Skip to end of banner
Go to start of banner

Privacy, Security, Backup and Recovery

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 20 Next »

  • Galooli is committed to protecting the security, availability, and confidentiality of its customers’ data. 

  • Galooli implements a comprehensive information security program that is based on the ISO 27001 standard. This program includes various security measures of the cloud environment, including access control, data encryption, network security, and data backup and recovery. 

  • Galooli holds ISO 9001 and ISO 27001 certifications. You can access the certificates in our knowledge base at: Quality Standards, Certifications, and Patents.

  • Galooli assures full compliance with GDPR requirements.

  • For detailed information on Galooli’s security and privacy policy, please refer to the links bellow
    Should you have any questions or concerns, please contact us.

Galooli's Servers Security Level

All Galooli's data is safe and stored on Amazon servers, with the highest security level.
You can find more information about the server's security at the following links:

https://docs.aws.amazon.com/whitepapers/latest/aws-overview/security-and-compliance.htmlhttps://aws.amazon.com/blogs/security/aws-and-eu-data-transfers-strengthened-commitments-to-protect-customer-data/

Galooli Data Protection

Galooli is committed to the most rigorous standards of information security, and operates in compliance with all applicable information security laws and regulations, including the GPDR.

Galooli's Privacy Policy

Data Processing Addendum

Our cloud is hosted on AWS US.

According to the Data Privacy Framework (PDF) Program Overview, “On the basis of the EU-U.S. DPF Principles, Executive Order 14086, 28 CFR part 201, and accompanying letters and materials, including the commitments by the U.S. Department of Commerce’s International Trade Administration (ITA) regarding the administration and supervision of the Data Privacy Framework (DPF) program, the European Commission was able to adopt a new adequacy decision recognizing the adequacy of protection provided by the EU-U.S. DPF.  The European Commission’s new adequacy decision affirms that the strengthened safeguards in U.S. law on signals intelligence activities, new redress mechanism, and the amended privacy principles under the EU-U.S. DPF meet EU legal requirements thereby enabling participating organizations to use the EU-U.S. DPF Principles to transfer EU personal data to the United States in compliance with EU law.” For further details visit:

Data Backups and Recovery

  • Galooli's Information Security Policy, Disaster Recovery Plan (DRP), and Business Continuity Plan delineate backup procedures and data recovery protocols for various scenarios, encompassing instances such as server unavailability, employee incapacitation, office space disruption, and database corruption or catastrophe. 

  • Galooli’s source code is managed and will be securely backed up to a separate cloud.

  • Database backups are conducted on a daily basis for active databases.

  • Security Training procedures establish precise timelines for both full and partial retrieval of essential data components. 

  • Galooli conducts regular security audits to identify and fix any security vulnerabilities in its services.  

  • Galooli discontinues the processing of information that is no longer deemed necessary. In such cases, every reasonable measure is taken to ensure that the information remains inaccessible through conventional means, even including the restoration process utilizing backup facilities. 

Galooli Security Layers

Unit Protection

Login

 Protocol Between
Clients and Server

System Architecture

Development

General

 

Propriety protocol between on-site units to servers

  • Optional - HTTPS secured communication between unit to server

Password managing

  • Date

  • Complexity (length & combination

  • Controlling use (specific dates and times) time according to clients preference  

  • After five incorrect password attempts, a temporary block is placed on the user

 

Token based connectivity

 

Server systems are departmentalized, with different secured VPCs without the possibility of accessing DB 

 

Separated environment for test and production  

ISO 27001

Optional adding Private APN/ Restricted APN

  • Communication only between the Sim card and the connecting

SSO Login

  • Identifying users with Google/ Microsoft/ App Microsoft


Fully secured client-server communication - HTTPS

AWS environment 

  • Fully complying with security regulations and SOC

 

GDPR 

ID to every unit

  • Only allowed devices can connect

Recapture V3

  • Anti-automation

 End Clients installed applications are fully signed

Replicating the systems in case of an emergency

 

 

Audit trail

  •  Monitoring and recording user actions in every part of the systems

  • Security logs and events in real-time security events in the system

IDP Engine

 


All emails from the Galooli system sent only from
"no-reply.galooli.com"

 

 

 

RBAC

  • Rolled-based access control to every user in the system

 Allowed IPs

  • Option to login into the system exclusively through the internal network of the organization

 

 

 

 

Access & Security Configuration

Galooli allows its users to easily set Access and Security Settings. For further details see the following links:

Access & Security

Permission Management

Security & Privacy FAQ

Question

Answer

“What security and privacy measures has AWS implemented to protect customer data, and how does their Data Processing Agreement (DPA) relate to GDPR compliance?”

AWS has implemented a comprehensive set of security and privacy measures to protect customer data, including data encryption, access control, and audit logging. AWS also offers a Data Processing Agreement (DPA) that incorporates AWS's commitments as a data processor under the GDPR.

"What are the storage requirements for personal data under the GDPR, and how does it relate to the protection of EU residents' personal data?"

The GDPR does not specify where data must be stored (although it does require that data controllers take appropriate measures to protect the personal data of EU residents).

“What is the level of GDPR compliance in AWS data centers located in the US, especially in North Virginia, and where can I find up-to-date documentation on this matter?”

All AWS data centers are compliant with DGPR, including the ones in the US in general, and North Virginia in particular. See for example this up-to-date White Paper by AWS:

https://www.dataprivacyframework.gov/s/article/FAQs-EU-U-S-Data-Privacy-Framework-EU-U-S-DPF-dpfhttps://aws.amazon.com/blogs/security/customer-update-aws-and-the-eu-us-privacy-shield/

Navigating GDPR Compliance on AWS - AWS Whitepaper (amazon.com)

“What kind of information Galooli processes? “

The kind of information Galooli processes is detailed in Galooli's Privacy Policy, especially in the sections “Data,” and “Data Collecting.” The latter reads: "Data is collected under the legitimate business interests of the Asset Owner to enable it to monitor aspects such as, but not limited to: Asset Location, Fleet Optimization, Road and Driver Safety, Environmental Impact, Fuel Usage, Power usage."  

  • No labels