Security policy
The Vevi Clinic team is aware of the importance for you of the security of your data and those of your customers. That is why from the first moment we have opted for a platform in the cloud. You will no longer have to worry about keeping your computer virus free, updating your system and applications every day to patch security issues, backing up your data, etc. Instead, our team of experts takes care of these and many other tasks that you need to perform every day to ensure the security of your data. Once you start using Vevi Clinic, your only concern will be to remember your password ;-)
ISO 27001 certified company
- Vevi Systems S.L. has an information security management system certified in accordance with the ISO/IEC 27001:2013 standard by Applus+.
- You can download the certificate here.
Secure platform
- Vevi Clinic is a product developed by security experts, who from the first moment we have been aware of the usual problems of this type of platform
- Unlike other products, all the personnel involved in the development of Vevi Clinic are computer engineers with years of experience in software development and security in applications and systems.
- We periodically audit the security of our platform, and keep all the components of it up-to-date at all times, avoiding the presence of known security flaws.
- Our role-based access control system allows you to also manage which of your employees or customers have access to your data and under what conditions.
Secure access
- Access to our platform requires user authentication through a password. We follow widely accepted procedures for the management and safe storage of passwords, the management of user sessions and the prevention of brute force attacks.
- Our staff never access your data unless you request it or it is strictly necessary to guarantee the service.
- Thanks to the use of HTTPS, all the information that you upload or consult in the platform travels totally encrypted by Internet, safe from manipulation or theft. We use the most current security algorithms and practices to protect your communication with our platform.
Your data safely
- Vevi Clinic is hosted on the Amazon Web Services platform, the main Cloud provider today.
- The security of a hosting of such characteristics is much greater than that of a hosting provider to use, or in general to which you can keep in your facilities.
- The Amazon AWS data centers follow strict security practices, and have numerous prestigious certifications that demonstrate this, such as ISO 27001, PCI (Payment Card Industry) or DSS (Data Security Standard), among others. If you are interested in knowing more details about how Amazon manages the security of your data centers, you just have to visit the information they have available: http://aws.amazon.com/es/security/.
- We make daily backup copies of all your data, so you never lose the information you need. We store the copies redundantly, and transmit and store them encrypted so that only Vevi Clinic staff duly authorized can access them when necessary.
- Both Vevi Clinic and the AWS platform comply with the General Data Protection Regulations (RGPD), which ensures the correct treatment of your data by our systems and employees, in accordance with current legislation in the European Union, which facilitates the compliance with these regulations in your company.
Your data is yours
- We have a firm commitment to the privacy of your data. We do not give anyone the information you upload to the platform, nor do we use it for any other purpose unrelated to the operation of Vevi Clinic.
- You can have your data at any time through the platform. And if you want, we provide them in a more convenient format for you to keep or take them whenever you want.
- All your data is hosted on servers located in the European Union (currently Amazon maintains its servers in Ireland), your privacy being guaranteed by the European Data Protection Directive (Directive 95/46 / EC and Regulation CE 1882/2003) , in accordance with the recommendations of the Spanish Agency for Data Protection (AEPD) regarding the contracting of services in the cloud.
- You can delete or edit your data at any time from the platform itself. And you can contact us if you want to recover some data that you have deleted by mistake, or if you want us to delete your data from the backup copies.
Responsible incident management
- Despite all the efforts we make every day to avoid it, we are aware that incidents of an accidental or intentional nature may occur sooner or later, and we are prepared to respond to them.
- We carry out a responsible management of the incidents, informing our customers of all those that may affect our service or their data, and indicating the nature of them, the measures taken to solve them, the estimated resolution time and, in case of occurrence , the damages caused.
- We maintain a contingency plan to respond in the shortest possible time to the incidents that may occur, minimizing their impact on the service.
And also, if you want to know more about our security policy, or ask us any questions or concerns, you just have to contact us.