops and implements the necessary infrastructure and controls to protect the accuracy and completeness of information and to provide continuous access to information systems.
· Authorizes in accordance with the principle of separation of duties in design, development, testing and implementation processes. Establishes approval mechanisms for critical operations.
· Maximizes data security by physically and logically separating development, testing and production environments.
· User authorization is regularly audited by keeping it at the minimum required level.
· Takes and continuously reviews the necessary measures to ensure network security against external threats.
· Ensures continuous monitoring of systems by adopting a layered security approach.
· It implements security measures such as encryption and masking for the secure transmission and storage of payment and personal data.
· It ensures the security and confidentiality of the encryption keys used.
· It creates an organizational structure for effective information security management and coordination.
· It takes inventory of information assets, identifies and manages risks.
· The rights of data owners will be respected.
· It develops procedures for the detection, reporting and prevention of recurrence of information security incidents.
· It implements training programs that will increase the awareness of all personnel on information security.
· It takes the necessary physical and environmental measures to ensure security in areas where information is processed.
· It determines and implements security requirements in the acquisition, development and maintenance processes of information systems.
· It ensures that employees comply with the determined policies and procedures by obtaining written commitments.
· It takes precautions against interruptions in business activities and guarantees continuous access to information.
· It implements security controls in all relevant areas to prevent unauthorized access.
· It continuously reviews and improves the information security management system.