Privacy and data policy

To strengthen the individual’s rights to privacy, the European Union has established the General Data Protection Regulation (GDPR) or GDPR. To strengthen existing data protection guidelines, the GDPR defines guidelines for companies that

collect, store and process personal data. The European Union regulation applies to companies that process personal data of European residents.

Effective compliance takes data privacy and security requirements into account, regardless of where your company is located or in which industry you are active. At OutSmart we optimize the business value of our products and services by adhering to the recommended standards and policies. Our cloud software is therefore able to offer a robust and scalable structure for the safe processing of your data and that of your customers.

In line with the General Data Protection Regulation (AVG), we have taken a number of measures to guarantee your privacy.

Het OutSmart Privacy & Data dashboard

A new functionality has been added to the web account: the Privacy & data dashboard. We have devised the dashboard to provide insight into all relevant privacy issues in one place. It offers the following:

  • overview which data OutSmart stores for you

  • enable / disable participation in email campaigns

  • IP whitelisting: determine at which locations the web account can be started

  • set the strength of the chosen password of all users within the account.

  • Download the general terms and conditions with processor agreement and the privacy statement

  • overview of the permissions that our Apps require

  • overview of integrations with third-party software

iOS en Android App

We have developed new Apps that work more safely than the last.

  • better login security (also support face-id and touch-id)
  • continuous synchronization between App and Web account
  • possibility to block App from the web account (eg in case of theft)

Each planner has its own username

Every user on the Web account must have his own login code, so that it is always possible to trace who has access to the system. You can also assign rights and roles to various users via User Management. As a user you are responsible for your own login details. Our advice is to document this towards your employees on paper. After all, you are responsible for data.

It is not possible to log in to multiple PCs at the same time with the same username.

Custom conditions

With AVG in mind, we have adjusted the following documents:

Security Management Policy

The OutSmart Security Management policy is based on ISO 27001. This is the general standard for information security, which is generally accepted. Compliance with security procedures is monitored by the security coordinator, who reports directly to the OutSmart management.

Physical security

All systems in the OutSmart infrastructure are located in rooms that are protected against physical access by unauthorized persons. For this, use is made of an access control system that is linked to a burglary protection system. The aforementioned spaces are also equipped with 24 x 7 security, emergency power provisions and fire extinguishers, which means that calamities are excluded as much as possible.

Logical security

The logical security of the OutSmart network is set up in accordance with ISO 27001. OutSmart guarantees the confidentiality of the content of the data and the protection of the personal data being processed.

Confidentiality & ownership of data

OutSmart provides accountability as agreed in the processing agreement with regard to confidentiality and adequate protection of personal data and data. Upon termination of the processing of personal data of customer by OutSmart, OutSmart will remove all personal data of customer and existing copies thereof within 3 months.

Security beleid

OutSmart recognizes the importance of very strict security of its environment. OutSmart keeps itself regularly informed of the latest information about security. The management team of OutSmart is ISO 27001 certified and ensures optimum security If the infrastructure is affected by a security incident (priority P1), OutSmart will discuss what the steps to take are, if necessary patches will be installed in the short term. If this interrupts the OutSmart service, users will be notified without delay.

TIER 3 Data Centers

OutSmart’s fault tolerant systems are hosted by Equinix Amsterdam Data Centers. They are located near the internet node in the Netherlands and have multiple redundant access to the internet. The locations are located in an office environment without risky activities. The locations are also above N.A.P. (Normal Amsterdam Level). Separate rooms (private suites) are available in the data centers. Access to the suites is regulated by an electronic pass system. The racks in the suites also feature numeric code locks that can only be opened by authorized employees.

Both data centers are selected and certified according to the following international standards:

  • Security Management ISO 27001

  • Quality Management ISO 9001

  • Environmental Management ISO 14001

  • Energy Management standard ISO 50001

  • SSAE16 and ISAE 3402 certified

  • Health and safety management OHSAS 18001: 2007