VPN Access & Usage Policy

General provisions

Access to and use of the VPN also access to the network of UAB “Girteka Competence Center” (hereinafter – the Company) or its subsidiaries, affiliates, parent or holding companies of Girteka group will be controlled by Company’s staff who will issue authentication credentials (e.g., a unique user ID and Password) to authorized users on the company’s which shall provide works and/or services to the Company (hereinafter – Contractor) staff.

Company’s IT division will provide all necessary information and support in order to access the resources via a VPN connection.

Please be advised VPN connection credentials are personal and not to be disclosed to any other person of the Contractor, Company or any third party for any reason whatsoever. The connection credentials must be memorized, and it is strictly forbidden to store it electronically or physically.

In case of compromising the VPN connection credentials or there is a reasonable suspicion of such compromise The Contractor or authorized user will immediately inform the Company’s IT division (via e-mail ServiceSupport@girteka.eu) and will follow its instructions and shall provide full cooperation.

The access shall be granted only strictly for the purposes of providing proper services/works to the Company under the contract and any other activities which are not necessary to achieve the goal herein shall be considered as an unauthorized activity.

Authorized user shall use VPN only for provision of the services/works

VPN authorized user will be automatically disconnected from the VPN after 8 hours after connection. The user must then logon again to reconnect to the network.

Authorized users shall not use the VPN for web surfing that does not otherwise require it for access. When the authorized user has completed accessing VPN, they must end the VPN session prior to normal web access.

Any use of devices allowing split-tunneling is strictly forbidden and considered as a breach of this policy.

All computers connected to our internal networks via VPN must use the most up-to-date anti-virus software that is the corporate standard; this includes personal computers.

Contractor and authorized user must configure their equipment to comply with Company’s VPN policy and standards.

The change of authorized user

The Contractor or authorized user will immediately notify Company’s staff whenever an authorized user in possession of such credentials is terminated or otherwise leaves the employ of the Contractor, and whenever an authorized user’s duties change such that the authorized user no longer requires access to perform work under the contract, and any other reason caused the authorized user lose the right to access.

The Contractor or authorized user will:

inform the Company’s IT division (via e-mail ServiceSupport@girteka.eu)
provide information in writing about a new person to be granted a VPN connection

After receiving the aforementioned notification and the Company’s IT division shall terminate the authorized user’s access and shall provide new credentials for the new authorized user only after all the necessary information is provided and other procedural steps taken.

Password requirements

Login passwords must be changed every 2 months. Password requirements shall be implemented by the standards set up by the Company’s IT division.

Term of access

Access shall be granted only for the period in accordance and then will be terminated immediately, except when the contract is renewed, and it has been documented.

Right to monitor, control and terminate

Company reserves the right to control and closely monitor any and all activities via VPN and on Company’s network. For this purpose the Company reserves right to use various methods, including but not limited to, periodic walk-through, firewall reports, video monitoring, internal and external audits, and inspection via various security tools.

Authorized user irrevocably consents to such monitoring and control provisions.

Such monitoring can be carried out for the following purposes:

to ensure the compliance of the Company with legal requirements;
to ensure the investigation of information security incidents;
to discover cases of fraud or breaches as well as to establish necessary preventive measures;
to ensure the protection of confidential data of the Company and data transmitted by its clients that are processed by the Company from their transfer to third parties;
to ensure the integrity, uninterrupted operation of the Company’s information systems and their protection from hacking, data theft, and malware;
to ensure an adequate quality level of the services being provided by the Company.

In case of any infringements, breaches, violations of the provisions hereof, the contract between Company and Contractor, the applicable law, as well as unauthorized activities or there is a reasonable suspicion of the possibility of such breaches, violations, infringements, illegal, illicit activities, the VPN access will be terminated immediately without any prior warning until a separate agreement, or until incidents resolved.

Liability

The Contractor and an authorized user shall indemnify and hold Company harmless from any infringement claim made against Company due to any illicit and/or unauthorized activities within the Company’s network which would cause any losses, damages and infringement to the rights of third parties.

The Contractor and an authorized user shall be liable for any loses and damages (including consequential damages) due to compromised connection credentials, infringements, breaches, violations of the provisions hereof, the contract between Company and Contractor, the applicable law and other acts and omissions as a result of the use of right of VPN and network access.

Any and all delays to provide services/works under the contract shall be considered as a breach of contract due to Contractor’s fault in case the VPN and network access was terminated due reasons set forth within clause 5 or clause 2 when the Contractor would not provide a required details for a new authorized user.

