Security Policy

The Security Policy establishes the guidelines and principles established by aTurnos to ensure the protection of information, as well as compliance with the defined security objectives, thus ensuring the confidentiality, integrity and availability of information systems and, of course, ensuring compliance with all applicable legal obligations.

The management of aTurnos, aware of the importance of information security in the workplace, assumes and provides the following commitments with respect to the Information Security Management System (ISMS):

1. Ensure that information security objectives are established, always aligned with the company's strategy.
2. Ensure that security requirements are integrated into the organization's processes.
3. Ensure the necessary resources for the management system.
4. Communicate the importance of effective information security management in accordance with the requirements of the information security management system.
5. Ensure that the information security management system achieves its intended results.
6. Lead and support people to contribute to the effectiveness of the information security management system.
7. Promote continuous improvement of the management system.
8. Support relevant roles to demonstrate leadership as applied to their areas of responsibility.

To this end, management will ensure that aTurnos personnel comply with regulations, policies, procedures and instructions relating to information security.

Through the development of its Information Security Management System, aTurnos aims to ensure the following security objectives:

1. Ensure confidentiality, integrity and availability of information.
2. Comply with all applicable legal requirements.
3. To have a continuity plan that allows the recovery of processes and activities in the event of an incident, in the shortest possible time.
4. Train and raise awareness of information security among all employees.
5. Train and raise awareness of information security among all employees.
6. To meet the safety expectations and needs of customers, employees, suppliers and other stakeholders.
7. Proper management of all incidents that occur.
8. All employees will be informed of their safety roles and obligations and are responsible for fulfilling them.
9. Continuously improve the ISMS and, therefore, the organization's information security.

To ensure the correct performance of the Management System and to comply with the established objectives and requirements, aTurnos management has appointed an ISMS Manager and a Security Committee that will ensure compliance with the guidelines set out in this policy.

Privacy Policy

When accessing our website, aTurnos collects certain information about you such as the User or email. If you visit our website to manage your shifts/workdays schedules and visualize your co-worker's, we collect and storage only the following information about you and your team, which we will never share with third parties except in the case of the existence of a specific contract with the client or the set integration with others established by the administrator of the team. The information aTurnos automatically has about you is:

1. The login email to access the system.

The date and hour of access to our website and the user's check-ins/outs.

The shifts that you or the Administrator have registered on the system. Rather it was in an automatic or manual way.

4. Your phone number to be shared with your co-workers, which is not mandatory.

If you identify yourself by sending an email with your personal details, such information is collected and it would only be used to reply your message.

There are also some details which are not mandatory but might be useful to your co-workers such as your phone number or your social media accounts, and which would never be given to third parties by aTurnos and would only be initialized under the user's request.

Since it is a collaborative system and you have previously validated your account via email, you allow other users of your service within the same shift to see your shifts details and the personal information shared, which will only be accessible to this group.

The collected data is for statistical purposes. aTurnos can use a software to make statistical overviews, for example with the purpose to review the number of viewers of the different sections of our website. This way it can be learned which information is more or less interesting, determine technical details for the layout of the website and the performance of the identification of the system or the defective areas.

Because of the site's security reasons and to ensure the availability of this service to all the users, aTurnos uses software to monitor the net traffic to identify unauthorized attempts to obtain or change informations, or to cause damage.

aTurnos will not obtain your personal identification data when you visit our website, unless you decide to give us such information, nor the information sold or transferred to third parties without the user's approval.

Minor's information (under 16) is not accepted.

Any transaction of your information, such as your social media has to be validated by you on the settings options of your account, never by default.

Security and Reliability

Security

aTurnos offers many tools that can improve the management of personnel exponentially but it is important that you protect the security of communications, for this we force the use of the HTTPS protocol for the encryption of communications between your terminals and aTurnos servers. In addition, we recommend you make a correct use of your password without sharing it with third parties, define it in a robust way not using familiar words, not only using numbers and letters, or personal information.

aTurnos servers are located in Ireland within EU legislation, are hosted and replicated in the structure of Amazon Web Service (AWS) where daily backups of the data are made. AWS has obtained ISO 27001 certification and has been successfully validated as a Level 1 service provider in accordance with the Data Security Standard (DSS) of the payment card industry (PCI Card). AWS undergoes SOC 1 audits each year and has received a satisfactory evaluation at the Moderate level corresponding to federal government systems, as well as level 2 DIACAP for DoD systems.

Group Conversia has audited aTurnos software and corroborates that it complies with the following aspects of RD 1720/2007: Security Document, Responsible for treatment, Services provided without access to personal data, Work regime outside the premises of the location of the file, Functions and obligations of personnel, Incident registration, Access control, Media and document management, Identification and authentication, Backup and recovery copies, Access to data through communication networks, File criteria, Storage of information , Custody of supports, Access registry, Telecommunications

Reliability

The aTurnos system is stored in Amazon Web Service (AWS) EC2, which offers a very reliable environment in which replacement instances can be sent quickly and in advance. The service runs in Amazon's accredited data centers and network infrastructure. The commitment of the Agreement at Amazon EC2 services level is 99.95% availability in each Amazon EC2 Region.

Ver estado de aTurnos

Management System Objectives

• Ensure confidentiality, integrity and availability of information.
• Comply with all legal, regulatory and contractual information security requirements applicable to the organization.
• Know and manage information security risks.
• To periodically establish improvement objectives aligned with this policy.
• To meet the expectations and needs of interested parties.
• To train and raise awareness of information security among all employees.
• Properly manage all security incidents that occur.
• Inform all employees of their security roles and obligations and the responsibility to comply with them.
• Continuously improve the ISMS and thus the information security of the organization.

Management will ensure that the ISMS and the Shift Security function have the necessary resources for its proper functioning and compliance with the stated objectives.