contact@world-trade-escrow.com +32 15 20 44 50

Policies

Our Different Policies

Ut possimus qui ut temporibus culpa velit eveniet modi omnis est adipisci expedita at voluptas atque vitae autem.

    • Your privacy is important to WorldEscrow. We are therefore pleased to provide this privacy policy to inform you of our practices with respect to the collection and use of information about visitors to our web site. By using this site, you consent to the following terms.


    • What we collect
      You may visit this web site and learn about WorldEscrow anonymously. The data that we regularly collect about visitors to our site (e.g., browser type, pages accessed, duration of visit, etc.) does not enable us to identify you. We also collect your IP address, but this information generally does not directly reveal your identity. Your IP address merely reveals the name of your access provider or company network. We do not use cookies, small files that are sent to your browser and stored on your hard drive to record how and when you use a site. We collect personally identifiable information about you only if you voluntarily provide your e-mail address to us by registering for our newsletter or when you request further information from us.

    • How we use it
      If you choose to provide us with your e-mail address or other (indirect) personally identifiable information, we will only use such information to send you our newsletter or to respond to your inquiry. When you unsubscribe from our newsletter your e-mail address will be deleted from our files. We will only disclose your personally identifiable information if we reasonably believe we are required to do so by law, regulation or other government authority. Notwithstanding the foregoing, we will never submit your personally identifiable information to third parties for whatever purpose, including but not limited to direct marketing purposes.

    • Links
      For your convenience, we have provided links to certain third party web sites, including but not limited to some of WorldEscrow’s clients and partners. If you choose to visit a third party's site, please be aware that the third party's privacy policy, and not WorldEscrow’s, will govern your activities and any information you disclose while visiting the third party's site.

    • Security
      Because any personally identifiable information you submit to ESCROW SERVICES online is purely voluntary and should not be of a particularly sensitive nature, we employ our standard security measures and do not use special encryption methods at this time. For www.escrow-deposits.com - our online deposit website - we obviously do make use of encryption methods. For more information about communicating with WorldEscrow and the use of this web site, please refer to our Disclaimer.

    • Policy Changes
      WorldEscrow reserves the right to change this privacy policy, and will post any revisions on this web site. Your continued use of this Web site will be subject to the then-current privacy policy.

    • Questions and Updates
      If you have any questions or suggestions about our privacy practices, or you wish to update or correct any personally identifiable information that you have chosen to provide to us, please feel free to contact us by e-mail using the contactform on this website.

    • The following bullet points make up the general WorldEscrow Security Policy.


