At Aerobotics information is key, so we consider the security of our systems a top priority.
We have members of our team who are dedicated to securing our systems, processes, and controls. The team is made up of senior staff from different areas of the business to drive cross-team vigilance and constant improvement.
Our main objective is to prevent any unauthorized access or use of our customer’s information.
We use reasonable administrative, logical, physical and managerial measures to safeguard information against loss, theft and unauthorized access, use and modification. These measures are designed to provide a level of security appropriate to the risks of processing our customer’s personal information, but even reasonable security measures may not prevent all incidents from happening.
We make sure that the staff who have access to sensitive information are limited to only those people who need access to do their jobs. We review access levels quarterly.
Staff who have access to customer information know how to handle that information reasonably and conservatively to ensure we mitigate against incident risks.
We use Okta which allows us to manage and secure user authentication into the applications we use and allows our developers to build identity controls into applications, web services and devices.
Where is the data?
Customer data is stored on Amazon Web Services (AWS) servers in the USA. AWS is an industry-leading provider of secure computing infrastructure with stringent security measures. To learn more about the security procedures employed by AWS, please read their security documentation and compliance documentation.
Aerobotics has an internal incident response plan which our staff will follow in the event of any security incident or potential incident. All security incidents are reported to our Information Officer and managed by relevant team members.
Our operations head office in Cape Town, South Africa is secured by CCTV cameras and a top of the line security system.
Awareness and training
Aerobotics understands that effective security is dependent on our staff, so we make sure our staff undergo information security awareness training. Additionally, all staff are obligated to abide by the Aerobotics privacy and security policies.
Under the EU General Data Protection Regulation (GDPR) and the Protection of Personal Information Act No. 4 of 2013 (POPIA), you, as a data subject, have a right to make an “access request” which entitles you to:
- ask us to confirm if we hold personal data about you;
- copies of records of personal data that we hold, share or process about you;
- know the period of time for which your personal data will be stored;
- know the identity of any third parties your personal data is shared with;
- know the logic of automatic data processing (if used), and the consequences of any profiling; and
- any other information relating to your personal data.
In order to deal with an access request, we may ask for proof of identity and enough information to enable us to locate the personal data that you request. For any access requests, please contact us in writing (via email) to exercise your right to request the information described here, along with proof of your identity to firstname.lastname@example.org.
We will acknowledge receipt and we will respond to your access request within 30 (thirty) days of receiving the necessary information from you, where possible.
If you have discovered any vulnerability in our system security, please report it with sufficient details directly to email@example.com.