The Security Policy establishes the guidelines and principles established by aTurnos to ensure the protection of information, as well as compliance with the defined security objectives, thus ensuring the confidentiality, integrity and availability of information systems and, of course, ensuring compliance with all applicable legal obligations.
The management of aTurnos, aware of the importance of information security in the workplace, assumes and provides the following commitments with respect to the Information Security Management System (ISMS):
To this end, management will ensure that aTurnos personnel comply with regulations, policies, procedures and instructions relating to information security.
Through the development of its Information Security Management System, aTurnos aims to ensure the following security objectives:
To ensure the correct performance of the Management System and to comply with the established objectives and requirements, aTurnos management has appointed an ISMS Manager and a Security Committee that will ensure compliance with the guidelines set out in this policy.
When accessing our website, aTurnos collects certain information about you such as the User or email. If you visit our website to manage your shifts/workdays schedules and visualize your co-worker's, we collect and storage only the following information about you and your team, which we will never share with third parties except in the case of the existence of a specific contract with the client or the set integration with others established by the administrator of the team. The information aTurnos automatically has about you is:
1. The login email to access the system.
The date and hour of access to our website and the user's check-ins/outs.
The shifts that you or the Administrator have registered on the system. Rather it was in an automatic or manual way.
4. Your phone number to be shared with your co-workers, which is not mandatory.
If you identify yourself by sending an email with your personal details, such information is collected and it would only be used to reply your message.
There are also some details which are not mandatory but might be useful to your co-workers such as your phone number or your social media accounts, and which would never be given to third parties by aTurnos and would only be initialized under the user's request.
Since it is a collaborative system and you have previously validated your account via email, you allow other users of your service within the same shift to see your shifts details and the personal information shared, which will only be accessible to this group.
The collected data is for statistical purposes. aTurnos can use a software to make statistical overviews, for example with the purpose to review the number of viewers of the different sections of our website. This way it can be learned which information is more or less interesting, determine technical details for the layout of the website and the performance of the identification of the system or the defective areas.
Because of the site's security reasons and to ensure the availability of this service to all the users, aTurnos uses software to monitor the net traffic to identify unauthorized attempts to obtain or change informations, or to cause damage.
aTurnos will not obtain your personal identification data when you visit our website, unless you decide to give us such information, nor the information sold or transferred to third parties without the user's approval.
Minor's information (under 16) is not accepted.
Any transaction of your information, such as your social media has to be validated by you on the settings options of your account, never by default.
aTurnos offers many tools that can improve the management of personnel exponentially but it is important that you protect the security of communications, for this we force the use of the HTTPS protocol for the encryption of communications between your terminals and aTurnos servers. In addition, we recommend you make a correct use of your password without sharing it with third parties, define it in a robust way not using familiar words, not only using numbers and letters, or personal information.
aTurnos servers are located in Ireland within EU legislation, are hosted and replicated in the structure of Amazon Web Service (AWS) where daily backups of the data are made. AWS has obtained ISO 27001 certification and has been successfully validated as a Level 1 service provider in accordance with the Data Security Standard (DSS) of the payment card industry (PCI Card). AWS undergoes SOC 1 audits each year and has received a satisfactory evaluation at the Moderate level corresponding to federal government systems, as well as level 2 DIACAP for DoD systems.
Group Conversia has audited aTurnos software and corroborates that it complies with the following aspects of RD 1720/2007: Security Document, Responsible for treatment, Services provided without access to personal data, Work regime outside the premises of the location of the file, Functions and obligations of personnel, Incident registration, Access control, Media and document management, Identification and authentication, Backup and recovery copies, Access to data through communication networks, File criteria, Storage of information , Custody of supports, Access registry, Telecommunications
The aTurnos system is stored in Amazon Web Service (AWS) EC2, which offers a very reliable environment in which replacement instances can be sent quickly and in advance. The service runs in Amazon's accredited data centers and network infrastructure. The commitment of the Agreement at Amazon EC2 services level is 99.95% availability in each Amazon EC2 Region.
Management will ensure that the ISMS and the Shift Security function have the necessary resources for its proper functioning and compliance with the stated objectives.