Polar Cape is committed to compliance with the General Data Protection Regulation (GDPR). Information security is an integral part of the daily work for everyone at Polar Cape.

Polar Cape Security Practices and Policies

Physical Security

Customer data is never to be replicated outside of the production environment and is never to be replicated onto employee workstations. Employee devices are required to time out and lock after a maximum of ten minutes of inactivity.

Key internal policies at Polar Cape includes:

  • No customer data to be stored on Polar Cape premises or in cloud services owned
    by Polar Cape.
  • No production data is to be used in test or development environments

Access Control

All customer data is considered highly sensitive and protected and access is least privilege. Only authorized and trained members of the Polar Cape support team have access to
Polar Cape is fit for the General Data Protection Regulation customer systems and user data. Those who do have access to data are only permitted to view it for troubleshooting purposes.

We maintain a list of members of the Polar Cape support teams with access to customer environment. These members are approved by the customer account manager. Another
list allows all relevant roles to access code, as well as the development and test environments. These lists are reviewed quarterly and on role change. Upon role change or leaving the company, the credentials of Polar Cape employees are deactivated, and their sessions are forcibly logged out. From there, all accounts are removed or changed.

Key internal policies at Polar Cape includes:

  • Customer account team onboarding must ensure new team members reads and understands the customer processing instructions defined in the relevant Data Processing Agreement


Polar Cape Macedonia uses Deutsche Telekom as its network service provider. See Telekom’s commitment to GDPR and network security here.

Email encryption

Office 365 secure communication is used with Transport Layer Security (TLS). Emails containing personal information are labelled accordingly and deleted as per the retention policy for that label.

Security Awareness and Confidentiality

Data protection awareness and customer data access policies are covered during employee onboarding as appropriate to the role and employees are updated as relevant policies or practices change. Employees also sign a confidentiality and Non-disclosure Agreement. In the event that a security policy is breached by an employee, Polar Cape reserves the right to determine the appropriate response, which may include termination.

Information Security Governance

We HAVE conducted A information audit to map data flows and documented what personal data we hold, where it came from, who we share it with and what we do with it. We have nominated a data protection lead and security governance has been added as a standard reporting area on our steering board WHERE WE manage information risks in a structured way so that management understands the business impact of personal data related risks and manages them effectively.