    • Employee Responsibilities
      • All employees and authorized external parties to include but not limited to contingent workers, suppliers and business partners must be aware of their responsibilities to protect WorldEscrow information assets.
      • Employees and authorized external parties who identify, label, handle or dispose of WorldEscrow information assets must comply with the requirements of this Security Policy.
    • Use and Disclosure of Information
      • Employees and authorized external parties must only use WorldEscrow information assets for business purposes, internally or externally, based on business need and will take appropriate precautions to prevent unauthorized and unintentional disclosure of information assets. Appropriate precautions include but are not limited to: not discussing sensitive WorldEscrow business in public, only sharing information assets with authorized individuals with a business need to know, and properly disposing of information assets that are no longer needed.
    • Disclosure of Information
      • Disclosure of Information includes sharing information through both written and verbal channels, across all media, including, but not limited to, e-mail, internet and any social media, (for example: Facebook, Twitter, Linkedin).
      • WorldEscrow may disclose information of a sensitive nature to employees and internal personnel for business purposes and the execution of service only.
      • WorldEscrow may disclose sensitive information externally to customers, channel partners, suppliers, or any external party only when business needs require WorldEscrow to make such a disclosure. The identity of the receiving party is to be verified and an authorized and duly signed Non-Disclosure Agreement (NDA) executed between the receiving party and WorldEscrow.
        The sensitive information shall only be shared if there is an immediate need to know, and the party in question is directly related to the information. No customer information shall be shared with other customers without the explicit consent of the original owner of the information.
      • Non-Disclosure Agreements (NDAs) are designed for use in situations where it becomes necessary for WorldEscrow to disclose confidential information to, or receive confidential information from, parties outside WorldEscrow, or outside WorldEscrow’s immediate security measures.
      • It is the responsibility of every employee and authorized external party to understand WorldEscrow's policy with respect to the receipt, handling and disclosure of sensitive information and to know the basics of when and how to use an NDA appropriately.
      • WorldEscrow holds regular briefs to personnel and external partners regarding the handling, treatment, storage and/or disclosure of confidential or sensitive information.
    • WorldEscrow labels
      • WorldEscrow information assets must be identified, handled, labeled, and disposed of in accordance with the sensitivity of the content, as defined by WorldEscrow internal policies and procedures.
      • WorldEscrow's Labels are, in ascending order of sensitivity:
        • WorldEscrow Public – WorldEscrow public information is information which is either public knowledge before it came to the possession of WorldEscrow, or is by very nature considered public knowledge. Public Information includes, but is not limited to, marketing materials, open web-publications, offers, and references.
        • WorldEscrow Confidential - which is the label for any information that is to be restricted within WorldEscrow to only those internal parties receiving the information with a “need to know". Information that is labeled WorldEscrow Confidential must be properly protected to avoid unauthorized access and will only be posted on the Intranet or internet if it is password protected or otherwise placed in a way (that is, encryption) that it cannot readily be accessed by unauthorized parties.
        • WorldEscrow Private – this is the label that will be safeguarded through secure communications and - in case of electronically posted information – personal and specific authentication. All deposits fall under this category once uploaded to an external carrier.
      • WorldEscrow Private – this is the label that will be safeguarded through secure communications and - in case of electronically posted information – personal and specific authentication. All deposits fall under this category once uploaded to an external carrier.
    • Digital Media
      • The following media types are used in process of the escrow depositing : CD, DVD, USB stick, external drive, HD or FTP. All media related to the WorldEscrow FTP system will be encrypted or password protected.
      • WorldEscrow’s standard FTP channel consists of a forced SFTP portal with custom security suite. Regular FTP will only be employed on explicit request of the party communicating information to WorldEscrow.
      • WorldEscrow uses encrypted and secured e-mail and forced SFTP channels for internal communication.
      • WorldEscrow always recommends to use the latest encryption available to transmit data. A unique PGP key is available on demand at WorldEscrow for the purpose of encrypting the escrow deposit. PGP keys are used internally for any information labeled ‘Sensitive’ or above.
      • All digital media must be securely erased electronically by overwriting or physically destroyed prior to disposal or reassignment of the system.
    • Depositing via online depositing system
      • The online depositing system employed by WorldEscrow is standardly a forced SFTP system, run on a custom built server environment, subject to continuous monitoring, maintenance and updating. Standard FTP channels are available through a separate system only on explicit request of the client depositing.
      • The server environment is continuously tested for vulnerabilities, and managed in accordance with the security policy of the server provider and the joint Service License Agreement.
      • Once a deposit is transmitted, it is registered in WorldEscrow’s Internal Management system and the deposit is moved to an external carrier.
      • Once a deposit is uploaded to the external carrier, any copies remaining in the server environment or on live systems are destroyed without delay.
      • The external carriers are to be kept disconnected from live systems, other than for the purposes of verification.
    • Deposits arriving via email
      • In certain situation when the volume of the escrow deposit is very small it can arrive via email as compressed file (Zip, Rar, tar…) and password protected or encrypted. WorldEscrow does not promote this method of delivery.
      • Once the deposit with escrow material has arrived via email it is registered in WorldEscrow’s Internal Management system and moved to an external carrier. Further the same procedure is followed as described above in §6.
    • Security Processes for Handling and Disposing of Sensitive Information
      • WorldEscrow employees who handle sensitive information are responsible for disposing of sensitive information in a manner that prevents unauthorized disclosure of the material.
      • Sensitive material containers are available to employees for the collection of sensitive waste for disposal.
      • Any sensitive information on physical carrier, marked for destruction, will be physically shredded and – in case of physical electronic carriers – magnetized to such a degree that no trace information can be reconstructed.
      • Any sensitive information marked for destruction on operational systems will be scrubbed to such an extent that no trace information can be reconstructed.
      • During the disposal process, it may be necessary to temporarily store sensitive information until it can be further transported or destroyed.
