Security Policy

The purpose of this Data Security Policy (“Policy”) is to describe www.happypins.net security policy regarding customer information, including without limitation personal information collected and processed by happypins’s online services.

Specifically, this Policy is intended to identify happypins’s policies, procedures, and auditing and training practices utilized for data security, and our resulting responsibilities to protect personal information from loss, misuse, unauthorized access, disclosure, alteration and destruction.

Personal Information

www.happypins.net provides its customers with online data processing services. In this capacity, we do not own or control any of the information we process on behalf of our customers; all such information is owned and controlled by our customers. This customer information is stored in a secure facility of a third-party independent data processor service provider on hardened systems using industry standard data security methods. Access to this information is restricted to authorized personnel only as dictated by operational policies.

www.happypins.net also collects personal information from identifiable persons for purposes of product registration and support, and to complete transactions. This information may be stored on happypins’s internal computer network or in offline filing systems. Access to this information is restricted to authorized personnel only as dictated by operational policies.

Approach to Security

The following sections describe happypins’s comprehensive approach to ensuring enterprise-wide compliance with its Policy. This consists of four (4) major areas: Security, Personnel Education, Audits and Contracts.

Security

Security of data is the cornerstone of verifying privacy of data. www.happypins.net maintains a rigorous security posture through focused methodology. It is founded on the implementation of best practices and security policies in five (5) major areas providing enterprise wide coverage including:

Regulatory Controls
Organizational Controls
Service Provider Controls
Standardized Process and Practices
Business Partner Controls
Key policies in place that contribute to the verification and compliance with the Policy are:

Awareness and Training
Personnel Practices
Administrative Roles and Responsibilities
Computer, Email and Internet Use Policies
Network and Telecommunications Security
Incident Detection and Reporting
Malicious Code Control (Antivirus)
Portable Computers
Logical and System Access
Physical Access
Remote Access
Firewall Management
Third Party Services
Software Licensing and Appropriate usage
Auditing and Monitoring
Data Classification, Confidentiality, Integrity and Availability
Policy Compliance
Operational procedures demonstrating compliance with the Policy are:

Change Control
Event monitoring
Data backup
System hardening
The above referenced policies and procedures are documented and available for review.

Our Personnel

Our personnel consist of employees and contractors.

Personnel Education

www.happypins.net regularly notifies and reinforces its Privacy And Cookie Policy with its personnel. This is done using the following process:

The Privacy And Cookie Policy is distributed company-wide via email quarterly and when updated.
The Privacy And Cookie Policy is displayed on happypins’s website.
At least once per year, the this Security Policy is presented and discussed at a company- wide meeting.
This Security Policy is prominently displayed in an a common area of the office.

Verification

This Security Policy is self-verified periodically by happypins’s Security Officer. The Security Officer is responsible for:

Ensuring that the policies, guidelines, internal procedures, personnel training, and other measures necessary to implement the Policy are developed and put into practice,
Working with happypins’s legal counsel to ensure happypins’s ongoing compliance with applicable privacy laws and agreements, as well as any of happypins’s other related legal obligations, and
Overseeing annual assessments of happypins’s internal and external practices to ensure that they conform to the Policy and related company obligations.
In addition, www.happypins.net, through its internal audit processes, conducts an audit of its security controls a minimum of once per year. This independent review assesses the physical security, network security and operational policies and controls in place to protect customer data. The latest copy of the security review is available to customers, personnel and prospects upon request.

Contracts

Prior to (i) processing any personal information on behalf of an individual or entity, or (ii) transferring any personal information, www.happypins.net requires contracts with data security provisions consistent with by this Security Policy.

As a condition of employment, all www.happypins.net