Last updated: 10/03/25
1. Introduction
Welcome to Geritdan (“We,” “Us,” “Our”). This Security Policy outlines the measures and protocols we implement to safeguard the integrity, confidentiality, and availability of our cryptocurrency exchange platform. Our commitment is to protect our clients, their assets, and their personal data in compliance with Polish legislation and international standards.
2. Scope
This Security Policy applies to all employees, contractors, partners, and third-party service providers of Geritdan. It covers all systems, networks, data, and processes associated with our cryptocurrency exchange services provided through our Website accessible at geritdan.com (the “Website”).
3. Definitions
Cryptocurrency: Digital or virtual currencies that use cryptography for security and operate independently of a central authority.
Personal Data: Any information relating to an identified or identifiable natural person.
AML Act: Polish Act on Counteracting Money Laundering and Terrorist Financing.
CTF: Counter-Terrorist Financing.
GDPR: General Data Protection Regulation (EU Regulation 2016/679).
Incident: Any event that compromises the security, integrity, or availability of information or systems.
Two-Factor Authentication (2FA): A security process that requires two different forms of identification before granting access.
4. Security Principles
Our security framework is based on the following principles:
Confidentiality: Ensuring that information is accessible only to those authorized to have access.
Integrity: Safeguarding the accuracy and completeness of information and processing methods.
Availability: Ensuring that authorized users have access to information and associated assets when required.
5. Data Protection and Privacy
5.1. Compliance with GDPR and Polish Data Protection Laws
We adhere to the GDPR and the Polish Act on Personal Data Protection. Personal Data is processed lawfully, fairly, and transparently.
5.2. Data Encryption
All Personal Data is encrypted both in transit and at rest using industry-standard encryption protocols TLSv1.3, with integrity verified by the SHA-256.
5.3. Data Minimization
We collect only the Personal Data necessary for the purposes of providing our services and complying with legal obligations.
5.4. Data Retention
Personal Data is retained only for as long as necessary to fulfill the purposes for which it was collected, in accordance with legal requirements.
6. Access Control
6.1. User Authentication
Registration: Users must register with a valid email address and create a strong password.
Two-Factor Authentication (2FA): All users must enable 2FA to access their accounts.
6.2. Role-Based Access Control (RBAC)
Access to systems and data is granted based on the principle of least privilege. Employees and contractors are assigned roles with permissions appropriate to their responsibilities.
6.3. Regular Access Reviews
Periodic reviews of user access rights are conducted to ensure appropriate access levels are maintained.
7. Network and Infrastructure Security
7.1. Firewall and Intrusion Detection Systems
We implement advanced firewalls and intrusion detection/prevention systems (IDS/IPS) to monitor and protect our network from unauthorized access and threats.
7.2. Secure Hosting Environment
Our servers are hosted in secure data centers that comply with international security standards (e.g., ISO 27001). Physical access to these data centers is strictly controlled and monitored.
7.3. Regular Security Assessments
Routine vulnerability assessments and penetration testing are conducted to identify and mitigate potential security weaknesses.
8. Transaction Security
8.1. Secure Wallet Management
Cold Storage: The majority of cryptocurrencies are stored in offline cold wallets to minimize exposure to online threats.
Hot Wallets: Limited amounts of cryptocurrency required for daily operations are kept in secure hot wallets with robust security measures.
8.2. Transaction Monitoring
All transactions are continuously monitored for suspicious activities. Automated systems flag unusual patterns for further investigation.
8.3. Multi-Signature Authentication
Critical transactions require multi-signature authorization to ensure that no single individual can execute a transaction independently.
9. Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF)
9.1. Compliance with AML Act
We comply with the Polish Act on Counteracting Money Laundering and Terrorist Financing by implementing robust AML and CTF measures.
9.2. Customer Due Diligence (CDD)
KYC Procedures: Comprehensive Know Your Customer (KYC) procedures are conducted to verify the identity of our clients.
Ongoing Monitoring: Continuous monitoring of transactions and client activities to detect and report suspicious behavior.
9.3. Reporting Obligations
We are obligated to report any suspicious activities or transactions to the General Inspector of Financial Information (GIFI) in Poland in accordance with the AML Act.
