The privacy protection authority

Compliance with the Privacy Protection Authority’s Regulations
Meckano implements the strict requirements of the Data Protection and Privacy Protection Regulations under Israeli law

The Privacy Protection Authority in Israel

The Privacy Protection Authority is the regulatory, supervisory, and enforcement authority under the Privacy Protection Law, 5741-1981, and the Electronic Signature Law, 5761-2001.
Within this capacity, the Privacy Protection Authority is in charge of the protection of personal data in digital databases.
For this purpose, it implements regulations, including administrative and criminal enforcement, with respect to all entities in Israel, whether private, business or public, that have or process digital personal data.
The Privacy Protection Authority, as the watchdog for citizen’s rights with regards to the protection of personal data, sees its main purpose as promoting compliance with the data protection laws in every organization, business, and public body in Israel that manage personal data, so that they will manage the data in their possession properly, according to privacy protection laws.
Every company that stores and processes data about persons in Israel must register its database at the Ministry of Justice and comply with all of the privacy protection regulations.

Meckano implements the highest level of security under the Privacy Protection Regulations.
Moreover, the company complies with the GDPR and the Privacy Protection Authority’s regulations.

Familiarize yourself with the right to privacy

Smart identification

The system is accessed with a username and personal password.
Enforcement of standard rules regarding system passwords.
Automatic disconnect when there is inactivity.
Blocking login after several failed attempts.
Validity of passwords and rules for replacing them.
Use of Two Factor Authentication and an access code.

Log regarding security data

The company keeps a log of access and entry data and keeps this data for at least 24 months.
The company acts to prevent unauthorized access to the databases of the company’s customers.
There is an official and comprehensive procedure for preventing security breaches and a procedure for dealing properly with security incidents.

Risk surveys and penetration tests
We perform penetration tests and risk surveys twice a year to ensure proper security and protection against various security threats.

Communication between computers
Data is transferred between the customer and the system via the SSL encryption protocol and the use of digital encryption certificates.

Servers and storage

The company stores all of its systems on the
Google Cloud Platform combined with Amazon Web Services (AWS).
Therefore, the entire server environment complies with data security and privacy protection standards as specified in the following links:

Security, Privacy, and Cloud Compliance | Google Cloud | https://aws.amazon.com/security

Access permissions in Meckano’s system

Meckano allows a permissions management system for system admins, API users, team managers, departments, and employees,
so that it is possible to define access permissions and degree of exposure to the accumulated data according to the level appropriate for each user.
We recommend defining these access permissions appropriately for each user of the system.

The Need to Know principle

The company adopts the need to know principle, so that responsibilities and permissions for areas and workspaces are defined for each user
in the data security system.
Access to sensitive areas is restricted to a limited number of authorized persons.