Data Security Statement
IDFG maintains the highest standards of data security and client confidentiality. Our comprehensive security framework protects sensitive financial information and ensures compliance with international data protection regulations.
Last Updated: December 2024
Core Security Principles
Confidentiality
All client information, transaction details, and strategic discussions are maintained under strict confidentiality agreements with multi-layered access controls.
Encryption
Industry-standard AES-256 encryption for data at rest and TLS 1.3 for data in transit ensures that sensitive information remains protected at all times.
Compliance
Full compliance with GDPR, SOC 2, and international financial data protection standards, with regular third-party audits and certifications.
Security Policies & Procedures
Data Collection & Usage
IDFG collects only the minimum necessary information required to provide advisory services and structure development finance transactions. Personal and organizational data is collected through secure channels and stored in encrypted databases with restricted access.
Information we collect includes: Contact details, organizational information, project specifications, financial data, and transaction documentation. All data is used exclusively for the purpose of delivering advisory services and is never shared with third parties without explicit written consent.
Access Controls & Authentication
Multi-factor authentication (MFA) is required for all team members accessing client data. Role-based access control (RBAC) ensures that personnel can only access information necessary for their specific responsibilities.
All access attempts are logged and monitored. Regular access reviews are conducted to ensure compliance with the principle of least privilege. Terminated employees have access revoked immediately upon departure.
Infrastructure & Network Security
Our IT infrastructure is hosted in SOC 2 Type II certified data centers with 24/7 physical security, redundant power systems, and climate controls. Network traffic is monitored continuously for anomalies and potential security threats.
Security measures include: Firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS), regular vulnerability scanning, penetration testing, and automated backup systems with geographic redundancy.
Incident Response & Breach Notification
IDFG maintains a comprehensive incident response plan that is tested quarterly. In the unlikely event of a data breach, affected clients will be notified within 72 hours in compliance with GDPR requirements.
Our incident response team includes cybersecurity specialists, legal counsel, and senior management. All incidents are documented, investigated, and used to strengthen security protocols.
Data Retention & Disposal
Client data is retained only for the duration necessary to fulfill contractual obligations and comply with legal requirements. Financial transaction records are maintained for seven years in accordance with international accounting standards.
Upon expiration of the retention period, data is securely deleted using cryptographic erasure methods that render information permanently unrecoverable. Clients may request early deletion of their data subject to regulatory constraints.
Compliance & Certifications
IDFG maintains compliance with the following international standards and regulations:
- •GDPR (General Data Protection Regulation): Full compliance with EU data protection requirements including data subject rights, consent management, and cross-border data transfers.
- •SOC 2 Type II: Annual audits verify security, availability, processing integrity, confidentiality, and privacy controls.
- •ISO 27001: Information security management system (ISMS) certification demonstrating systematic approach to managing sensitive information.
- •PCI DSS: Payment Card Industry Data Security Standard compliance for handling financial transactions.
- •CCPA (California Consumer Privacy Act): Compliance with California privacy regulations for U.S.-based clients.
Your Rights & Responsibilities
Client Data Rights
Under GDPR and other data protection regulations, you have the following rights regarding your personal and organizational data:
- •Right to Access: Request copies of your data we hold
- •Right to Rectification: Request correction of inaccurate data
- •Right to Erasure: Request deletion of your data (subject to legal obligations)
- •Right to Data Portability: Receive your data in a structured, machine-readable format
- •Right to Object: Object to processing of your data for specific purposes
Reporting Security Concerns
If you identify a potential security vulnerability or have concerns about data protection, please contact our security team immediately:
Email: [email protected]
Response Time: Within 24 hours for security-related inquiries