      • Sensitive information is not allowed to be left in a state or position where it can be accessed without detection by unauthorized individuals.
      • Recycling of hardcopy information marked as ‘sensitive’ is not an acceptable form of disposal unless the sensitive information is crosscut according to the specifications above prior to recycling.
    • Supplier security requirements
      • Any supplier of WorldEscrow, which has a requirement to know or handle Sensitive Information – all or not on WorldEscrow’s behest, will be required to meet the following standards:
        • Have a duly signed and implemented Non-Disclosure agreement in place with WorldEscrow.
        • Have a documented security policy, meeting at least the standards of §10 below.
        • Have a controlled and limited access policy to locations where the information is kept or treated. In case of a provider of vault and storage locations, further conditions apply.
        • Have an on-site security system and alarming system, all or not set to specific requirements, based on a by-case evaluation of the situation and premises by WorldEscrow.
    • Supplier documented security procedures & minimum policy requirements
      • Security incidents (including theft or attempted thefts) concerning sensitive information and sensitive information waste must be reported to WorldEscrow as soon as possible.
      • Knowledge of WorldEscrow sensitive information being onsite is restricted only to persons with a need to know. The need to know status is determined in dialogue with, and subject to veto by WorldEscrow.
      • Keys and locks are registered and checked and changed regularly in areas where WorldEscrow 's sensitive information is stored.
      • Any deviations, discrepancies, suspicious events, or the discovery of inappropriate materials must be reported to the WorldEscrow Managing Director.
      • Employee termination procedures are in place to ensure the return of IDs, access cards, keys, and other sensitive information.
      • Sensitive information is stored in a dedicated, secured location, such as vaults, locked containers, or safes in case of physical information, and monitored, encrypted and secured computer systems in case of electronic storage.
      • Access to sensitive material storage areas is to be restricted solely to authorized personnel engaged in the process of functionally handling or disposing of the information.
      • Sensitive material must not be left unsecured or unattended during any transportation processes.
    • Securing Sensitive Information
      • Sensitive information, hardcopy or electronic, must be properly secured and stored to prevent unauthorized access at unattended desks, home offices, or mobile equipment.
      • WorldEscrow employees or subcontractors are expressly forbidden from making local copies of the material or information on personal devices, other than those used for the execution of professional services.
      • All copies made are to be cleared and registered with WorldEscrow prior to making, and are subject to the WorldEscrow security policy.
      • Laptops are theft targets when left in vehicles, and employees should refrain from leaving equipment in vehicles.
      • Removable digital media such as USB drives, external drives and printed reports are to be controlled and secured if workspace is unattended.
    • Special Events
      • Sensitive material identification and markings are to be used for event handouts, printed material, visual projections and other presentation material.
      • Unwanted information assets must be controlled and secured until they can be disposed of as required by this standard.
      • All information assets are to be removed from conference rooms after meetings by the host.
      • Whiteboards are to be erased.
      • Flip chart papers are to be destroyed.
      • Mobile phones are to be turned off during sensitive meetings to prevent unintended transmissions.
      • Avoid discussing or working on sensitive information in common areas.
      • When traveling, maintain visual control of mobile equipment.
    • Security rules for hardware components
      • WorldEscrow employees and contractors are urged to physically secure their PCs, laptop, and other electronic devices by using credentials that are at least 8 characters containing at minimum one capital letter and one number.
      • Desktops/laptops must be securely protected by anti-virus software, and subjected to regular manual checks by WorldEscrow Technical Service.
      • Best practices are to be recommended to WorldEscrow personnel or subcontractors:
        • Run an anti-malware software at least once per week.
        • Do not download suspicious or unapproved software from unfamiliar websites.
        • Subject electronic devices to a regular manual update check by WorldEscrow Technical Service
      • in case the employee or subcontractor leaves his or her dedicated workstation, all electronic devices are to be logged off or request password authentication if the period of unattendance was longer than 60 seconds when on WorldEscrow premises, and immediately when in non-controlled premises.
      • The server environment is to be operated to the highest security standards. A custom security agreement is in place with Combell NV/SA, contracted to operate and monitor the security of the environment on a permanent basis.
      • Any WorldEscrow system is to be password protected, and will be subject to a change of password at least twice per year.
    • Secure Encryption keys management
      • Encryption keys are generated in pairs (a public and private part) on a per-purpose basis.
        The pair is shared and appointed to two (2) people of WorldEscrow NV, and deleted after use.
      • For internal use, WorldEscrow shall generate key pairs as needed, for the duration needed, and shared between two (2) people at WorldEscrow NV at minimum, but shall be purpose defined, and deleted after fulfilment of said purpose.
      • No internet connection is allowed on dedicated WorldEscrow systems during the decryption process.
      • FTP login credentials are created randomly by the presiding employee on the FTP server.
      • Credentials for the FTP server are being changed for every deposit.
      • WorldEscrow personnel with access to personal FTP folders on WorldEscrow systems will not be allowed to share the credentials for their personal folders with any unauthorized person or persons, except for the Administration and Operations coordinator of WorldEscrow internally.
    • Banks & Vaults policy
      • WorldEscrow ensures storage of all deposits in two vaults at different banks at different geographical locations.
      • All vaults at banks contracted to this end will employ a three-step registered access management system, containing at least a physical access barrier to the general premises, identification of person(s) entering the vault environment, and physical protection of vault environment.
      • All vault environments selected must be adapted to house the carrier types selected. Practically, this means that all vaults selected are to protect carriers within against magnetic and electronic external attacks, as well as limit accessibility.
      • WorldEscrow ensures that vaults meet or exceed this minimum in person on a regular basis.
      • Different personnel has access to different vaults. The number of people having access to any one vault is never more than four or less than two.
      • Overlap between personnel having access to particular vaults is expected, but WorldEscrow ensures that the access to the vaults is arranged in such a fashion that the removal of any combination of personnel, short of the removal of the entire firm at once, will not cause all vaults to be inaccessible at any one time.