SECURITY POLICY
We have implemented and maintain an Information Security Management System (ISMS) based on the ISO 27001 standard. The system takes into account our internal and external context as well as legal requirements.ISO 27001. System uwzględnia nasz kontekst wewnętrzny i zewnętrzny oraz wymagania prawne.
RESPONSIBLE DATA MANAGEMENT
In accordance with ISO 27001, we have appointed an Information Security Management System Manager and a Business Continuity Manager (in line with ISO 22301). A designated, certified Data Protection Officer ensures our compliance with GDPR regulations.ISO 27001 wyznaczyliśmy Managera Systemu Zarządzania Bezpieczeństwem Informacji oraz Managera Ciągłości Działania (zgodnie z ISO 22301). Za naszą zgodność z RODO odpowiada wyznaczony, certyfikowany Inspektor Ochrony Danych Osobowych.
BUSINESS CONTINUITY
Following the recommendations of ISO 22301, we have implemented a Business Continuity Program and a Disaster Recovery Program. We maintain both primary and backup centers located within the European Union. Regular recovery and continuity tests are conducted.
THIRD-PARTY SECURITY
We rely exclusively on vetted, reputable service providers. Compliance with security standards such as ISO 27001, ISO 27017, ISO 27018, ISO 22301, SOC 2, SABSA, PCI DSS, HIPAA/HITECH, and EU-U.S. Privacy Shield is required from our suppliers.ISO 27001, ISO 27017, ISO 27018, ISO 22301 SOC2, SABSA, PCI DSS, HIPAA/HITECH, EU-U.S. Privacy Shield.
SOFTWARE DEVELOPMENT PROCESS
Our software development process adheres to the Secured Software Development Life Cycle (SSDLC), maintaining a strict separation of development and production environments. We do not use customer data in testing, and systematic security testing is integral to our development practices.
SECURITY TESTING
We conduct regular, periodic penetration tests. These are independent of the security tests carried out during the software development process. Detected vulnerabilities are remediated, and root causes are analyzed to prevent recurrence.
DATA ENCRYPTION
Data entrusted to us is secure from the moment it leaves the client’s environment (in transit) and throughout its storage in our systems (at rest).
RELIABILITY
We have implemented monitoring solutions to ensure the availability of the Nais platform infrastructure and integrated services. The maximum allowable downtime for the system is only 49 minutes per month, providing 99.9% availability for Nais clients.
After the employee's participation in the program ends, his employee account is deactivated. The data is stored in accordance with legal requirements and data retention policy. However, the accumulated funds are still available as a private account.
User passwords are not stored openly or encrypted. We use modern, attack-resistant algorithms of the hash function with a unique “salt” added for each password.
No, the employer has access only to the aggregated data necessary for billing purposes. Details of the user's private activities remain confidential, and the employee has the ability to control what data is shared with the employer.
User data is processed in accordance with the provisions of the GDPR and on the basis of a data trust agreement concluded with the personal data administrator.
The Nais service operates in a certified data center in the Republic of Poland, compliant with ISO 22301, ISO 27001 and PCI DSS standards, guaranteeing 99.9% availability (which means a maximum of 49 minutes of downtime per month).
We integrate with multiple HRV, shopping and social platforms, making it easy for our users to top up and use shopping codes and participation points directly from the app without having to use gift codes.
The Nais service operates in a certified data center in the Republic of Poland, compliant with ISO 22301, ISO 27001 and PCI DSS standards, guaranteeing 99.9% availability (which means a maximum of 49 minutes of downtime per month).
Yes, the reports are tailored to the individual needs of customers. The data presented in the reports are integrated and anonymized to protect the privacy of program participants. It is also possible to create personalized reports.
The given name that identifies the user is his email or phone number.
Nais integrates with systems in a way that depends on the customer's needs and the customer's technical capabilities. Integration does not always include automatic transmission of data in real time, although we always strive to make this possible. The final decision is always up to the customer.
Yes, refundable funds accumulate in the user's account as agreed with the customer. Non-refundable funds remain in the user's account even after the end of cooperation with the customer. This requires the launch of a paid subscription.
Yes, there is such a possibility. NAIS does not charge commissions for such transfers.
The data between Nais and the customers are transferred in a secure and customised manner. We use various methods such as encrypted file transfer, secure data exchange between databases or integrations using a secure API. Each solution is individually tailored to ensure efficient and secure information exchange.
Yes, the employee is provided with the same functionalities in the mobile and web application.
Employees receive notifications in various forms, such as emails, push notifications in the mobile application or messages on the web platform. Notifications are sent automatically at key moments, such as funding your account, ordering a benefit, canceling it or having to renew the fee for a benefit purchased on your own. In addition, the system can generate targeted messages, e.g. about special employer actions or invitations to participate in surveys or challenges.
Nais: Real Solutions and a Proven Partner
Take a moment to work with us on solving your company's challenges.
e-mail:
hello@nais.co