Help Center

# 🔒 Information Security Practices

# 1. Introduction

These security practices establish the internal guidelines,
control processes, audits and compliance measures adopted by Envone SRL,
with the objective of guaranteeing high standards of confidentiality, integrity and availability
of the information towards clients, users, providers and third parties.

# 2. Regulatory Compliance

  • Envone SRL commits to comply with the current regulations regarding data protection and cybersecurity.
  • Depending on the jurisdiction and the type of service, regulations such as the following will be observed:
    • GDPR (EU) – General Data Protection Regulation.
    • Law 25.326 (Argentina) – Personal Data Protection.
    • CCPA (California Consumer Privacy Act), among others.
  • These practices may be updated periodically to adapt to regulatory changes or new international standards.

# 3. Standards and Certifications

  • Envone SRL aligns its processes with internationally recognized security standards, such as:
    • ISO/IEC 27001 (Information security management).
    • SOC 2 (Controls for security, availability and confidentiality).
    • PCI-DSS (Payment card data protection, when applicable).
  • These standards may be implemented directly or through certified infrastructure providers.

# 4. Internal Management and Training

  • All personnel receive periodic training in cybersecurity and data protection.
  • Accesses to critical information are managed under the principle of least privilege and are periodically reviewed.
  • Control measures are applied to prevent incidents of phishing, data leakage and unauthorized access.

# 5. Provider and Third Parties Management

  • Providers that process sensitive information must accredit equivalent security practices.
  • Envone SRL may require evidence of compliance (audits, certifications or security reports).
  • Security incidents reported by a third party must be communicated to Envone SRL immediately.

# 6. Incident Response

  • In case vulnerabilities, data leaks or improper uses are detected, Envone SRL will apply its incident response protocol.
  • Affected users and competent authorities will be notified, when required by the applicable regulation.
  • Envone SRL will not be responsible for incidents caused by negligence of users, providers or circumstances beyond its reasonable control.

# 7. Audits and Continuous Review

  • Internal audits and periodic technical reviews are carried out on critical systems and processes.
  • Envone SRL may hire independent external auditors to validate the effectiveness of its controls.
  • Relevant results may be shared with clients or authorities when required by law.

🛡️ Information Security Policy