Data protection policy
01. Management of user accounts and connections
1.1 Creation of accounts
Creation of user accounts linked to campaigns (administrators, customers, supervisors and agents) with choice of consultation or action privileges depending on the status and security rules.
Password management (Bcrypt hash).
A new password will be requested every 2 months for all users.
1.2 Login
Login to our Monali Hub calling platform requires two-step authentication.
A unique alphanumeric code is transmitted by SMS or email. Each new connection requires 2-step authentication.
1.3 Security Check IP Address Detection
A notification about an unusual connection with a different IP address is sent to the administrator for a security check.
02. Storage and Transfer of Campaign Data and Information
2.1 Campaign start | Data transfer (2 solutions)
1. Monali HUB on the Amazon S3 cloud hosted in Montreal
2. Monali SFTP - SFTP Secure File Transfer Protocol is a network protocol for securely accessing, transferring and managing large files and sensitive data.
2.2 During the campaign
NAS - Monali Drive | Network Attached Storage | network storage
Access to databases on our network limited to 3 key people in the company bound by confidentiality agreements. Agents or supervisors do not have access to databases. They only have access to individual donor data.
During the configuration of a campaign, the representatives of our customers who will have the authorization to export the transaction databases will be identified. And any export of databases will also require a 2-step authentication (SMS or email) .
2.3 End of campaign - campaign archiving
Sandisk SSD with Secure Acces
Use of SanDisk Secure access software to archive campaign data. All files are locked, data is moved to the vault and can only be accessed with a password. Only the IT director has access to it.
The data is then erased from the Monali Hub and Monali Drive platform.
03. Security
3.1 Wi-fi
Administrator - Wifi connection on WPA2 - Cyberghost VPN
Agents - A check is made to ensure the WI-FI WPA2 configuration for all company staff agents and developers
3.2 Data and credit cards
No credit card number is saved internally. The data is only saved in the secure payment platforms of our customers.
3.3 Security investigations
When hired, the agents pass a security screening carried out by an external firm. They also sign a confidentiality agreement aimed at protecting our customers' data. Zero tolerance internally for anything that affects the integrity of an agent.
04. Access
| Data | Export | Donors | Dashboard | Informations | Mon HUB | |
|---|---|---|---|---|---|---|
| Administrator | x | x | x | x | x | x |
| Clients | x | x | x | x | ||
| Supervisor | x | x | x | |||
| Agents | x | x |
05. Privacy Officer at Groupe Monali
Lise Baillargeon
By email: lise@groupemonali.com
By phone: 514-237-7044
By mail:
Groupe Monali Inc.
Attention: Privacy Officer
1039 rue de la source
Prévost, Quebec J0R1T0