Kapat
k
Image Alt
/ / Güvenlik Politikası

Verilerin Korunması

Tüm verilerinizin gizliliğini özenle sağlıyoruz.

Verinin taşındığı kanalın gizliliğinin sağlanması için SSL*ya da IPSEC*kullanımını örnek model olarak alıyoruz. Saklanan veri ise uygulama yazılımı yapılandırma ayarları, uygulama sunucu yapılandırma dosyaları, uygulamalar ve sistemler arası iletişim için kullanılan ve dosya içinde ya da veri tabanında saklanan parolalar ve işletim sistemi üzerinde bulunan ve yazılım tarafından kullanılan parolalar bu kapsamda değerlendirilmektedir.

Uygulama servislerimiz “noktadan noktaya” ya da “uçtan uca” gizliliği desteklemektedir.

SOAP protokolü kullanan web servislerimiz SSL kullanmadığımız durumlara rağmen veriyi şifreleyip SOAP paketi içinde HTTP olarak göndermektedir. “Uçtan uca” (end-to-end) şifrelemelerimiz de son kullanıcı ile uygulama sunucu arasında şifreli bir tünelin oluşturulmasını ve trafiğin arada bulunan herhangi bir düğüm tarafından görülememesini sağlamaktadır. Diğer taraftan HTTP dışında başka bir protokol ile iletişim sağlayan uygulamamız tasarım uyarınca noktadan-noktaya ya da uçtan-uca şifreleme desteği sunmaktadır.

Kullanıcılarımızın kimlik bilgilerini taşıma esnasında korumaktayız. 

Kullanıcı bilgileriniz, gizliliği korunması gereken en hassas uygulama verisidir. Bu yüzden SSL protokolünün güncellenmiş son sürümü kullanmaktayız.

Uygulama içindeki veriler ve çıktılar güvenlik sınıflandırmasına tabii tutulmaktadır.

Uygulama içindeki veriler ve çıktılar, farklı gizlilik ve hassasiyet dereceleri barındırmaktadır. Özellikle yetkilendirme esnasında farklı gizlilik seviyelerinin gruplandırmasına özen göstermekteyiz.

Uygulama başka kaynaklara (örneğin uygulama veri tabanına  bağlanırken) erişim için kullandığı parolaları şifrelenmiş (encrypted) bir halde saklanmaktadır.

Uygulama içerisinde kullanılan parolalar hiçbir durumda uygulamanın kaynak  koduna  girilmemektedir. Parolalarınızın şifrelerini çözmek  için gereken anahtarlar, yetkisiz erişimden kuvvetli bir şekilde korunmaktadır.

Uygulama, son kullanıcıların ya da istemci durumundaki uygulama servislerini kullanan diğer sistemlerin kimliklerini doğrulamak için kullandığı parolaları kriptografik özet halinde (hash) saklamaktadır.

Uygulama veri tabanında saklanan son kullanıcı parolaları özet olarak tutulmalıdır. Bu işlemi yaparken güvenliğinde (şimdilik) şüphe olmayan sha3 gibi kuvvetli özet algoritmaları kullanmaktayız. Parolaların  özetleri  alınırken,  özet  fonksiyonuna  rastgele  bir  sayı katıyoruz(tuzlama). Bu şekilde özeti alınmış parolalar sözlük* ve gökkuşağı* saldırılarına karşı korunmaktadır.

Silinmiş verilere uygulama bileşenleri üzerinden tekrar ulaşım engellenmektedir. Bellekte ye da disk sisteminde oluşturulan nesnelerin  (objects)* gizli veri içermesi engellenmektedir.

Bu önlemle mantıksal olarak silinmiş verilerin fiziksel olarak da  silinmesi ve uygulama tarafından erişilemez olduğunun garantilenmesini hedeflenemekteyiz. Bellekte tutulan ve uygulamanın normal ya da istem dışı kapatılması sonrasında bellekten silinen  veriler  bu  önlemin kapsamı haricinde tutulabilmektedir.

Uygulama içerisinde veri akışı kontrol politikamız uygulanmaktadır.

