Data Protection Measures

Unambiguous Identification and Authentication

The platform has a login system that requires a password and a valid user to access the information. Each user is uniquely identified.

For more details see: Authentication in Athento

Assignment, distribution and storage of passwords ensuring confidentiality and integrity

Some of the mechanisms that Athento uses to guarantee the confidentiality in the distribution and management of passwords, as well as their integrity, are explained below.

• Password encryption
• Password management functionality
• Confidentiality and password distribution
  

  1. Does Athento request a password change on first login?

  2. Does Athento store encrypted passwords?

  3. Is there password masking?

  4. How to change a user's password in Athento?

  5. How can I change my password?

  6. User creation
• Password recovery

Duration of passwords

By default and unless otherwise stated, passwords expire 12 months after they are entered.

Password complexity

Athento require the use of secure passwords.

Is it possible to manage the complexity of passwords in Athento?

Password Storage

Athento allows you to avoid using previously used passwords.

Is it possible to prevent users from reusing previously used passwords?

User Blocking

Athento incorporates automatic user blocking mechanisms when certain situations occur.

Is there automatic user blocking in Athento?

Access Logging

Athento has a user access management log.

 Athento Access Management Logs

Data Protection Incidents

Data Protection Incidents Register

Athento has a platform for recording customer incidents.

Users can submit their issues by any of the available contact methods (How to report a support case?).

Our incident logging system allows us to store information about the reported incident and exchange information for its prompt resolution.

Some of the information that is stored for each occurrence is:

• Type of incident
• Time and date when the incident is reported
• User reporting the issue
• Person who is assigned to resolve the request

In addition, the system allows detailed documentation of the characteristics of the incident, the measures to resolve it and, in general, any communication between Athento and the user reporting the incident. It is also possible to add users in copy of the incident when it is considered that they should be aware of the situation.

If the resolution of the incident involves data recovery, our team documents which member of our team performs the data recovery, what data is restored and whether any manual intervention was required.

Athento will report to the relevant data protection authority the data protection incidents within the deadlines estimated by the Law according to the criticality of the incident, which will involve assessing the potential damage to the data subjects' data, the volume of personal data affected and/or the level of personal data.

Secure Data Deletion

Athento allows enabling automatic secure data deletion operations, as well as implementing retention policies that execute purges (permanent secure deletions) of documentation that requires it (How to apply retention policies on documents?). 

You may also be interested in How does Athento perform secure and permanent deletion of documents?

Location and data transfers

Data Transmission

Access to the platform and, in general, any data transmission is done through secure protocols, specifically TLS (Transport Layer Security).

Location of data

Athento stores its data in data centers in Europe. There are also data centers in Canada. The locations of the various data centers are listed below.

You may also be interested in Datacenters Security Measures

With some infrastructure providers, encryption of data at rest is possible.

Data transfers with the United States and the United Kingdom

The documents of Athento's cloud clients, as well as the information about their documents (metadata) are not transferred to the mentioned countries. The data is stored on servers in France and Canada.

Third party services

Athento Cloud uses third-party services to improve the product and ensure the availability and proper functioning of the service. In the following link you can consult the nature of the third party services used Athento uses third party services?