RDP – Rogue Data Protection Policy
1. Scope
This policy applies to all employees, contractors, and third parties who handle data on behalf of Rogue Cybersecurity AS, particularly in relation to network diagrams, IP addresses, logs, telemetry data, and attachments for support cases.
2. Data Collection
We collect only the data necessary for providing cybersecurity consultancy services, including:
- Network diagrams
- IP addresses
- System and application logs
- Accounts and credentials
- Telemetry, attachments and documentation for support cases
- Personal identification information (name, email, phone number, etc.)
3. Data Usage
Collected data is used for:
- Providing and improving cybersecurity support
- Analyzing and addressing security incidents
- Providing better future communicating with you (the client)
- Administrative and billing purposes
- Ensuring compliance and SLA expectations
4. Data Storage
The supplier has a duty of confidentiality regarding all information that the customer provides to the supplier in connection with the agreement.
5. Data Retention
5.1 Disputes that arise between supplier and customer must be resolved through negotiations.
5.2 If negotiations are not successful, the dispute can be brought before the ordinary courts.
6. Applicable Law
The agreement between supplier and customer is subject to Norwegian law.
7. Data Security Measures
To protect personal and consultancy-related data, Rogue implements the following security measures:
- Encryption of data in transit and at rest
- Regular security audits and vulnerability assessments
- Employee training on data protection and security practices
- Access controls to limit data access to authorized personnel only
8. Non-Disclosure
All employees, contractors, and third parties are required to sign a non-disclosure agreement (NDA) to protect confidential information, including network diagrams, IP addresses, logs, and other sensitive data. Unauthorized disclosure of such data is prohibited and will result in disciplinary action.
9. Data Breach Response
In the event of a data breach:
- We will promptly identify and contain the breach
- Affected individuals and clients will be notified without undue delay (up to 72 hours)
- We will conduct a thorough investigation to determine the cause and prevent future breaches
10. Policy Updates
This policy will be reviewed annually and updated as necessary to ensure compliance with relevant laws and best practices. Any changes to the policy will be communicated to all employees and relevant stakeholders.
Contact Information
For questions or concerns regarding this policy or data protection practices, please contact: dpo@rogue.no
By adhering to this Data Protection Policy, Rogue Cybersecurity AS aims to protect personal and consultancy-related data effectively and maintain trust with our clients and partners.
– Rogue Cybersecurity AS – Org.nr: 933 309 509 – Last updated: September, 2024