Hassas bilgilerin internete açık ortamlara çıkmasını engelliyoruz. Dışarıdan gelen fakat içeriden geliyor gibi gözüken veri trafiğini ise bloke  ediyor ve iç web ara vekilinden (Proxy)* den çıkmayan web istemlerini durduruyoruz.

Uzaktan çalıştırılabilen veya sistemin değişik parçaları arasında transfer edilen taşınabilir kodları (mobile codes) dikkatli bir şekilde ele alıyor ve envanterini tutuyoruz.

Bu şekilde taşınan kodları erişim kontrolü kapsamında, uygulamadan izole bir alanda (sandbox) çalıştırıyoruz. Ayrıca bu kodların imzalı olmasına dikkat ediyor ve bu imzaların kontrol edilmesini sağlıyoruz. Özellikle bu kodların ürettikleri girdileri üründe kullanmadan önce girdi denetimine tabi tutuyoruz.

Uygulama içindeki tüm verileri uygulama bileşenleri arasında şifreli olarak (gizliliği korunarak) iletiyoruz.

Veri tabanı bağlantısı yaparken JDBC yerine secure JDBC (JDBCS) ve FTP ile veri aktarımı yapılacaksa FTPS kullanılmasını tercih ediyoruz.  

Risk analizine veya tehdit modellerine göre de iç ağlarda belirlenen tehditlere karşın iç ağ trafiğini de şifreliyoruz.

Uygulama,  herhangi  bir  fonksiyonu  çalışmaya  başlamadan  önce  güvenlik fonksiyonlarının çalışır ve ayakta olduğunu garanti etmektedir.

SSL sertifikasının güncelliğini,  işletim sistemi dosyalarına erişim yetkilerini, kayıt mekanizması bileşenlerinin çalışır durumda olduğunu ya  da şifreleme kullanılan ilgili servislerin ayakta olduğu sürekli olarak kontrol etmekteyiz.

Uygulama, varlıkları  arasında  karşılıklı  bütünlüğü (referential integrity) sağlamakla yükümlüdür.

Verinin  bütünlüğünün  korunabilmesi  için, birbirine bağımlı varlıkların veri tutarlılık kontrollerinin uygulama içinde değil de verinin saklandığı veri tabanında sağlanmaktadır.  Bu sayede veri başka ortamlara taşınsa bile bütünlüğü sağlanmış olacaktır.

Kimlik Doğrulama

This Privacy Policy statement is made by the WORKINTEAM Group consisting of all the entities listed here (collectively, “WORKINTEAM”, “we”, “us” or “our”) and is effective as of 25th May 2018. It applies to all our divisions: WORKINTEAM Infotech Limited and Netlancers Inc DBA WORKINTEAM.

WORKINTEAM’s Privacy Commitment

WORKINTEAM has worried about customer and user privacy for almost 20 years, long before it become politically correct, fashionable, or legally binding to take such position. We ask / collect only the least amount of information necessary gathering only when we believe is essential for doing business, or for the specific transaction at hand. We let customers know the information we have on them and allow them to opt out for specific engagements. But, our biggest commitment is that we do not make a single dollar from advertising revenu-never have, never will, even if you just have submit a enquiry for project and does not opt to our services. We avoid the fundamental conflict of interest between gathering customer information and fueling advertising revenue, and the inevitable compromises in customer privacy that it brings.

 

The goal of this policy is to make explicit the information we gather on our customers and website users, how we will use it, and how we will not. This policy is unfortunately longer that we would like, but we must unambiguously address all the relevant cases. We will try and keep the language simple and direct as much as possible.

Yetkilendirme

This Privacy Policy applies to all WORKINTEAM websites that link to it. It also applies to the products and services provided by WORKINTEAM through these websites, our mobile applications. This Privacy Policy does not apply to any of our websites, products or services that have a separate privacy policy.

 

This Privacy Policy is divided into three parts:

Part I – Information WORKINTEAM collects and controls

This part deals with how WORKINTEAM collects and uses information about website visitors, potential customers, users of WORKINTEAM’s services, and others who contact WORKINTEAM through forms or email addresses published on or linked to our websites.

