Subscribe for Updates
Sign up to get Apptrack Asia news and resources straight to your inbox.
© Copyright 2018 Apptrack Asia Ltd. All rights reserved.
How AppTrack Asia respects and is committed to protect personal data
AppTrack Asia’s Data Protection Principles
In addition to our duty of confidentiality to you as Data Subject, we will at all times fully observe and comply with the Ordinance in collecting, storing, maintaining, using and processing your personal data. Therefore, we observe the following principles, save otherwise appropriately agreed by you:
What Personal Data Do We Collect
AppTrack Asia may collect the following (without limitation) types of personal information from you:
Why Do We Collect Your Personal Data
The purposes for which your personal data are collected and used may include (without limitation) one or more of the following purposes (“Purposes”):
We will not knowingly or intentionally use, share or sell your personal data in ways which are unrelated to the above Purposes without your prior consent.
Transfer of Your Personal Data
AppTrack Asia may transfer your personal data to third parties such as cloud providers or servers to process, store and use the personal data as may be necessary for any of the Purposes. AppTrack Asia will disclose personal data when required by law including, without limitation, the Ordinance, court order or a request of law enforcement agencies or regulatory authorities. When transferring personal data to a third party, your personal data will only be transferred to such a third party that respects privacy and is under a duty to keep your data confidential.
If transfer of personal data outside Hong Kong is needed in order to carry out the Purposes or directly related purposes, for which the personal data were collected, the transfer will be performed in a manner in full compliance with the requirements under the Ordinance.
Security and Protection of Personal Data
A major challenge for any Software-as-a-Service (“SaaS”) product is to release secure products while maintaining a healthy speed to market. Our goal is, and always has been, to achieve the right balance between speed and security. Key principles guiding us are:
Here are some of the methods we use to protect your data:
Encryption and Key Management
All data you send to AppTrack Asia (and vice versa) is encrypted in transit.
In its most basic form, encryption is the process of scrambling data to make it unintelligible. When data is encrypted, the sender and receiver (in this case, AppTrack Asia and you, the Data Subject) are the only people that can decrypt the scrambled information back to a readable condition. This is achieved by ‘keys’, which grant only the users involved access to modify the data to make it unreadable and then readable again.
Put more simply: encryption is like translating your information into a language only you, the Data Subject, and AppTrack Asia knows, and more importantly, a language which a cybercriminal cannot translate.
AppTrack Asia uses the Transport Layer Security (TLS) protocol. It allows both sides (AppTrack Asia and you, the Data Subject) to authenticate the Data Subject’s identities and prove that we are who we claim to be. It also encrypts our communication, ensuring no third-party can read or tamper with the data you, the Data Subject, sends to AppTrack Asia.
AppTrack Asia also supports Perfect Forward Secrecy (PFS). Consider PFS the cybersecurity equivalent of the Cone of Silence. In the encryption system we described above, your information is safe until an attacker gets hold of the server’s private key. Once the private key is no longer private, the attacker can now decrypt all historic data.
In Perfect Forward Secrecy, the key exchange is ephemeral. If a hacker got hold of AppTrack Asia’s private key, they still wouldn’t be able to read the Data Subject’s historic information.
And finally, AppTrack Asia’s infrastructure is implemented with industry-leading services like Amazon Web Services (AWS). AWS is SOC 1 audited, and encrypts all data sent to it.
AppTrack Asia’s approach to vulnerability management starts before a single line of code is written.
Our testing approach spans the planning, development, and testing phases, with each test building on previous work and getting progressively tougher.
In the development phase, we focus on code scanning to remove any functional and readily identifiable, non-functional security issues.
In the testing phase, our development and QA team switch to an adversarial approach, deliberately attempting to break features using automated and manual testing techniques.
AppTrack Asia uses the git revision control system. Changes to AppTrack Asia’s code begins in the development server, where it goes through a suite of automated tests. Once code pass the automated testing, the changes are then pushed to a staging server for other AppTrack Asia’s employees to test. Only code that has passed both rounds of tests can be deployed to our customer-facing platform.
We also add a specific security review for particularly sensitive changes and features. AppTrack Asia engineers have the ability to “highlight” critical updates and push them immediately to production servers, bypassing the staging phase.
We have a comprehensive backup regime.
In addition to platform-wide resiliency, we also have a comprehensive backup program. Daily automated backups are taken everyday and sent to secure SOC 1 audited data centers via Amazon S3. We run backup fire drills monthly to simulate a disaster and its data recovery procedures.
As much as securing our product is a priority, we also understand the importance of being conscious of the way we conduct our internal day-to-day operations.
AppTrack Asia’s customer success and support teams will only access personal data when necessary to resolve an open ticket or during the implementation process.
Being a SaaS solution, our customers are responsible for ensuring the appropriateness of user access to their data. We understand the classification of the data that goes into the system, and ensure users that have access to the system are authorized to access that data.
Role-based authentication makes it easy to align with access restrictions that may need to be imposed to comply with data handling and classification requirements.
We also encourage good password hygiene, which mitigates common threats like password guessing and malicious parties using leaked credentials.
If we intend to use your personal data (including your name and contact details) collected from you for direct marketing purposes (e.g. to send you marketing communications about news, offers or promotions in relation to the Services), we will first obtain your consent (or an indication of no objection) before doing so.
If we intend to provide your personal data (including your name and contact details) collected from you to third parties for their use in direct marketing, we will first obtain your consent (or an indication of no objection) before doing so.
You may opt-out from receiving marketing communications from us at any time, free of charge by:
Our Commitment to Children’s Privacy
Protecting the privacy of children is our primary concern. Hence, we will not knowingly collect or maintain personal data in our database from persons who are under 16 years of age without prior consent from a parent or guardian.
We do not bear any responsibility as to the contents available on other websites or your personal data or information being collected by any other websites linked to our website. Linking or access to and use of such other websites is at your own risk and subject to any terms and conditions applicable to such access or use.
We use “cookies” in order to enhance your experience of our website. For the sake of clarification, a cookie is data sent from a website and stored in a user’s web browser while the user is browsing that website. Following, the browser sends the cookie back to the website server to notify the website of the user’s previous activities, preferences and browsing patterns. Cookies do not include your personal data. However, once you choose to furnish the website with your personal data, such data may be linked to data stored in the cookie. We only obtain this information when you choose to provide it to the website. If you do not wish to accept cookies, you can set your browser to disable cookies or inform you when they are set or stored.
Access and Correction of Personal Data
You can request for access to personal data and or update or correct your personal data by sending a request to our privacy officer by email at firstname.lastname@example.org or in writing to Unit B, 28/f, Entertainment Building, 30 Queens Road Central, Hong Kong.
We will take reasonable steps to verify your identity before granting access or making corrections to your personal data to protect your privacy and identity.
No Limitation of Rights
Nothing in this Statement shall limit your rights under the Ordinance.
Notice to Users, Interested Persons and Others Relating to the Ordinance
From time to time, it is necessary for interested persons to supply us with data in connection with our provision of services. Failure to supply such data may result in our being unable to provide any Services.
Change to Statement on Personal Data Protection
We may change this Statement from time to time. We encourage you to check our Statement on Personal Data Protection occasionally to ensure that you are aware of the most recent version.
How to Contact Us
If you have any questions or concerns about AppTrack Asia’s Personal Data Protection including our data policies and practices, you may contact our data protection officer by email at email@example.com or in writing to Unit B, 28/f, Entertainment Building, 30 Queens Road Central, Hong Kong.
By accessing this website and/or any of its pages, you are agreeing to the terms of our Statement on Personal Data Protection set out above.