IT POLICY:

CR. Properties Technology Pvt. Ltd. (“Company”, “we,” “our” or “us”) takes the security of our users, our users’ Contacts and our Visitors (as such terms are defined in our Privacy Policy available here, (Change Hyperlink) collectively “you“) very seriously. As such, we have created this Information Security Policy (“Security Policy”) to disclose our practices with respect to the security and how we protect the Personal Data (as such term is defined in the Privacy Policy) that we process through our services. We have implemented the below technical and organizational measures to protect the Personal Data processed by us, against any loss, unlawful acts, destruction, alteration, unauthorized disclosure or access.

​

As part of our data protection compliance process we have prepared this Security Policy to provide you with a summary of the security measures and policies that we have implemented. We also require our partners and employees to comply with these standards and implement the same security measures included in this Security Policy when working with us.

​

SYSTEM ACCESS CONTROL

Company’s database is accessible only by designated employees. The Personal Data processed by the Company is stored in Secured Cloud Server which only enables access via a personal user authentication. Access to the database is restricted and is based on procedures to ensure appropriate approvals are provided, solely to the extent required. In addition, remote access to the database and wireless computing capabilities are restricted and require safeguards, including VPN protection or similar security level.

​

​

DATA ACCESS CONTROL

All access to a database, system or storage can only be done with an authorization hierarchy and password protection. Furthermore, access to Personal Data is restricted to solely the employees that “need to know” and is protected by passwords and user names. The Company audits any and all access to the database and any unauthorized access is immediately reported and handled. Furthermore, the Company has entered into applicable and binding data processing agreements with its vendors and customers.

​

ORGANIZATIONAL AND OPERATIONAL SECURITY

The Company educates its employees and service providers, and raises awareness with regards to any processing of Personal Data. Internal security testing is done on a regular basis. Company’s IT team ensures security of all hardware and software, by installing anti-malware software including firewalls on computers to protect against malicious use and malicious software as well as virus detection on endpoints, etc. It is the responsibility of the individuals across the Company to comply with these practices and standards which they are bound to by the employment agreement.

TRANSFER CONTROL

The purpose of transfer control is to ensure that Personal Data cannot be read, copied, modified or removed by unauthorized parties during the electronic transmission of the Personal Data or while it is being transferred or stored. Furthermore, any and all transfers of the data (either between the servers, from client side to server side and between Company’s designated partners) is secured and protected as required under applicable law.

​

AVAILABILITY CONTROL

The Company’s servers include an automated backup procedure. The Company has ensured that all of its systems are protected by industry best standards for security systems and measures. Our legal team has ensured that our legal documentation is updated to reflect any changes and to include the mandatory provisions required by the applicable data protection laws.

​

DATA RETENTION

Personal Data and raw data are all deleted as soon as possible or as required under applicable law, all subject to our privacy policy available at: CR PRIVACY POLICY LINK

​

JOB CONTROL

Employees, customers, vendors and applicable processors are all signed on binding agreements all of which include applicable data provisions and data security obligations. Employees are bound to comply with this Security Policy in addition to internal security policies and procedures and breaking or not complying with such shall result in disciplinary actions. To ensure the employees stay educated and up to date with applicable policies and legislation the Company holds annual compliance training which include data security education.