How we and other organisations will keep your personal data safe

We endeavour to keep all data safe by taking all reasonable precautions to protect data from misuse, loss and unauthorized access, modification or disclosure. Examples of our security are as follows:

• Encryption, meaning that information is hidden so that it cannot be read by anybody who does not have the special key (such as a password). This is done with a secret code or what’s called a ‘cypher’. The hidden information is said to then be ‘encrypted’.
• We carefully control access to systems and networks only allowing authorised people to view your personal information.
• We train our staff on how to handle personal and special category information and how and when to report when something goes wrong.
• We regularly test our systems and network to ensure they are safe and secure.
• We work hard to ensure that our systems are up to date with the latest security enhancements.
• We use anti-virus software to protect our systems and data.
• We operate from secure premises.
• We operate a clear desk policy which ensures that all data is securely stored when not in use.
• We have robust contracts with our suppliers to ensure they operate to the same high standards that we do.
• We review all contracts of business regularly, and ensure that our key suppliers apply the same levels of protection, security and confidentiality we apply. From time to time we may need to process some of your data using third party processors located in countries outside of the European Economic Area (EEA), for example, for the purposes of data hosting, analytics, credit searches and fraud prevention. If your data is processed outside of the EEA, we will take all necessary steps to ensure it is adequately protected. This includes ensuring there is an agreement in place with the third parties which provides the same level of protection as required by the data protection regulations in the UK and EEA.