Statement of Data and Security

We follow certain workflows and guidelines every time we process personal and sensitive information. Our document, email, notes, and image storage all leverage secure cloud technology. This is, aside from paper records and hard copies, the only place we hold and index data.

Cloud Providers We Use

Our company email fully supports opportunistic encryption over TLS, if your email provider supports this then it will be available. All online cloud services we use are fully encrypted when they are over-the-air. Access to information is restricted and secured - we have unique staff credentials for each member of HR, Management or IT which have tiered access. Please refer to our security layers overleaf.

Cloud providers we use:

• Google – G Suite for Business
  • Storage, Email, Notes, Photos, Documents, Calendar
    • ISO 27001 Certified, ISO 27017 Certified, ISO 27018 Certified
    • GDPR Compliant - Data Processing Amendment (v2.0)
• Amazon – Amazon Web Services
  • Networking, Website Deployment
    • ISO 27001 Certified, ISO 27017 Certified, ISO 27018 Certified
    • GDPR Compliant - Data Processing Addendum (DPA)
    • CISPE Compliant

How We Process Your Data

How we process your data will depend on how you contact us or send information to us. It will also depend on the contractual obligations/requirements we have to you and you have to us. There is a “data processing map” available with this document.

How We Keep Your Data Safe

We take data handling very seriously and have security policies no matter how we store the information. Paper records are archived in our office behind specialty locks, a security alarm system, and CCTV. Electronic records are stored on our secure “Cloud” which utilizes Google Business Architecture. Access to data storage is strictly limited to Management, HR and Technical staff who require it. If you contact us over social media, please refer to their respective privacy and security policies regarding your data.

Steps We Take To Keep Information Secure

HR/Administration/Management/IT Staff Team

Locally [in the office]

1. Bitlocker Drive Encryption – all our office workstations/laptops use full drive encryption. This means, that without genuine authentication, data is unreadable.
2. Windows 10 Pro – we use the latest version of Windows software designed for professionals. Enhanced feature support for security, networking, and organizational use ensures we are on the cutting edge of security enhancements and fixes.
3. Staff Login Credentials – our workstations use tiered and limited access, each with its own unique user identification and complex password.
4. WPA2-AES – whenever wireless networks are used they are fully encrypted to WPA2-AES standards using hardware designed for businesses by UniFi.
5. Activity Logs – purpose for audit logging, all our workstations have advanced security and history logging, our internet access points monitor the network traffic at all times.

Online [in the cloud] [Permanent SSL encryption is enforced throughout these processes]

1. Staff Login Credentials – access to our online business cloud has segmented/individual accounts with in-house username and complex passwords.
2. 2-Factor Authentication – additional security measures require all our authentication staff to use 2-Factor Authentication for cloud access.
3. Tiered Access – access to information, administration, and auditing is restricted to only those who require it for their contractual duties.
4. Activity Logs – purpose for audit logging: we record access to, changes to, updates of, additions of, and deletions of data. Our cloud activity logs also record security and access events.
5. Session Limits – session limitations access to our business cloud is not authenticated for