Information Security Policy
Last updated: March 2026
1. Purpose
Snapium (GEMI No.: 145744403000) is committed to protecting the confidentiality, integrity and availability of all information it manages.
2. Scope
This policy applies to:
- All Snapium information systems
- Client data (photographs, contact details)
- Internal operational data
- Website and digital services
3. Technical Security Measures
3.1 Encryption
- SSL/TLS encryption on all web pages
- Encrypted data storage
- Secure file transfer
3.2 Access Control
- Role-based access control (RBAC)
- Strong passwords
- Two-factor authentication (2FA) on critical systems
- Automatic lockout after failed attempts
3.3 Monitoring
- Access activity logging
- Suspicious activity detection
- Regular log review
4. Organizational Measures
- Staff security training
- Clean desk policy
- Secure data deletion procedures
- Business continuity plan
5. Incident Management
In case of a security incident:
- Immediate detection and assessment
- Impact containment
- Notification to authorities (HDPA) within 72 hours
- Notification to affected individuals
- Root cause analysis and corrective measures
6. Photographic Material Protection
Specifically for client photographic files:
- Secure storage on encrypted drives
- Regular backups
- Restricted access to authorized personnel only
- Secure file transfer to clients
7. Vulnerability Reporting
If you discover a security vulnerability, please notify us at legal@snapium.gr.