10. Incident Response
10.1. Incident Response Plan
We maintain a detailed Incident Response Plan that outlines the steps to be taken in the event of a security breach or incident.
10.2. Incident Detection and Reporting
All employees and contractors are trained to recognize and promptly report security incidents. Automated systems aid in the early detection of potential breaches.
10.3. Incident Management
Upon detection of an incident, our response team will:
11. Physical Security
11.1. Data Center Security
Physical access to data centers is restricted to authorized personnel only. Surveillance systems and access controls are in place to prevent unauthorized entry.
11.2. Office Security
Our offices are secured with access controls, surveillance cameras, and security personnel to protect against unauthorized access and physical threats.
12. Employee Training and Responsibilities
12.1. Security Awareness Training
All employees and contractors receive regular training on security best practices, data protection, and their responsibilities under this Security Policy.
12.2. Confidentiality Agreements
Employees and contractors are required to sign confidentiality agreements to protect sensitive information.
12.3. Security Responsibilities
Each employee has specific security responsibilities, including safeguarding their login credentials, reporting suspicious activities, and adhering to security protocols.
13. Third-Party Security
13.1. Vendor Assessment
All third-party service providers undergo a thorough security assessment to ensure they meet our security standards and comply with relevant Polish legislation.
13.2. Data Sharing Agreements
We establish formal agreements with third parties that stipulate the security measures and data protection requirements they must adhere to.
13.3. Continuous Monitoring
Third-party relationships are continuously monitored to ensure ongoing compliance with our security policies and standards.
14. Compliance and Auditing
14.1. Regulatory Compliance
We ensure compliance with all applicable Polish laws and regulations related to data protection, financial services, and cryptocurrency exchanges.
14.2. Internal Audits
Regular internal audits are conducted to evaluate the effectiveness of our security measures and identify areas for improvement.
14.3. External Audits
Periodic external audits by independent security experts are performed to validate our compliance and security posture.
15. Policy Review and Updates
15.1. Regular Reviews
This Security Policy is reviewed and updated annually or as needed to reflect changes in legal requirements, security threats, and business operations.
15.2. Notification of Changes
Significant changes to this policy will be communicated to all relevant stakeholders through official channels.
16. Contact Information
For any questions or concerns regarding this Security Policy, please contact us at:
Geritdan Sp. z o.o.
Hoza street 86/210, Warsaw, 00-682, Poland
Email: [email protected]
______________________________________________________
Appendix A: Technical Security Measures
Encryption Standards:
Firewall Configurations:
Intrusion Detection and Prevention:
Regular Software Updates:
Secure Coding Practices:
Backup and Recovery:
Monitoring and Logging:
______________________________________________________
Appendix B: Organizational Security Measures
Data Protection Officer (DPO):
A designated DPO oversees data protection strategies and ensures compliance with GDPR and Polish data protection laws.
Security Governance:
A security governance framework is established to manage security policies, procedures, and responsibilities across the organization.
Access Control Policies:
Detailed policies define access rights and permissions based on roles and responsibilities.
Employee Onboarding and Offboarding:
Secure procedures are in place for granting and revoking access rights during employee onboarding and offboarding processes.
______________________________________________________
Appendix C: Incident Response Procedures
Identification and Reporting:
Clear procedures for identifying and reporting security incidents.
Containment and Mitigation:
Steps to contain and mitigate the impact of security incidents.
Investigation and Analysis:
Processes for investigating the cause and scope of incidents.
Communication:
Protocols for internal and external communication during and after incidents.
Recovery:
Strategies to restore systems and services to normal operations.
Post-Incident Review:
Evaluation of incident handling to improve future responses and security measures.
______________________________________________________
Appendix D: Compliance Checklists
GDPR Compliance:
AML/CTF Compliance:
Financial Regulations:
______________________________________________________
Conclusion
At Geritdan, security is paramount. This Security Policy is designed to protect our clients, their assets, and their personal data. By adhering to this Policy, we ensure a secure and trustworthy environment for all users of our cryptocurrency exchange services.
Hoza street 86/210, Warsaw, 00-682, Poland
Geritdan