Cybersecurity Policy

  • Home
  • Cybersecurity Policy

Introduction

At SMOKE4ONE® , the security of data and online transactions is at the heart of our concerns. This Cybersecurity Policy aims to describe the technical and organizational measures implemented to guarantee the protection of sensitive information and personal data of our users. We are committed to complying with the provisions of the General Data Protection Regulation (GDPR) No. 2016/679 and to implementing best practices in cybersecurity.

1. Security Principles

SMOKE4ONE® applies rigorous security principles, based on CNIL recommendations and industry standards. Our commitments include:

  • Confidentiality : Maintain the confidentiality of sensitive data and information through secure access controls.
  • Integrity : Ensure data integrity by protecting systems from unauthorized modifications.
  • Availability : Ensure the availability of services for our users through continuity and disaster recovery plans.
  • Traceability : Record and monitor activities to detect and prevent suspicious activity.

2. Technical Security Measures

SMOKE4ONE® uses advanced technologies to secure its infrastructure and online transactions. Some of the technical measures we have implemented include:

  • Data Encryption : All data transmitted on the site is encrypted using the SSL (Secure Sockets Layer) protocol, thus guaranteeing its confidentiality and integrity.
  • Firewall and Network Security : Sophisticated firewalls protect our servers from unauthorized access and intrusion attempts.
  • Security Updates : Systems and software are updated regularly to address identified vulnerabilities and implement the latest security recommendations.
  • Security Testing : Audits and penetration tests are conducted periodically to assess the effectiveness of our security systems and detect potential vulnerabilities.

3. Organizational Measures

SMOKE4ONE® implements internal policies and procedures to ensure the security of information and personal data:

  • Multi-Factor Authentication (2FA) : We recommend using two-factor authentication to enhance customer account security.
  • Access Management Policy : Access to sensitive information is restricted and granted only to authorized personnel, based on business needs.
  • Incident Response Plan : An incident response plan is defined to respond quickly and effectively to attacks and data breaches. This plan includes incident detection, root cause analysis, notification of affected parties, and corrective actions.

4. User Awareness

Cybersecurity also relies on user vigilance. SMOKE4ONE® recommends that its customers adopt the following best practices to secure their accounts:

  • Choose a strong and unique password for each account.
  • Never share your login details or personal information by email or phone.
  • Check your account activity regularly and immediately report any suspicious activity to customer service.
  • Update their device's software and antivirus to protect against external threats.

5. Data Breach Management

In the event of a data breach that may compromise users' privacy, SMOKE4ONE® undertakes to notify the CNIL and the affected users, in accordance with Articles 33 and 34 of the GDPR . The notification will include the following information:

  • The nature of the violation.
  • Measures taken to correct the situation and minimize the impacts.
  • Practical advice for users to secure their information.
  • Customer service contact details for any questions or support requests.

6. Continuous Improvement of Security

SMOKE4ONE® is committed to regularly reviewing and improving its security policies and procedures, taking into account technological developments and new threats. Independent security audits are conducted to verify the compliance and effectiveness of the measures implemented. Users will be informed of updates to this policy via a notification on the website.

7. Claims and Disputes

In the event of a dispute regarding data security, users can contact our customer service at contact@smoke4one.com . If no amicable agreement is reached, the dispute may be brought before the competent courts of Béziers , in accordance with Articles 42 et seq. of the Code of Civil Procedure .