Information Security Policy

‍Effective Date: 01-01-2023
Last Updated: 28-11-2025
Company: SEINō B.V., Randstad 22-15, 1316 BN Almere, The Netherlands
Contact: legal@seino.ai

1. Purpose

This policy sets out how SEINō protects its information systems, customer data, and intellectual property. The goal is to maintain confidentiality, integrity, and availability of information while supporting compliance with GDPR and other applicable regulations.

2. Scope

Applies to:

• All SEINō employees, contractors, and interns.
• All information systems, cloud services, and devices used for SEINō business.
• All customer and business data processed by SEINō.

3. Key Principles

• Confidentiality: Data must only be accessed by authorized individuals.
• Integrity: Data and systems must remain accurate and protected against unauthorized modification.
• Availability: Services must remain accessible to authorized users.
• Accountability: Everyone is responsible for safeguarding information.

4. Responsibilities

• Management: Approves this policy and ensures resources are in place.
• Information Security Officer (ISO): Oversees compliance, risk management, and incident handling.
• Employees: Follow this policy, complete training, and report incidents.
• Third-Party Vendors: Must meet SEINō’s security requirements.

5. Acceptable Use

• Company systems and accounts are for business use only.
• Do not install unauthorized software or share login credentials.
• Remote work must use secure Wi-Fi.
• All devices must be encrypted, password-protected, and auto-lock after 10 minutes of inactivity.

6. Access Control & Authentication

• Access is role-based and granted on least-privilege principle.
• Multi-factor authentication (MFA) is required on all company systems.
• All passwords must be generated and stored using the company-approved password manager.
• Accounts are disabled immediately upon termination.

7. Data Protection

• All customer data is Confidential and stored only in approved systems.
• Data must be encrypted in transit (TLS 1.2+) and at rest.
• Sensitive data may not be stored on personal devices.
• Secure disposal of data and hardware is mandatory and will be carried out in line with SEINō’s Data Retention Policy.

8. Email & Communications

• Company email is for professional use.
• Do not transmit sensitive data unencrypted.
• Phishing or suspicious emails must be reported immediately.
• Personal cloud storage (Dropbox, Google Drive, etc.) may not be used for SEINō data.

9. Mobile & Personal Devices (BYOD)

• Mobile devices accessing SEINō data must be password-protected and encrypted.
• Lost/stolen devices must be reported immediately.
• SEINō reserves the right to revoke access or remotely wipe company data.

10. Incident Management

• All suspected security incidents must be reported to the ISO immediately.
• Incidents will be logged, investigated, and resolved according to the Incident Response Plan.
• Customers and regulators will be notified without undue delay, and within 24 hours of confirmation of a personal data breach, in line with the Data Protection Policy and General Terms & Conditions.

11. System Security

• All laptops, servers, and cloud systems must have up-to-date security patches.
• Antivirus/endpoint protection must be installed and active.
• Firewalls and monitoring tools must be in place for all infrastructure.

12. Compliance

• SEINō complies with GDPR and other applicable data protection laws.
• Vendors must undergo security reviews before being onboarded.

13. Policy Review

This policy is reviewed annually or after major business/regulatory changes. All staff must acknowledge and comply with the latest version.

Employee Acknowledgement

I have read and understood the SEINō Information Security Policy and agree to comply with it.