Security Code of Conduct
Claimable is a claims management platform which enables businesses to boost their productivity and to focus on delivering an outstanding service to their customers.
We are on a mission to change the image of claims in the market, because we believe that claims have been an afterthought for too long. Re-thinking the claim process represents a great opportunity for all businesses along the claim value-chain, to improve customer experience and transform frustrated customers into happy ones.
Claimable employs industry-standard security best practices and fully manages our platform security, leaving users with the peace of mind necessary to focus on their operations and pursue their business objectives.
Commitments to Trust and Privacy
Trust is fundamental to our mission and inspires our everyday work. It is the responsibility of every employee at Claimable to protect the privacy of our customers and of their data.
We, as data processors, work in line with the EU General Data Protection Regulation (GDPR) and we are committed to assisting our customers in complying with the law. Even customers outside of the EU will benefit, because the GDPR represents a strict set of data protection rules, that protects the rights and privacy of the individual.
We are taking appropriate technical and organisational measures to guarantee that we fully comply with the GDPR, such as the minimisation of data processing, pseudonymisation of data and transparency of processes.
Claimable's Access to Customers’ Data
Customers’ data are only accessible to authorised members of staff to perform administrative tasks and for the purpose of a better customer service and nothing else.
Right to access and privileges are only provided to employees when required by their business role, and a strict password and data protection policy is enforced.
All employees are informed of their responsibilities and all activities are recorded and reviewed periodically.
We are very aware that Claimable is a fundamental resource for our customers’ business operations and this is something we are proud of and take extremely seriously. For this reason, we operate a failover system across multiple, separate data centres to guarantee business continuity in case of any serious incidents or disasters. This mitigates the risk to our customers due to the Claimable platform becoming unavailable, and we maintain our own disaster recovery policies to further protect customers' operations in case of a catatrophic event.
We rely on Amazon Web Services which operate to the strictest, industry security standards and control the on-site access controls at their data centres.
Customers’ Data Retention
Customers’ data are securely archived for no longer than necessary.
The retention period of personal data is reviewed on a regular basis and take in consideration various factors. When an account is deleted from our database, data are purged and made irretrievable after two months.
Customers’ Data Protection Best Practice
The data you enter into Claimable are encrypted in transit and at rest, using SHA-256 SSL and AES-256 block-level storage encryption respectively.
To further protect the integrity and confidentiality of your data we use pseudonymisation and encryption of personal data and enforce a restricted use of any USB devices.
Any sensitive data is anonymised and kept on site, with strict access restrctions and protocols, to maintain a high level of confidentiality.
Use of Third Parties
We employ a third-party service, Amazon Web Services (AWS), to boost our security practices as AWS operates to the strictest, industry security standards.
More specifically, we delegate to Amazon Web Services the vulnerability monitoring and the implementation of firewalls and level intrusion detection systems, in addition to the hosting and storage of our data.
Rights of the Data Subject
Claimable has procedures and technologies in place to enable our customers to respond to data subject’s rights introduced by the GDPR, such as the “Right to Data Portability” and the “Right to be Forgotten”.
For instance, our users are guaranteed access to data concerning themselves or any other individual in a machine-readable form without undue delay. In case an individual demands his/her data to be deleted from our database, Claimable will allow users to purge those data in a rapid and efficient way.
Claimable has in place the strictest measures to prevent and control data breaches. We also adopt strong breach detection, investigation and reporting procedures to ensure that all data breaches are addressed appropriately and in a timely manner to prevent any damages to be caused.
We are also committed to notifying our customers without unjustifiable delay when becoming aware of a personal data breach.