Technical Security Measures Policy

Last modified at January 27, 2019

Top Floor Inc. (“Company”) takes data security and protection seriously and has created this security policy to let you know the practices we take in safeguarding personal data processed through our services and apps.

System Control:

Company’s database is accessible only by designated employees and solely through secured channels and personal authentication. The Company uses AWS servers which solely authorized employees may access the servers by using a designated password and user name protections. Remote access and wireless computing capabilities are restricted and require that both user and system safeguards, including VPN protection or similar security level. The systems are also protected and.

Physical Access Control:

The Company offices are secured by locks, alarms and identifying card keys and chips, further, the office building is secured 24/7 by personal and cameras. The office building allows solely authorized visitors to enter. AWS also secures the servers, for more information see here.

Data Access Control:

The access to the personal data is restricted to solely the employees that “need to know” and is protected by passwords and user names. The Company audits any and all access to the database and any authorized access is immediately reported and handled.

Organizational and Operational Security:

The Company educates its employees and service providers, and raises awareness, risk and assessment with regards to any processing of personal data. Company implemented internal security policies and it is the responsibility of the individuals across the Company to comply with these practices and standards. Internal security testing is done on a regular basis. All hardware and software are secured by anti-malware software, firewalls, etc.


Transfer Control:

The purpose of transfer control is to ensure that personal data cannot be read, copied, modified or removed by unauthorized parties during the electronic transmission of these data or during their transport or storage in the applicable data center. Further, any and all transfers of the data (either between the servers, from client side to server side and between Company’s designated partners) is secured. The Company servers are Shield certified, as detailed here. Further, all partners receiving data are signed on data processing agreements or data transfer agreements binding them to adhere the same level of security as the Company.

Availability Control:

The Company’s servers include an automated backup procedure.

Job Control:

Employees, service providers and consultants are all signed on binding agreements all of which include applicable data provisions and data security obligations. Employees are bound to comply with this Security Policy in addition to internal security policies and procedures and breaking or not complying with such shall result in disciplinary actions. To ensure the employees stay educated and up to date with applicable policies and legislation the Company holds annual compliance training which include data security education.  

Data Retention:

Please see our retention policy in our privacy policy: