![EarthScan_ID_White_RGB-01.png]](https://knowledgebase.earth-scan.com/hs-fs/hubfs/EarthScan_ID_White_RGB-01.png?height=40&name=EarthScan_ID_White_RGB-01.png){kind=small}
What is EarthScan's Data Privacy Policy?
We are committed to handling data responsibly.
Overview
At Mitiga we keep data protection at the heart of all business processes in our operation. Using key information security principles such as least privilege, need-to-know access, encryption, and VPN solutions, we have defence-in-depth for our data.
We also use security monitoring solutions as a proactive safeguard. These include endpoint detection and response technology, identity management solutions, best-in-class intrusion and anomaly detection systems, and robust network segmentation rules.
Ensuring the confidentiality of our systems is partnered with availability and integrity principles.
We host our platform in Western EU regions and are building a robust backup strategy allowing same day recovery if needed. We ensure our data is subject to change management, version control and integrity monitoring from our Information Security governance and its policies that we are creating to ensure information assurance and accuracy.
Our approach to data privacy
We are committed to responsible data practices and at a minimum align our data protection policies with regulatory requirements in the countries we operate. We use a combination of open, proprietary and customer data in our products. Most of our data sources are open and available to all. Some additional proprietary data sources are used under license.
All of our customers’ proprietary data on our platform is governed in accordance with our terms and conditions of use. We believe that your private data should remain private unless you want to share it and give us permission to do so.
Datacenters
Our infrastructure is hosted in Microsoft Azure who are certified as ISO 27001, PCI DSS Service Provider Level 1, and are SOC 1 and 2 compliant. Read more about Compliance at Microsoft Azure
Our Microsoft hosting provider is also a certified company through an independent audit and ongoing surveillance audits for the Esquema Nacional de Seguridad (National Security Framework), which is governed by Royal Decree (RD) 3/2010, a framework which applies to all public organizations and government agencies in Spain that purchase cloud services, as well as to providers of information and communications technologies (ICT). Read more about Microsofts commitments on ENS-NSF and obtain a copy of their certifications here.
Microsoft employs robust controls to secure the availability and security of systems. This includes backup power, fire detection and suppression equipment, and secure device destruction. Read more about Data Centre Controls at Microsoft Datacenters.
Our Infrastructure hosting partner implements layered physical security controls to ensure on-site security, including vetted security guards, fencing, video monitoring, intrusion detection technology and more. Learn more about Microsoft Azure Physical Security
Regulatory Compliance
We take a 360-degree approach to compliance that not only focuses on what is in scope for us but also what is in scope for the partners, investors and customers we would like to work with; it is essential to note it is not only one specific regulation that we align our compliance to such as the GDPR which refined the Data Protection Act and has since paved the way for an evolution of global privacy regulations, we also align to using the fair information practices model and its five principles, our services are built with data residency capability by design and aligns to privacy needs on a global scale.
Changes to our privacy policy
You can find the latest information about data we collect and how we use it in our Privacy Policy. This can be found in full here.
If you have any questions about our privacy policy, please contact us at feedback@earth-scan.com.