Qilin.Cloud

Trust Center

 

At Qilin.Cloud, ensuring your information is private, safe and secure is not only one of our top priorities – for us it’s a necessity. Every day, every account, every request, every visitor, every purchase, we are committed to the security of your product.

Save time and money with an technology platform designed with the secure functionality your business needs. With more built-in features than other leading platforms, Qilin.Cloud gives you the power to grow your business securely.

Security

We work with you to make sure security and privacy come first. We do our part by building it into every layer of our technology platform. Then, we give you unparalleled control with customizable security and privacy controls to meet your needs and standards.

Availability

We aim to ensure that the Qilin.Cloud is always operational for its users. No vacation, no extended upgrade or maintenance windows, no single points of failure. We focus on near-perfect availability and have built redundancies into every layer of our cloud platform.

Privacy

Qilin.Cloud has taken all required steps, and implemented additional, best-in-industry safeguards, to ensure  applicable data privacy and data protection regulations such as GDPR, ADPPA, CCPA, and PIPL, providing you with the assurance that Qilin.Cloud is a trustworthy processor of your personal data.

Compliance

Qilin.Clouds dedicated IT security team monitors platform security and works with certified third-party auditors to validate and maintain security. Qilin.Cloud runs its own security tests on a quarterly basis and our infrastructure providers follow their documented standards. External application and network penetration tests are performed yearly.

Security

The Qilin.Cloud technology platform has been designed to deliver end-to-end data security. We follow best-in-class standards to ensure the best possible protection for our users data.

Qilin.Cloud is very aware, that the world is currently experiencing an unprecedented increase in cyberattacks. While it is always a good policy to put technical protection in place (which we do), it is even more important to build a culture of security awareness and train the staff accordingly. Our employees, users and partners can be sure, that Qilin.Cloud takes Information Security seriously.

Managing data responsibly is of highest priority. The Qilin.Cloud technology platform has been built as a truly cloud-based, multi-tenancy platform and runs in certified data centers at several locations in Europe. All internal processes, infrastructure and development are closely following security-based guidelines and principles.

Physical security

Data Center: The Qilin.Cloud platform is hosted on Microsoft Azure and guarantees the implementation following highest standards. Qilin.Cloud regularly conducts vencor assessments of its partners.

Network Security

Qilin.Cloud makes sure, that all cloud traffic is protected by state-of-the art methods including encryption. Access to our internal office network is controlled, limited and monitored, communication is encrypted, Antivirus-tools, MDM and firewalls are mandatory for every user.

Backup and Recovery

Qilin.Cloud utilizes geographically separate environments to ensure protection from data loss, provide reliability and constant uptime of our systems. Backups are encrypted and stored on different storage media than production following strict guidelines and audited processes.

Operational security

Spryker has implemented policies and procedures, managed by our Information Security Management System (ISMS). Learn more about this in our compliance section.

Training and Awareness

Qilin.Cloud offers a wide variety of trainings, workshops and programs to make sure, that our team is aware of the latest in Security and Privacy.

Availability

Qilin.Cloud commits to a minimum Availability of the Service of 99.9%.

The Service will be considered available to the extent that the User is able to use the Service through the API and access the application data at the service transfer point of the API (i.e. at the exit of the respective data center) (“Availability”).

Qilin.Cloud measures Availability by sending test requests in regular intervals to the Service.

Availability is measured over the entire operating period (24/7) and shall be calculated on the basis of a calendar month in the unit of minutes. For the purposes of the calculation, a calendar month is defined as 30 days i.e.

(365 days / 12 mongths) x 24 hours x 60 minutes = 43800 minutes

Downtime refers to the total number of minutes within a calendar month during which the Service is not available.

Availability is expressed as a percentage and will be calculated as follows:

Availability = ((43800 minutes – Planned Servicing Period – Downtime not attributeable to Qilin.Cloud) – Downtime) / (43800 min – Planned Servicing Period – Downtime not attributable to Qilin.Cloud)

Planned Servicing Period

Qilin.Cloud may be required to schedule planned servicing and maintenance periods from time to time to technically adapt, ensure the functioning and interoperability, develop, and maintain the security of the Service (“Planned Servicing Period”). Qilin.Cloud ordinarily informs Users through the internal status page at least seven days before a planned maintenance period and describes the type, extent, and projected duration. Users may register for this portal to receive such notifications by e-mail. When possible, such Planned Servicing Periods will be carried out during low-traffic periods and in such a manner that the usage of the Service is not expected to be substantially affected.

Qilin.Cloud endeavors to ensure no more than twelve hours of Planned Servicing Period per year.

Exclusions

Availability calculations will exclude unavailability arising from any: (a) Planned Servicing Period; (b) force majeure events; (c) Users application, equipment, software or other technology, or third-party service providers’ faults or disruptions for which Qilin.Cloud is not responsible; (d) Users use of the Service in violation of its agreement or not in accordance with the Documentation; or (e) suspension or termination of Users access or use of the Service in accordance with the Users agreement.

The provisions do not apply to APIs and functionalities provided as beta versions, test and/or development projects, and services that are provided to the User free of charge (for example, the open source connectors and the SDKs).

