The Legal Area

Usability rules about LutinX’ websites

Ethic, Respect and transparency

Information Security Exhibit

Our Legal office is at your service. Here you can find legal documents regarding the usability of our website and our products.

LutinX.com Information Security Exhibit

Last Update: 
July 26, 2024

LutinX has agreed to employ appropriate technical and organizational measures to protect against unauthorized or unlawful processing of Client Data (โ€œInformation Security Programโ€) and against accidental loss or destruction of, or damage to, Client Data. LutinXโ€™s Information Security Program shall include specific security requirements for its personnel and all subcontractors, LutinX, or agents who have access to Client Data (โ€œData Personnelโ€). LutinXโ€™s security requirements shall cover the below areas.

1. Information Security Policies and Standards. LutinXย will maintain information security policies, standards, and procedures. These policies, standards, and procedures shall be kept up to date and revised whenever relevant changes are made to the information systems that use or storeย Client Data. These policies, standards, and procedures shall be designed and implemented to:

    • Prevent unauthorized persons from gaining physical access to Client Data;
    • Prevent Client Data from being used without authorization;
    • Ensure that Data Personnel gain access only to such Client Data as they are entitled to access and that, in the course of processing or use and after storage, Client Data cannot be read, copied, modified, or deleted without authorization;
    • Ensure that Client Data cannot be read, copied, modified, or deleted without authorization during electronic transmission, transport, or storage and that the recipients of any transfer of Client Data utilizing data transmission facilities can be established and verified;
    • Ensure the establishment of an audit trail to document whether and by whom Client Data has been entered into, modified in, or removed from Client Data Processing;
    • Ensure that Client Data is Processed solely following the Clientโ€™s Instructions;
    • Ensure that Client Data is protected against accidental destruction or loss;
    • Ensure that Client Data collected for different purposes can be Processed separately;
    • Ensure that Client Data maintained or processed for different customers is Processed in logically separate locations;
    • Ensure that all systems that Process Client Data are subject to a secure software developmental lifecycle; and
    • Ensure that all systems that Process Client Data are the subject of a vulnerability management program that includes without limitation internal and external vulnerability scanning with risk rating findings and formal remediation plans to address any identified vulnerabilities.

2. Physical Security

    • Physical Access Controls. The LutinX Services are hosted in a data center located at nondescript facilities owned and operated by a third-party hosting provider (the โ€œFacilitiesโ€). Physical barrier controls are used to prevent unauthorized entrance to the Facilities both at the perimeter and at building access points. Passage through the physical barriers at the Facilities requires either electronic access control validation or validation by human security personnel. Employees and contractors are assigned photo-ID badges that must be worn while the employees and contractors are at any of the Facilities. Visitors are required to sign in with designated personnel, show appropriate identification, are assigned a visitor ID badge that must be worn while the visitor is at any of the Facilities, and are continually escorted by authorized employees or contractors while visiting the Facilities.
    • Limited Employee and Contractor Access. LutinXโ€™s hosting provider provides access to the Facilities to those employees and contractors who have a legitimate business need for such access privileges. When an employee or contractor no longer has a business need for the access privileges assigned to them, the access privileges are promptly revoked, even if the employee or contractor continues to be an employee of LutinXโ€™s hosting provider or its Affiliates.
    • Physical Security Protections. All-access points are maintained in a secure state. Access points to the Facilities are monitored by video surveillance cameras designed to record all individuals accessing the Facilities. LutinXโ€™s hosting provider also maintains electronic intrusion detection systems designed to detect unauthorized access to the Facilities, including monitoring points of vulnerability with door contacts, glass breakage devices, interior motion-detection, or other devices designed to detect individuals attempting to gain access to theย All physical access to the Facilities by employees and contractors is logged and routinely audited.

3. Organizational Security. LutinXย will maintain information security policies and procedures addressing:

    • Data Disposal. Procedures for when media are to be disposed of or reused have been implemented to prevent any subsequent retrieval of any Client Data stored on media before they are withdrawn from LutinXโ€™s inventory or control.
    • Data Minimization.ย Procedures for when media are to leave the premises at which the files are located as a result of maintenance operations have been implemented to prevent undue retrieval of Client Data stored on media.
    • Data Classification.ย Policies and procedures to classify sensitive information assets, clarify security responsibilities, and promote awareness for all employees have been implemented and are maintained.
    • Incident Response.ย All Client Data security incidents are managed by appropriate incident response procedures.
    • Encryption.ย All Client Data is stored and transmitted using industry-standard encryption mechanisms and strong cipher suites, such as AES-512.

4. Network Security. LutinX System is hosted in a data center located at nondescript facilities owned and operated by a third-party hosting provider. LutinX does not maintain an internal network. The LutinX engineering team makes use of industry-standard virtual private networks (โ€œVPNโ€) to manage infrastructure resources and access the LutinX System.ย 

5. Access Control (Governance)

    • LutinXย governs access to information systems that Processย Client Data.
    • LutinX System is hosted in a data center located at nondescript facilities owned and operated by a third-party hosting provider. LutinX does not maintain an internal network. The LutinX engineering team makes use of industry-standard virtual private networks (โ€œVPNโ€) to manage infrastructure resources and access the LutinX System.ย 
    • Only authorizedย LutinXย staff can grant, modify, or revoke access to an information system that Processesย Client Data.
    • User administration procedures are used byย LutinXย to (i) define user roles and their privileges; (ii) govern how access is granted, changed, and terminated; (iii) address appropriate segregation of duties; and (iv) define the requirements and mechanisms for logging/monitoring.
    • All Data Personnel are assigned unique User IDs.
    • Access rights are implemented adhering to the โ€œleast privilegeโ€ approach.
    • LutinXย implements commercially reasonable physical and technical safeguards to create and protect passwords.ย 

6. Virus and Malware Controls. LutinX protects Client Data from malicious code and will install and maintain anti-virus and malware protection software on any system that handles Client Data.ย 

7. Personnel

    • LutinX has implemented and maintains a security awareness program to train all employees about their security obligations. This program includes training about data classification obligations, physical security controls, security practices, and security incident reporting.
    • LutinX has clearly defined roles and responsibilities for employees.
    • Prospective employees are screened, including background checks for Data Personnel or individuals supporting the Clientโ€™s technical environment or infrastructure, before employment and the terms and conditions of employment are applied appropriately.
    • Data Personnel strictly follow established security policies and procedures. A disciplinary process is applied if Data Personnel fail to adhere to relevant policies and procedures.
    • LutinX shall take reasonable steps to ensure the reliability of any employee, agent or contractor who may Process Client Data.ย 

8. Business Continuity. LutinXย implements disaster recovery and business resumption plans. Business continuity plans are tested and updated regularly to ensure that they are up-to-date and effective.

LutinX and all subsidiaries would like to assist you with a better experience. If you have a specific question about the terms of use or the privacy regulation, you can contact us, pressing the close button.
CONTACT US