Information Security Policy

Digital Leo 

​

1. Purpose

The purpose of this Information Security Policy is to ensure that information assets handled by Digital Leo are protected against unauthorized access, disclosure, alteration, and destruction. This policy establishes guidelines for safeguarding company systems, client data, and operational processes in order to maintain confidentiality, integrity, and availability of information.

​

2. Scope

This policy applies to all employees, contractors, and third parties who have access to Digital Leo systems, data, and services. It covers all digital platforms, communication channels, and operational tools used to support client services.

​

3. Information Security Principles

Digital Leo is committed to maintaining the following security principles:

• Confidentiality – Ensuring that sensitive information is accessible only to authorized individuals.

• Integrity – Protecting information from unauthorized modification or tampering.

• Availability – Ensuring systems and data remain accessible for authorized business operations.

​​

4. Access Control

Access to systems and client data is restricted to authorized personnel only and is granted based on business requirements. Appropriate authentication methods such as passwords and account permissions are used to control access.

​

5. Data Protection

Digital Leo takes reasonable measures to protect client and business data by:

• Using secure communication channels and trusted service platforms

• Limiting data access to authorized personnel

• Avoiding unnecessary storage of sensitive information

• Following applicable data protection and privacy requirements

Client interactions and messaging data related to marketing campaigns may be processed through third-party platforms such as LINE Official Account services, which maintain their own enterprise-level security controls.

​

6. Third-Party Services

Digital Leo may rely on reputable third-party platforms and service providers to deliver certain services. These providers are selected based on reliability, security capabilities, and compliance with applicable standards.

​

7. Risk Management

Digital Leo periodically reviews operational processes to identify potential risks related to information security. Appropriate mitigation measures are implemented where necessary to reduce potential security risks.

​

8. Incident Management

If a security incident or data breach is suspected, the issue will be investigated promptly. Appropriate corrective actions will be taken to contain the incident and prevent recurrence.

​

9. Policy Review

This policy will be reviewed periodically and updated as necessary to reflect changes in business operations, technology, and regulatory requirements.