Greenaumatic has an inclusive and long term mindset. This means that environmental Social Governance (ESG) and (IIRC) Integrated Thinking <IT> / Integrated Reporting <IR> principles are taken into account when making decisions. During the decision process, all six <IR> capitals (manufactured, intellectual, human, social & relationship, nature, finance) are considered. Business objectives are also assessed and aligned with the achievement of (parts of) Sustainable Development Goals.
At the time of writing, there is no internal policy or process to assess tax strategies for fairness. The intention is to formulate such a policy and to set up processes to ensure a tax strategy based on equal distribution principles. This will be done when Greenaumatic has reached a business size requiring such policies and process implementation. At that time, we will disclose tax-related practices / payments, such as the effective tax rate, subsidiaries and / or tax philosophy.
We do not have a formal human rights policy at the time of writing, but we explicitly recognize the United Nations Universal Declaration of Human Rights and the UN Guiding Principles on Business and Human Rights.
The reason for the lack of a formal human rights policy and integration in processes is the fact that we are a start-up company; Not all of the commitments in these principles apply to this point or are feasible to implement in a formal manner. Therefore, we simply state that we recognise and apply the above statement (see articles) and principles wherever we can.
Going forward, formal commitments and policies regarding these statements and guidelines will be reviewed where relevant and implemented in our business processes as necessary. For example; As of 2021, Greenaumatic will implement practices to assess the human rights impact of our business activities.
Greenaumatic commits to apply proper data protection measures when processing both electronically and manually data related to legal, personnel, administrative and management purposes and in particular to the processing of “sensitive personal data” (as defined in the Data Protection Act 2018) or applicable Data Protection Laws.
We will protect the transfer of such personal data (including sensitive personal data) to customer, to their offices, to other related third parties, regulatory authorities, governmental or quasi-governmental organisations and potential purchasers of customer whether or not in the European Economic Area.
Greenaumatic shall comply with its obligations in the Data Processing Agreement (DPA) you sign with us. Our DPA includes clauses handling the processing of client personal data. subprocessing, security, security incident handling, data transfer, deletion and return of data, audit rights, and confidentiality. A copy can be requested for viewing here.
This IT/Information Security Policy outlines the responsibilities and expectations for Greenaumatic’s security treatment of your and our own information assets. Data retrieved by, processed or stored on Greenaumatic systems is extremely valuable assets that must be protected. Data confidentiality and integrity are essential to our business and to our relationships with our customers and business associates. This Policy is guided by security requirements specific to our operating environment, laws and standards that are relevant to Greenaumatic, customer expectations, and information security best practices.
We use our own IT equipment to fulfil the Services, and take reasonable and appropriate steps to ensure that all IT equipment’s used to retrieve, process and store your data are secure. Any print outs, copies, originals documentation or client/staff information in any format are kept secure at all times.
Greenaumatic will comply with their this IT/Information Security Policy at all times. We agree to and shall procure that our subcontractors accept that all communication (written and electronic) related to the fulfilment of the Service or any related services in an agreement with you (including but not limited to, clients, contacts, suppliers, Company staff, service vendors and relevant third parties) are to be conducted exclusively via the proper business email accounts or through the use of the company client portal.
Once you engage with us in a formal agreement Greenaumatic will record and archive all such communications. In addition we will explicitly comply with the IT security specifications and procedures regarding systems, email, internet and acceptable behaviour outlined below. We start with a few definitions.
Client Data – means all data provided by you to Greenaumatic, as well as any original or modified copies of such data.
Data – means Information or documents, regardless of medium, that are created, modified or otherwise processed by Greenaumatic employees, temporary workers, independent contractors, and vendors in connection with work-related duties.
Greenaumatic Network – means virtual desktop environments provisioned to subcontractors, and used by Greenaumatic, using Amazon WorkSpaces service hosted in Amazon’s data centres in Ireland (https://aws.amazon.com/workspaces/).
Service Systems – means any electronic computing equipment or network purchased, that may be used to access, retrieve, process or store data from your Network or Greenaumatic Network. This shall include and does not limit servers, thin clients, mobile devices, PCs, workstations, network routers and switches and wireless access points.
Although Greenaumatic uses secure cloud services, the physical access to rooms that house Service Systems is restricted to selected personnel that have proven business justification. For on-premise this policies apply. If required Greenaumatic will update this policy specifics based on the cloud suppliers policies. Requests for access must be made through an approval workflow system of record with documented management approval of the request for access to be granted.
All laptops shall be equipped with screen savers that will activate after 15 minutes of inactivity.
Regarding Password Management; User IDs and passwords shall be required in order to gain access to all Service Systems. Greenaumatic shall ensure that the following minimum password requirements apply:
Firewalls must be configured to block all inbound access to the Service Systems that has not been specifically authorised and documented. Antivirus software must be deployed on all Service Systems in-scope for this policy and that antivirus definitions are updated within 24 hours of release from the vendor .
In addition to the customer data handling in the data protection policy and our Data Processing Agreement (DPA) we warrant adequate controls to prevent data lost and data misuse. The following treatment of Client Data is strictly forbidden:
a. Storing Client Data on any storage devices that is not subject to the Service control, such as personal portable computer hard drives or personal mobile phones;
b. E-mailing or uploading Client Data to networked locations other than the ones pre-authorised by Greenaumatic;
c. Producing or distributing physical copies of Customer Data such as print outs.
Statements or policies to add: