IT security and data protection

We ensure full security of private data

“Safety and compliance are our priority. All of our activities are compliant with the highest standards of safety and regulatory compliance. Our goal is to protect our customers' data and build trust through strong security practices.”

Zenia Karastoyanov

CEO, BidFinance

How BidFinance takes care of its security policy

2-factor authentication (2FA)

Access to BidFinance is secured by a two-factor authentication (2FA) mechanism and authorizations provided by the Auth0 (Identity as a Service) platform.

Cloud data backup

We ensure full data security using advanced IT solutions based on the Microsoft Azure platform.

Infrastructure independence

The Platform does not require any integration with the Partner's systems and infrastructure, so there is no risk of gaining unauthorized access to the Partner's systems via the Platform.

OWASP software building standard

The system is secured against security incidents in accordance with OWASP level 1 guidelines.

Encryption

Communication with the BidFinance system takes place securely using HTTPS encryption mechanisms

External security auditor

The platform is regularly tested by an independent entity specialising in penetration testing (our security policy assumes repeating these tests at least every 2 years and after each significant system release).

IT stability and security thanks to reliable partnerships

We have decided that BidFinance must use the safest standard used by most European financial systems: Microsoft Azure Cloud - accepted by most banks in the EU, ISO security certificates.

How BidFinance maintains its data storage policy

We do not process personal data

BidFinance does not store or process personal data of clients (debtors). All data is anonymised on the Partner's side before being added to the Platform.

Minimizing the amount of data used

The platform stores the financial parameters of debts and their history, as well as loan documentation templates.

Constant contact and flexible responsiveness

The exact scope of data transferred is each time agreed with the Partner and depends on his decision and on the type of portfolio, product, stage of affairs, security, etc.

White and blocklist

The list of entities authorized to participate in the auction is always accepted by the Partner. Thanks to the 'white' and 'block' list mechanisms, the Partner can precisely indicate the entities authorized to access a given auction.

Data transmission security

The data is transferred only by manual upload of files by the Partner via the Platform.

Cloud security

Data is stored in the Microsoft Azure cloud with guaranteed storage within the EU.

BidFinance partner verification process

Basic information

BidFinance is a web application available through a web browser.

BidFinance is a B2B platform that is not available, despite the general availability of the website, to anonymous Internet users.

Only employees designated by the Partner have access to the Platform.

Verification protocol

The user account is created by a BidFinance employee only for persons indicated by the Partner on the basis of signed documents.

Partners (Buyers and Sellers) are added each time based on BidFinance's internal procedure.

Before adding the Partner to the Platform, the BidFinance employee verifies the Partner in the databases:

  • KRS (Poland);
  • Central Register of Beneficial Owners
  • (Poland);
  • List of public warnings from the Polish Financial Supervision Authority
  • (Poland);
  • List of entities authorized by the Polish Financial Supervision Authority to manage securitized receivables of a securitization fund
  • (Poland).

To a similar extent, Buying Partners are verified before they are granted access to each auction.

Additionally, the Selling Partner each time decides which Buyers have access to the auctions he lists.

We constantly monitor the changing law

Observing regulatory changes important for companies from the financial and technological sectors allows us to quickly react and adapt to security needs. That's why we keep up to date with these legislative initiatives:

The European Union Directive NIS2 (known in Poland as NCSS) covers, among others, strengthening cybersecurity resilience.

DORA (ang. Digital Operational Resilience Act) - establishes uniform requirements for the security of networks and IT systems in the financial sector and for key ICT service providers who provide ICT (Information and Communication Technologies) services to the financial sector.

Still have questions?

Contact us

More information

FAQ
Documents
Security

Social media

LinkedIn

© BidFinance 2023. All rights reserved

Information about cookiesPrivacy policy