Standards and regulation
TAXOLOGY follows industry best practices regarding information security management.
TAXOLOGY is based in the European Union. The software system (“Protocol”) mostly processes data owned by organizations. However, any personal data, such as data belonging to individual using the software, is processed in accordance with GDPR, the European regulation governing the processing of personal data.
The infrastructure platform is hosted on Google Cloud Services (GCS). More information about specific infrastructure security measures is available at https://cloud.google.com/security/.
Data transmitted via TAXOLOGY’s “Protocol” software is always protected by a secure connection (HTTP with Transport Layer Security). This can be verified by any user by looking for the padlock icon in the browser when signing into their account.
If desired, any information and documents to be provided to TAXOLOGY can be sent via a secure file server, operated by TAXOLOGY (Secure File Transport Protocol).
Information uploaded to “Protocol” or sent to TAXOLOGY in other ways will only be accessible to your organization, to our fiscal specialists when preparing and filing claims, and to our service support staff if necessary. We will not share your data with other parties other than our service providers.
TAXOLOGY’s systems and network infrastructure have been designed to be secure against attackers. Authorized access to the network and servers is only possible through encrypted connections and accounts secured with multi-factor authentication (MFA). The security of the network and servers is regularly reviewed and updated according to industry best practices.
TAXOLOGY has constructed a security policy to ensure the computers of employees and contractors are secured appropriately. This includes that access is only granted with a strong password and that any data on the hard disk is encrypted by default. All user accounts are password protected. Users can choose their password. Passwords are hashed in accordance with industry best practices.
Only TAXOLOGY employees authorized to use and responsible for the data will have these passwords. People authorized to use the data will need to sign off on a confidentiality paragraph in their employment contract, subject to a (high) financial penalty upon a confidentiality breach. They will also need to commit to using strong passwords, using a combination of lowercase and highercase letters, numbers and symbols, and a minimum of six digits.
Data loss prevention
TAXOLOGY runs its software on a global infrastructure platform provided by Google Cloud Services. Google designs its platform to consist of independent regions and zones, where a failure in one data center should not impact others. Data stored in TAXOLOGY’s “Protocol” software will be backed up daily to at least two geographically different data centers.
In addition to this, all data backups will be encrypted and stored on the platform of a second, independent vendor (Backblaze). These additional backups will provide an additional layer of defense in case of severe disasters where access to Google Cloud Services platform is compromised or permanently prohibited.
Data breach protocol
In the unfortunate event that something goes wrong, TAXOLOGY will follow the following data breach protocol. Once a data breach has been discovered, TAXOLOGY will determine the impact of the breach and inform any affected clients. If necessary any affected services will be temporarily disabled to prevent further immediate damage.
Any evidence will be copied and stored and an investigation is launched. Once the causes are known the breach will be fixed and all services will be restored. Where possible, processes will be adjusted in a structural manner to reduce the likelihood of future breaches.