Cookie	Expiry date	Description
pll_language	1 year	This cookie name is associated with the Polylang plug-in for WordPress powered websites. it stores a language preference for the visitor to support multilingual websites. When set as a persistent cookie, or with the default lifespan of 1 year, it has to be considered Functional rather than strictly necessary.
cookielawinfo-checkbox-necessary	1 year	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category ‘Necessary’.
PHPSESSID	During the session	The PHPSESSID cookie is native to PHP and enables websites to store serialised state data. It is used to establish a user session and to pass state data via a temporary cookie, which is commonly referred to as a session cookie. (expires when you close your browser)
wordpress_test_cookie	During the session	WordPress sets this cookie when you navigate to the login page. The cookie is used to check whether your web browser is set to allow, or reject cookies.

Cookie	Expiry date	Description
_ga	2 years	Used to distinguish users to calculate visitor, session and campaign data.
_gid	24 hours	Used to distinguish users on a website to generate statistical information about their use of the website
_gid	24 hours	Used to distinguish users on a website to generate statistical information about their use of the website
_gat_UA-47406720-5	10 minutes	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
DV	7 minutes	This cookie is used to save the user’s preferences and other information. This includes in particular the preferred language, the number of search results to be displayed on the page as well as the decision as to whether the Google SafeSearch filter should be activated or not.
OTZ	7 minutes	Cookie used by Google Analytics that provides an aggregate analysis of Website visitors
_hjid	1 year	Hotjar cookie. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behaviour in subsequent visits to the same site will be attributed to the same user ID.
_hjTLDTest	During the session	When the Hotjar script executes we try to determine the most generic cookie path we should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, we try to store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed.
_hjAbsoluteSessionInProgress	30 minutes	This cookie is used to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjIncludedInPageviewSample	30 minutes	This cookie is set to let Hotjar know whether that visitor is included in the data sampling defined by your site’s pageview limit.
_ym_uid	2 years	These cookies are used to measure and analyse the traffic of this website. These are the cookies used by Yandex Metrica script belonging to the company Yandex.
_ym_d	1 year	Saves the date of the user’s first site session
CONSENT	18 years	Set by Google. This group sets a unique ID to remember your preferences and other information such as website statistics and track conversion rates.
1P_JAR	15 days	Set by Google. This group sets a unique ID to remember your preferences and other information such as website statistics and track conversion rates.

Cookie	Expiry date	Description
SEARCH_SAMESITE	4 months	This cookie is used to prevent the browser from sending this cookie along with cross-site requests.
viewed_cookie_policy	6 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
rs6_overview_pagination	2 years	Cookie is set by Slider Revolution, tracks downtime and other browser related issues. Helps us track if something should go wrong in the UI

Cookie	Expiry date	Description
_fbp	2 months	Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers
_uetsid	1 day	This is a cookie utilised by Microsoft Bing Ads and is a tracking cookie. It allows us to engage with a user that has previously visited our website. This is a Microsoft cookie.
SIDCC	1 year	This cookie carries out information about how the end user uses the website and any advertising that the end user may have seen before visiting the said website.
SAPISID	2 years	Google collects visitor information for videos hosted by YouTube.
SSID	2 years	Google collects visitor information for videos hosted by YouTube on maps integrated with Google Maps.
SID	2 years	Security cookie to confirm visitor authenticity, prevent fraudulent use of login data and protect visitor data from unauthorized access.
__Secure-3PSID	2 years	Builds a profile of website visitor interests to show relevant and personalized ads through retargeting.
HSID	2 years	This cookie is set by DoubleClick (which is owned by Google) to build a profile of the website visitor’s interests and show relevant ads on other sites.
ANID	1 year	Lists ads on Google sites based on recent searches.
_uetvid	16 days	This is a cookie utilised by Microsoft Bing Ads and is a tracking cookie. It allows us to engage with a user that has previously visited our website.
APISID	2 years	Personalizes Google ads on websites based on recent searches and interactions.
__Secure-3PAPISID	2 years	Builds a profile of website visitor interests to show relevant and personalized ads through retargeting.
__Secure-3PSIDCC	1 year	Builds a profile of website visitor interests to show relevant and personalized ads through retargeting.
handl_ip	1 month	It records your I.P address in your browser.
handl_original_ref	1 month	Records the URL from which you came from to our site.
handl_url	1 month	The URL on which we placed the code that generates this cookie is stored.
handl_landing_page	1 month	This records the very first page you visited on our site in your browser.
handl_landing_page	1 month	This records the very first page you visited on our site in your browser.

VPN rules

VPN Access & Usage Policy