Part II – Information that WORKINTEAM processes on your behalf

This part deals with how WORKINTEAM handles data that you entrust to WORKINTEAM when you use our products and services, or when you share any personal or confidential information with us while requesting customer support.

Part III – General

This part deals with topics that are relevant to both Parts I and II, and other general topics such as WORKINTEAM’s security commitments and how we will inform you when we change this Privacy Policy.

Erişilebilirlik

Can I select my preferred developer? If yes, how do I do so?

You may choose your own software development team if you’re going for an Evolving project scope model. You have to share with us the profile of the ideal candidate and we’ll schedule interviews with you and our team members.

 

Is there a minimum limit for hiring developers under Evolving Scope model?
Well, there’s no limit as such. You can hire as little or as much as you think your project will require. However, we will certainly help you in composing the best team that helps you take your idea to the market with unmatched quality and customer service.

Is there any minimum period of hiring programmers for my project?

This is applicable to the Evolving Scope model. We require that you hire a team for at least 3 months minimum – so that they get to know your objectives, align closely with your team (if you have) and ensure all critical aspects of the projects are taken care of. During this period – they’ll not work on any of the projects except for yours. If you see you need shorter engagement, we’d recommend you go for a fixed price model.

Can I alter the scope of the during development?

Well, we always prefer that project scope is outlined and concluded upfront in case of Fixed Scope model (as the name suggests). Obviously, it is purely due to the planning and expectations set in terms of timeline and cost. While in the case of Evolving Scope model, you’re free to make alterations because you’ll be directly driving the team here – giving you enough room to set new goals, scope, timelines and everything else. Although – even in the later case, we recommend you plan small, execute it and then set up new goals.

I am not a techie. Will I still be able to work?

Certainly. While we absolutely love our clients to be technical, we also carry years of experience with us to fill in the gap for technology on your behalf.

My documentation and project scope are ready, and my requirements are clearly defined. What next?

It couldn’t have been better. If you know what you’d expect from the development team and know what to execute, it will require much less time to get started. We just need to understand everything you’ve got for us on the table and we can figure out the right engagement model for the project. We can provide you the estimates and Fixed Scope model would just be right for you.

May I interview the developers I hire for my project?

Yes, you can! In the model where you build your own web or mobile app development team, it is possible to interview and evaluate the skills of programmers at WORKINTEAM. Nevertheless, you are provided with each developer’s resume that contains information about their expertise and experience in the domain.

What technologies does WORKINTEAM work with?

Oh we are absolutely in love with modern technologies. We carry tremendous enthusiasm to learn, adapt and implement new technologies. There is an array of technologies we have excelled when it comes to Web including PHP and .NET – of course with a bunch of open source and SaaS products. For Mobile – we work with Native SDKs for iOS and Android. We also work at times with cross-platform tools such as Titanium, PhoneGap and Configure.IT. For creating stunning UI and Graphics, we use a combination of software such as Adobe Photoshop, Sketch, Affinity, and Corel Suites.

I have a technical team at my end. Can you work in conjunction with them?

Of course. We’d love to collaborate with fellow team members at your end who can make a great team along with our team. We recommend hiring a team of people from our us – who can fill in the gap of your team to establish a perfect balance for your project.

İzleme ve Denetim

We collect information about you only if we need the information for some legitimate purpose. WORKINTEAM will have information about you only if (a) you have provided the information yourself, (b) WORKINTEAM has automatically collected the information, or (c) WORKINTEAM has obtained the information from a third party. Below we describe the various scenarios that fall under each of those three categories and the information collected in each one.

