GoGreenlight

1. Purpose

This policy ensures that GoGreenlight protects personal data and other sensitive information against unauthorized access, loss, or misuse.

2. Scope

This policy applies to all employees, systems, and services operated by GoGreenlight where personal data is processed.

3. Access Control

• Only authorized personnel may access personal data.
• User accounts are personal and must not be shared.
• Access rights are based on job roles.

4. Data Security

• Data is encrypted in transit and at rest.
• All systems are protected by firewalls and antivirus software.
• Security patches are applied regularly.

5. Incident Response

• Security incidents must be reported immediately to the designated contact.
• All incidents are documented and reviewed.
• Data breaches will be notified to affected parties in accordance with the GDPR.

6. Training and Awareness

• Employees receive basic training in data protection and IT security.
• Security awareness is part of onboarding and reviewed annually.

7. Data Retention and Deletion

• Personal data is only retained as long as necessary.
• Upon contract termination, data is deleted or returned as instructed.

8. Review

This policy is reviewed annually and updated as needed.