Privacy

Trust takes years to build, seconds to break and forever to repair

Qilin.Cloud strongly believe in the importance of handling Personal Data in a thoughtful way and in line with applicable data privacy and data protection regulations.

We aim to build a technology platform that supports our users in complying with internal privacy policies and applicable data protection legislation.

This commitment goes beyond the privacy space. Our Code of Conduct outlines the values which all of us at Qilin.Cloud are required to uphold.

As terms and their definitions vary between privacy regulations, let’s align on the definitions as described
within the EU General Data Protection Regulation (EU GDPR) for the purpose of this section:

Personal Data:

Shall mean any personal information relating, directly or indirectly, to an identified or identifiable natural person.

Data Subject:

Shall be an individual (natural person) whose Personal Data is processed, e.g., a consumer or employee.

Processing:

Shall mean any action which is performed on Personal Data, such as collecting, transferring, storing, using, or erasing. 

Controller:

Shall be the organization that determines the purposes and means of the processing of the personal data in scope and that is responsible for compliance with legal obligations.

Processor:

Shall be the organization that processes Personal Data on behalf of the Controller and that is obliged to support the Controller as described within the Data Processing Agreement.

Privacy at the Company

Privacy & Security Program

Qilin.Cloud has implemented both an Information Security Management System (ISMS) according to ISO 27001 and a Personal Information Management System (PIMS) according to ISO 27701.

Audits & Certifications

We periodically conduct internal and external audits, supplemented by self-assessments.

Privacy Roles & Responsibilities

A dedicated internal Data Privacy Team maintains and further develops the Qilin.Cloud Privacy Program. An external Data Protection Officer has been appointed for E CORP Holdings GmbH, the parent company in Germany.

Employee Trainings

All Qilin.Cloud employees must complete annual trainings on privacy and information security. Participation is tracked withing the e-learning system.

Confidentiality

Employees are required to sign non-disclosure agreements and adhere to our stringent privacy and security policies as a condition of their employment.

Vendor Management

Critical suppliers are carefully selected and re-assessed on a regular basis. Data Processing Agreements and/or Standard Contractual Clauses are sigend if applicable.

Privacy Register

If required by applicable laws, data mapping such as “records of processing activities” (incl. details on processed data categories, purposes and data flow) are documented.

Data Subject Request

Incoming requests from Data Subjects are centrally managed by the internal Data Privacy Team.

Security Incidents & Personal Data Breaches

Processes have been defined to identify, assess, document, handle, and, if required, communicate Personal Data
Breaches to both authorities and our customers in line with applicable laws and contractual obligations.

Risk Assessments

Privacy Impact Assessments (PIA) and Data Transfer Impact Assessments (DTIA) are performed for critical processes and mitigation measures are implemented if required.

Privacy at the Technology Platform

The User is in full control of any Personal Data uploaded to the Qilin.Cloud technology platform. The Qilin.Cloud technology platform is highly configurable and can be set up by the customer according to specific use-cases and individual requirements.

As the EU General Data Protection Regulation (GDPR) is seen to be one of the strictest privacy regulations in the world, we have designed our technology platform according to the concept of “Data Protection by design and default”. Nevertheless, Qilin.Cloud is also compliant with ADPPA, CCPA and PIPL.

Encryption

Data is encrypted in transit via HTTPS using TLS 1.2 or higher, and at rest using AES-256 encryption.

Login Security

Comprehensive authorization protocols (incl. SSO, IP restrictions, and multi-factor authentication).

Confidentiality

Configurable role-based access and data permissions incl. tamper-proof audit log and optional login history log.

Data Deletion

Configurable deletion procedures available (e.g. for retentionc times of log-files or anonymization of user accounts).

SCC

Since the invalidation of Privacy Shield on July 16, 2020 by the CJEU through the ruling C-311/18 “Schrems II”,
Qilin.Cloud relies on the new Standard Contractual Clauses (SCC) for Third Country Data Transfers.

Hosting location

Hosting location of the users Qilin.Cloud instance can be selected by the user. Data for European customers
is hosted in the European data centers of our hosting providers, unless otherwise agreed. The list of all possible data center locations is published in our Developer Wiki.

Government Access

Qilin.Cloud has not yet received any access requests by government authorities, but should any such requests be received in the future, Qilin.Cloud will provide any affected user prompt written notice of the request, unless
prohibited by law.

Compliance

We deliver world-class security and privacy by adhering to global standards. These standards include:

CCPA

California Consumer Privacy Act

ADPPA

American Data Privacy and Protection Act

PIPL

Personal Information Protection Law of the People’s Republic of China

GDPR

General Data Protection Regulation

ISO 9001

Quality Management System

ISO 22301

Security and Resilience

ISO 27001

Information Security Management System

ISO 27001 SoA

Statement of Applicability

ISO 27701

Privacy Information Management System

PCI DSS

Payment Card Industry Data Security Standard

SOC 1

Internal Control over Financial Reporting

SOC 2

Control over Availability, Security, Processing Integrity, Confidentiality and Privacy

CSA STAR

Cloud Security Allianca, Security, Trust, Assurance and Risk

EU-US DPF

European – United States Data Privacy Framework

Ready for the leverage?

Choose the Qilin.Cloud technology platform for your business now.