1. Introduction

At Malipex, a brand of Annex Universe Ltd, we are committed to protecting the security and privacy of our users. This Security Policy outlines the practices, procedures, and measures we implement to ensure that your personal data, payment information, and account details are handled with the utmost security. By using our wallet platform and services, you agree to the terms outlined in this policy.

2. Information Security Objectives

• Data Protection: Safeguard all forms of personal and financial data from unauthorized access, modification, or destruction.
• Compliance: Ensure compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR).
• Continuous Improvement: Regularly review and improve our security protocols to address emerging threats.
• Employee Awareness: Empower employees with security knowledge to safeguard sensitive data and prevent cyber threats.

3. Data Protection and Privacy

• Data Encryption: All sensitive data, including personal and financial details, are encrypted during transmission via SSL/TLS encryption. Data stored on our servers is also encrypted to protect against unauthorized access.
• Data Minimization: We collect only the necessary information to provide our services and ensure security. Any data collected is used only for the purposes stated in our Privacy Policy.
• User Privacy: We limit access to personal information to authorized employees and partners based on a need-to-know basis, ensuring compliance with GDPR principles.

4. Authentication and Access Control

• Multi-Factor Authentication (MFA): MFA is required for all users and employees accessing the platform, ensuring secure login processes and additional layers of protection.
• Role-Based Access Control (RBAC): Access to sensitive data and system features is granted based on employees' roles within the organization. Users can only access features necessary for their specific functions.
• Strong Password Policies: We enforce strict password policies, requiring complex and regularly updated passwords. All passwords are stored securely and protected from unauthorized access.

5. Cybersecurity Measures

• Firewall Protection: Our network infrastructure is secured with advanced firewalls to protect against unauthorized access and cyberattacks.
• Intrusion Detection and Prevention: We employ intrusion detection systems (IDS) to monitor suspicious activity and respond to potential security breaches in real time.
• Anti-Malware Protection: We deploy anti-malware solutions across our systems to protect against viruses, Trojans, and other malicious software.

6. Incident Response and Reporting

• Incident Response Plan: In the event of a data breach or security incident, we follow a comprehensive incident response plan that involves identifying, containing, and mitigating the issue.
• User Notification: If a security breach occurs, we will notify affected users promptly in compliance with GDPR regulations, providing them with the necessary information and guidance on how to protect their accounts.
• Security Audits: Regular audits and penetration testing are conducted to assess the effectiveness of our security measures and identify areas for improvement.

7. Third-Party Security

• Vendor Security: We ensure that third-party partners and vendors, who process or store sensitive data, comply with the same security standards that we follow. This is verified through regular security assessments and audits.
• Data Sharing: Sensitive information is shared only through secure methods and with trusted third parties, such as payment processors, who follow strict security protocols.

8. Employee Training and Awareness

• Ongoing Security Training: All employees at Malipex are trained on best practices for maintaining data security, identifying phishing attempts, and adhering to privacy laws.
• Security Culture: We cultivate a culture of security within the organization, encouraging staff to report suspicious activities and continuously improve security awareness.

9. Physical Security

• Restricted Access: Our physical premises are secured with access control systems to restrict entry to authorized personnel only. Server rooms and data centers are secured to prevent unauthorized physical access.
• Surveillance Systems: Security cameras are deployed across the premises to monitor access points and ensure physical security.

10. Data Retention and Disposal

• Data Retention: We retain user data only for as long as necessary to provide our services or comply with legal requirements. Once the data is no longer needed, it is securely deleted.
• Secure Data Disposal: When disposing of physical and digital assets containing sensitive data, we ensure secure erasure and destruction, preventing data recovery.

11. Compliance and Legal Requirements

• GDPR Compliance: As part of Annex Universe Ltd, Malipex adheres to GDPR regulations to ensure that all user data is processed lawfully, transparently, and securely. We uphold the rights of users, including the right to access, rectification, and deletion of personal data.
• PCI DSS Compliance: We comply with Payment Card Industry Data Security Standards (PCI DSS) to ensure the secure processing of payments and protect credit card information.
• Data Protection Officer: We have a designated Data Protection Officer (DPO) to ensure compliance with all data protection laws and handle user inquiries about data privacy.

12. Updates to the Security Policy

We periodically review and update our security practices to address emerging risks and improve data protection. Any changes to this policy will be communicated through our website and via email notifications, where applicable.

13. Contact Us

If you have any questions or concerns about our security practices, please contact us:

Email: security@malipex.com

Whatsapp: +256 394 501 790
Address: 1.Malipex, 2nd, College House, 17 King Edwards Rd, Ruislip HA4 7AE, United Kingdom

                 2.Makerere hill road, Wandegeya Kampala, Kampala Uganda

 Annex Universe Ltd