Information that you provide us

  1. Enquiry Form / Email / Third Party Partners to generate new enquiries : When you contact us using online web form, email to obtain or enquire regarding one or more of our services, we ask for information like your name, contact number, email address, company name and country to complete the enquiry process. You may also provide us with more information such as your photo, time zone and language, but we don’t require that information for initial contact. Once you submit the enquiry in any above mentioned form, our legitimate employees will have direct access to your information to further process the enquiry and contact you in regard with obtaining pre-sales information regarding your business and project related information.
  2. Surveys, Feedback and other form submissions: We record information that you submit when you (i) register for any event, including webinars or seminars, (ii) subscribe to our newsletter or any other mailing list, (iii) submit a form in order to download portfolio, company profile, whitepaper, or other materials, (iv) participate in contests or respond to surveys, or (v) submit a form to request customer support or to contact WORKINTEAM for any other purpose.
  3. Project Creation : When you acquire or sign a contract to buy any of our services, we ask you to provide your name, contact information, personal details, project related information, social media profile links and timezone. We store all of this information to our secured project management software (ERP).
  4. Payment processing : When you acquire or buy any of services from us, we ask you to provide your name, contact information, and credit card information or paypal. We NEVER STORE any of your Payment related information including credit card, bank details, paypal details or any other means through which your choose to make a payment. All payments are getting processed with secured servers of our Payment Gateway Service Providers.
  5. Testimonials : When you authorize us to post testimonials about our products and services on websites, we may include your name and other personal information in the testimonial. You will be given an opportunity to review and approve the testimonial before we post it. If you wish to update or delete your testimonial, you can contact us through this form.
  6. Interactions with WORKINTEAM : We may record, analyze and use your interactions with us, including email, telephone, and chat conversations with our sales, project management, account management and customer support professionals, for improving our interactions with you and other customers.

Information that we collect automatically

  1. Information from browsers, devices and servers : When you visit our websites, we collect information that web browsers, mobile devices and servers make available, such as the internet protocol address, browser type, language preference, time zone, referring URL, date and time of access, operating system, mobile device manufacturer, mobile network information and your geographic information. We include these in our log files to understand more about visitors to our websites.
  2. Information from first party cookies and tracking technologies : We use temporary and permanent cookies to identify users of our services and to enhance user experience. We also use cookies, tags, scripts, and other similar technologies to identify visitors, track website navigation, gather demographic information about visitors and users, understand email campaign effectiveness and for targeted visitor and user engagement by tracking your activities on our websites. We use third-party tracking services like google analytics and google tag manager to understand the behaviour of our website visitors and serve them better.
  3. Information from application logs and mobile analytics : We collect information about your use of our website and mobile applications from application logs and third party analytics tools, and use it to understand how your business use and needs can improve our services. This information includes clicks, scrolls, features accessed, access time and frequency, errors generated, performance data, and configurations, and devices used to access and their locations.

Information that we collect from third parties

  1. Referrals : If someone has referred any of our products or services to you through any of our referral programs, that person may have provided us your name, email address and other personal information. You may contact us through this form to request that we remove your information from our database. If you provide us information about another person, or if another person gives us your information, we will only use that information for the specific reason for which it was provided to us.
  2. Information from social media sites and other publicly available sources : When you interact or engage with us on social media sites such as Facebook, Twitter, Google+ and Instagram through posts, comments, questions and other interactions, we may collect such publicly available information, including profile information, to allow us to connect with you, improve our services, or better understand user reactions and issues. We must tell you that once collected, this information may remain with us even if you delete it from the social media sites.

Diğer Güvenlik Önlemleri

In addition to the purposes mentioned above, we may use your information for the following purposes:

  • To communicate with you (such as through email) about projects that you have and services that you have enquired for, changes to this Privacy Policy, changes to the Terms of Service, or important notices;
  • To keep you posted on new products and services, upcoming events, offers, promotions and other information that we think will be of interest to you;
  • To ask you to participate in surveys, or to solicit feedback on our products and services;
  • To set up and maintain your account, and to do all other things required for providing our services, such as enabling collaboration, requirement gathering, project development, and deployment of project;
  • To understand how users use our products and services, to monitor and prevent problems, and to improve our products and services;
  • To provide customer support, and to analyze and improve our interactions with customers;
  • To detect and prevent fraudulent transactions and other illegal activities, to report spam, and to protect the rights and interests of WORKINTEAM, WORKINTEAM’s users, third parties and the public;
  • To update, expand and analyze our records, identify new customers, and provide products and services that may be of interest to you;
  • To analyze trends, administer our websites, and track visitor navigations on our websites to understand what visitors are looking for and to better help them;
  • To monitor and improve marketing campaigns and make suggestions relevant to the user.