Skip to main content

Explyt Test Plugin Technical and Organisational Measures Including Technical and Organisational Measures to Ensure the Security of the Data

This document is an integral part of Explyt's Privacy Policy, outlining the technical and organizational security measures implemented by Explyt under the Standard Contractual Clauses (SCCs) (and UK Addendum to SCCs):

  1. Measures for internal IT and IT security governance and management – Explyt has established a comprehensive security framework designed to proactively identify, evaluate, and mitigate foreseeable internal and external risks to the integrity and confidentiality of data through systematic risk assessments and continuous monitoring.

  2. Measures for ensuring accountability – Explyt ensures that all employees, contractors, partners, and vendors are fully informed and trained about their roles in safeguarding data, emphasizing the confidentiality, integrity, and availability of personal data managed by Explyt.

  3. Measures for user identification and authorisation – Explyt strictly controls access to data assets, ensuring that only individuals with explicit authorization receive access privileges. Access permissions are strictly managed and reviewed regularly.

  4. Measures of pseudonymisation and encryption of personal data – Explyt employs advanced cryptographic measures to secure data confidentiality, authenticity, and integrity. Sensitive information is encrypted whenever transferred outside its primary storage environments.

  5. Measures for ensuring physical security of locations at which personal data are processed – Explyt utilizes physical security measures and environmental protections to guard against unauthorized physical access, damage, or interference with data processing facilities and resources.

  6. Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services – Explyt maintains comprehensive operational procedures for IT infrastructure management, including systematic controls over system changes, resource capacity planning, malware prevention, backups, activity logging, monitoring, and vulnerability remediation.

  7. Measures for ensuring limited data retention and ensuring erasure – Explyt retains data such as system logs and notifications in alignment with client-specific retention policies. Upon reaching the end of the designated retention period, data is securely and irrecoverably deleted.

  8. Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident – Explyt maintains comprehensive disaster recovery and incident response procedures to promptly restore access to personal data, crucial for maintaining uninterrupted service and reliability.

  9. Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing – Explyt performs regular assessments and testing of its security measures, promptly addressing vulnerabilities and ensuring the overall effectiveness of its protective measures.

  10. Measures for certification/assurance of processes and products – Explyt regularly evaluates the robustness and effectiveness of its security infrastructure and policies. These evaluations are independently verified through annual third-party security audits.

  11. Measures for ensuring events logging – Explyt systematically logs significant events to monitor usage patterns, diagnose issues effectively, and support investigation and resolution of potential security incidents.

  12. Measures for ensuring data minimization - Explyt collects only the minimum personal data necessary for the purposes of Services. If you joined to the “Contribution Program” and any personal data inadvertently included by You in User Data (e.g. code submissions) we will do our best to minimize, pseudonymise or sanitize before any Contributions can be used.

  13. Measures for allowing data portability and erasure on User demand - Explyt enables individuals to exercise their right to personal data portability, please contact our support team support@explyt.com (or our appointed GDPR Representatives, with contacts found in Privacy Policy) to exercise this right. Please note that the personal data processed and stored by Explyt may be minimized, pseudonymized, or sanitized as part of our privacy-by-design approach. If any personal data is retained, Explyt takes all reasonable and appropriate measures to store it in a format that significantly reduces the risk of harm in the event of a security incident.

  14. Measures for ensuring system configuration, including default configuration – Explyt implements secure, standardized system configurations and regularly audits these configurations to prevent vulnerabilities and ensure consistent security practices across its infrastructure.

Measures applicable to subprocessors handling your data

Explyt conducts audits of agreements and security measures of subprocessors to ensure compliance with Explyt’s standards and the requirements of SSCs. Explyt does not transfer sensitive data to subprocessors without pseudonymization. For instance, all queries to LLM subprocessors utilize mathematically pseudonymized identifiers to ensure data minimization and protection.