Sonn Technology Ltd. GDPR Compliance Brief:
A
- How is Sonn Technology Ltd. affected by GDPR?
At the time of writing, we have an internationally available website running WordPress 4.9.7 and an Avada Fusion Theme engine on top running version 5.4.2. There are plans to update to WordPress Version 4.9.8 and Avada 5.6.2 to ensure our plugins are compliant, as well as our underlying website and its components.
In addition, we have a two stage user sign up for people who wish to know more about our technologies. To obtain Explicit Consent we send an email requesting confirmation that the user wishes to proceed with the sign up. We also have to option for them to notify us, should the email arrive unexpectedly or if the user had a change of heart.
A
- What does Sonn Technology Ltd. do with the data it collects?
Currently, we do nothing with it. We only use the count of users to quantify interest our product, via total signups, should inquire. Currently we have no interest in using this information in any other capacity at this time.
Note: signups are protected by a plugin called WPBruiser (which is currently GDPR compliant), as well as by our signup process. (see Section 3 for further details)
A
- What does Sonn Technology Ltd. do to prevent a breach?
We have a two-phase active monitoring process:
- All logins by users or administrators to WordPress are logged in an email account that is monitored once a day.
- We currently have not access to the database from the Root OS. The authentication is private and not even written down anywhere. It is protected by a 2048-bit key.
A
- What are the breach practices of Sonn Technology Ltd., should one occur?
We use Amazon AWS (Route53, CoudFront, VPC, DNS, Domain Hosting, EC2 and S3), with a Bitnami stack build for WordPress. We will use the following information to contact Amazon to put a halt to any access to our VPC (Virtual Private Cloud) other than that of the DPO (Data Protection Officer) who will begin investigation.
AWS Notification Email: aws-security@amazon.com
We will then inform our user community within the GDPR required periods for notifications and updates.
A
- Does Sonn Technology Ltd. plan to use the information it collects for other uses?
Yes, a newsletter and other approaches are planned. When that phase occurs this brief and all that it speaks to will be updated at before going live.
A
REF Section 4: https://aws.amazon.com/security/vulnerability-reporting/