Data Protection Policy

Commitment To Data Protection

RAF IT INFRASTRUCTURE is committed to protecting the data entrusted to us by clients, partners, and users. We treat data protection as a core responsibility and apply technical and organizational measures to keep data secure throughout its lifecycle.

Data Processing Principles

• Lawfulness, fairness, and transparency in how we handle data.
• Purpose limitation — data is used only for legitimate, specified purposes.
• Data minimization — we collect only what we need.
• Accuracy — we take steps to keep data accurate and up to date.
• Storage limitation — data is retained only as long as necessary.
• Integrity and confidentiality — data is protected by appropriate safeguards.

Access Control

We apply least-privilege access principles. Access to data is restricted to authorized personnel based on role and necessity, protected by strong authentication including multi-factor authentication where appropriate, and reviewed periodically.

Encryption

We use industry-standard encryption to protect data in transit and at rest, along with secure key management practices, to reduce the risk of unauthorized access.

Infrastructure Security

Data is hosted on secured, reputable cloud infrastructure with network segmentation, firewalls, hardened configurations, and continuous monitoring. See our Security Policy for more detail.

Incident Response

We maintain incident response procedures to detect, contain, investigate, and remediate data security incidents. Where required, we notify affected parties and authorities in accordance with applicable law.

Employee Responsibilities

Our personnel are expected to handle data responsibly, follow security and confidentiality practices, and complete relevant training. Access to data is granted only as needed to perform assigned duties.

Vendor Security

When we engage third-party vendors that process data on our behalf, we select reputable providers and require appropriate confidentiality and security commitments to protect the data they handle.

Compliance Standards

We align our data protection practices with applicable laws and recognized security standards, and we continuously improve our controls as requirements and best practices evolve.