Skip to content

Security policy

Security policy

This policy declares the way DENEVY approaches your data protection. It supplements the General Terms and Conditions and the GDPR.

DENEVY s.r.o. (hereinafter referred to as "DNV" or "We") provides services and products (hereinafter referred to as "Products", "Services" or "Platform") that are intended for professionals, companies and other organisations (hereinafter referred to as "Clients" or "You "). Therefore, you use the products and services for your business or other operational needs and to store various business and personal information.

Declaration on security and protection of your data

  1. As the platform provider, we recognise the importance of security and privacy of you and your data, and therefore it is of paramount importance for us to protect it. We feel fully committed to this.

  2. We keep your data safe and protect it from various security threats.

  3. Your privacy is our priority. We always treat your data and your users' data in an ethical manner, i.e. we do not share your data with any third-parties, this would be contrary to the personal data protection policy.

How your data is protected

The data stored in Products is secured by several protection layers. juno.one is a web application built on a three-tier architecture that separates the server with the application, the database and the user's environment, which is launched from a web browser.

Security and data protection in the application

  1. Each client has their own separate and isolated instance of the application (single-tenant), which ensures data privacy and therefore creates a secure environment isolated from the outside world and from the environment of other clients.

  2. Only your users can log in to your environment.

  3. User access is protected by username and password authentication.

  4. Each user must enter a strong password before entering the system (a password policy is recommended or enforced).

  5. You must protect the credentials on user devices against misuse or theft.

  6. Passwords are encrypted so that they cannot be acquired by anyone other than the user to whom the password belongs. The password can only be changed by the user and the administrator, we (and anyone else) do not have access to a user's passwords.

  7. In case of loss or threat, the user can reset the password. The user also receives information about their activities via e-mail, so even in case of a password leak, they can learn about someone else's activity inside the product.

  8. Passwords are encrypted and cannot be recovered. Optional two-step verification is available.

  9. Individual user's access rights to data are defined by roles.

  10. Roles limit the user's access to data (including personal data).

  11. You or your administrator are responsible for the scope of rights assigned to the roles.

Security and protection of data transmission

  1. Data transfer between your computer and the server is protected by a secure connection to the server, we only use an encrypted connection via HTTPS.

Security and protection of data storage

  1. All data is stored in a database on servers, user devices only display the data.

  2. No data is stored on user devices. You will not lose any data if you lose your computer or phone.

  3. Access to services can be protected by private company access, and products running in the Cloud may not be visible from the regular internet (Enterprise plan only).

  4. Data is stored either in data centres (Cloud) or on your infrastructure (so-called on-premises model).

  5. Only professional data centres are used for the Cloud, which ensure high level security (see how security in the Cloud is handled ).

  6. Due to the architecture of our products, no data centre operator can access your data.

  7. We back-up your data regularly.

  8. DNV offers its services in different data regions, a "data region" is a data centre or set of data centres in a defined geographical region where client data is stored. Client data from Europe, Africa, and parts of West Asia is located in repositories in the European Economic Area; client data from the Americas region, as well as from the Pacific and other parts of Asia, is located in repositories in the United States.

Application security - privacy by-design

  1. We try to design the system features from the ground up to meet security requirements.

  2. The application and its source code are protected by encryption that does not allow access to any third-party.

  3. We use encryption at the database level, only users can access the data, so only you and your users can access your data.

Definitions

  1. For the purposes of this declaration, the terms are defined as follows:

  2. "Client", "Customer" or "You" is the entity that has agreed to the General Terms and Conditions and uses our services. You decide on the work of users and you are responsible for their behaviour.

  3. "User" means a specific person who uses a customer account as a specific user of the platform, product or service.

  4. DENEVY s.r.o. Ocelářská 35/1354, 190 00, Prague 9, Company registration number: 02995107 VAT identification number: CZ02995107 (hereinafter referred to as "Service Provider", "DNV" or "We").