© 2010-2020 Juan Jimenez. All rights reserved.
Information that is collected
Our website may collect personal information such as: Name, contact information such as your email address and demographic information. Also when necessary, specific information may be required to process an order or make a delivery or billing.
Use of the information collected
Our website uses the information in order to provide the best possible service, particularly to maintain a registry of users, orders if applicable, and improve our products and services. It is possible that periodic emails will be sent through our site with special offers, new products and other advertising information that we consider relevant to you or that may benefit you, these emails will be sent to the address you provide and may be canceled. anytime.
JUANJIMENEZTJ.COM is highly committed to fulfill the commitment to keep your information safe. We use the most advanced systems and update them constantly to ensure that there is no unauthorized access.
A cookie refers to a file that is sent for the purpose of requesting permission to be stored on your computer, when accepting said file is created and the cookie then serves to have information regarding web traffic, and also facilitates future visits to a website recurrent. Another function that cookies have is that with them the web can recognize you individually and therefore provide you with the best personalized service on your website.
Links to Third Parties
This website may contain links to other sites that may be of interest to you. Once you click on these links and leave our page, we no longer have control over the site to which you are redirected and therefore we are not responsible for the terms or privacy or the protection of your data in those other third party sites. These sites are subject to their own privacy policies, so it is advisable to consult them to confirm that you agree with them.
Control of your personal information
At any time you may restrict the collection or use of personal information that is provided to our website. Each time you are asked to fill in a form, such as the user registration form, you can check or uncheck the option to receive information by email. In case you have marked the option to receive our newsletter or advertising you can cancel it at any time.
This company will not sell, assign or distribute personal information that is collected without your consent, unless required by a judge with a court order.
DATA PROTECTION POLICY
A main focus of our company is the protection of user data. All employees and contractors must comply with the following security policies, as well as sign and accept intellectual property agreements, confidentiality, non-disclosure and non-compete agreements. All the applications and services of JUANJIMENEZTJ.COM are obliged to follow the objectives of our company:
- Purge all unnecessary data as soon as possible, when they are not required by contract to maintain or required by law.
- Saving only the data that is necessary to perform our service.
- Hash / unidirectional encryption of all confidential data, such as the use of MD5 encryption, for example, so neither JUANJIMENEZTJ.COM nor the intruders can see the values.
- Secure protection of customer and end user data.
Report any problem or concern to firstname.lastname@example.org.
INFORMATION SECURITY POLICY
The user’s data must be protected against disclosure, modification and access by unauthorized persons. Must be:
- Insured at rest.
- Insured in transit.
- Destroyed safely.
Restrict physical access and login to authorized users only
- Keep updated software patches and antivirus software.
- Use host-based firewalls, ACL, VPN to block all unauthorized users when necessary.
- Perform regular security scans on computer systems, equipment and networks.
Real or suspicious security infractions related to the user’s data must be reported immediately to JUANJIMENEZTJ.COM by sending an email to email@example.com.
Web applications are subject to security assessments based on the following criteria:
- New or main application version: will be subject to a full evaluation before the approval of the change control documentation and / or the version in the real environment.
- Third party or acquired web application: will be subject to a full evaluation, after which it will be subject to the requirements of the policy.
- Launching points: will be subject to an appropriate evaluation level depending on the risk of changes in the functionality and / or the architecture of the application.
- The versions of patches: will be subject to an appropriate evaluation level depending on the risk of changes in the functionality and / or architecture of the application.
- Emergency releases: an emergency launch may waive safety assessments and assume the risk assumed until such time as an adequate assessment can be made. Emergency releases will be designated as such by the CEO, CFO, CIO or an appropriate manager to whom this authority has been delegated.
All security issues that are discovered during the assessments should be mitigated based on the following risk levels. Remediation validation tests will be required to validate the correction and / or mitigation strategies for any discovered problem of medium or greater risk level.
- High: Any high-risk problem must be resolved immediately, or other mitigation strategies must be implemented to limit exposure before implementation. Applications with high-risk problems are subject to being disconnected or denied in the real environment.
- Medium and medium risk problems should be reviewed to determine what is required to mitigate and schedule accordingly. Applications with medium risk problems can be taken offline or refuse to be released to the live environment depending on the number of problems and if multiple problems increase the risk to an unacceptable level. Problems must be resolved in a patch / point release, unless other mitigation strategies limit exposure.
- Low: The problem should be reviewed to determine what is required to correct the problem and be scheduled accordingly.
An employee who has violated this policy may be subject to disciplinary action, up to and including termination of employment.
Web app evaluations are a requirement of the change control process and must comply with this policy unless exempt. All application versions must go through the change control process. Any web application that does not comply with this policy may be disconnected until such time as a formal evaluation can be conducted at the discretion of the CEO, CIO and, if applicable, the Data Protection Officer (DPO).
Internal user access
- Only users who need to know have access to user data and system information.
- Secure passwords are required for all accesses.
- All access is limited.
- All user access must be approved by the CEO or CTO or CFO or DPO.
Physical access and protection: all data is in a data center that meets the following minimum requirements:
- 4/7 building guards and suites on site
- Turnstile blankets
- Badges and biometric checkpoints in all critical mission areas and entries
- Closed TV circuit
- Pre-action dry tube with double block
- Compliance standards and certifications
Compatible with SOC 1, SOC 2, HIPAA and PCI-DSS
DATA VIOLATION POLICY
Any person who suspects that a theft, violation or exposure of data or systems JUANJIMENEZTJ.COM has occurred must immediately contact firstname.lastname@example.org and call the office of JUANJIMENEZTJ.COM at 664.805.1817. The management team will immediately review and investigate the incident. As soon as the details and scope of any infraction are determined, JUANJIMENEZTJ.COM: rescind any person associated with the incident, implement an additional blocking and protection to avoid additional infractions, protect the data and notify the affected clients of the scope and Details of Non-compliance if applicable and appropriate to do so.
- In case of a high risk impact, JUANJIMENEZTJ.COM will notify the supervising authority within 72 hours of the infraction.
- If applicable, JUANJIMENEZTJ.COM will notify the subject of the data.