SAFETY4 LIMITEDS POLICY ON USER PRIVACY & DATA PROTECTION
Safety 4 Limited is committed to protecting the privacy of its customers, clients & employees. We believe that privacy and data protection of our customers, clients, suppliers and employees are basic human rights.
We have a duty of care to all persons whose name is held within our data, we will never sell, distribute or make public any of your personal information and we will only contact you by email or telephone when we need to in order to;
We would also like to contact you occasionally just to ensure that you are getting the best from our online system and to offer any assistance that you may require.
Principles relating to processing of personal data
Safety4 Limited endorses and adheres to the principles of Data Protection as set out in the General Data Protection Regulation 2018 that state that personal data must be;
Under the GDPR, Safety 4 Ltd is the 'Controller' of the personal data you provide to us.
What we need
We collect and hold basic data about your company that may include including the name of the company and its main directors, trading address, telephone number and email address. We do not collect any sensitive information.
Why we need it
We need to know your company details in order to set up your online account and provide you with information so you can use our online system. We may also need to contact you from time to time either telephone or by email to provide you with updates on H & S issues and online training.
What we do with it
All company data collected by Safety 4 Ltd, is processed in the UK by Safety 4 Ltd staff. For the purposes of IT hosting and maintenance this information is located on servers within the UK. No third parties have access to your personal data.
How long we keep it for
We keep your data ie; (name, address, contact details) for as long as you continue to use our online products and services.
Your data will be securely kept file on with us until you notify us that you no longer wish to use our services. All data about your company will be deleted from all servers within 40 days of your notification.
What we would also like to do with it
Your company email address or telephone number may be used to contact you to let you know of any new features or safety issues that may be of interest to you. We will never use your data for marketing purposes nor shall we pass your information to any other company for marketing or any other purpose.
This information is not shared with third purposes and you can unsubscribe at any time via telephone or email to email@example.com.
Contact forms & emails
Should you choose to contact us using the contact form on our 'Contact us' page or via email, no data you provide will be stored on our website or passed to any of the third party data processors. The data you provide will be collated into an email and sent to us directly through our chosen email provider G-Suite .
Where links are provided to other websites, these are provided in good faith with all links having been verified to the best of our knowledge, as being safe sites.
We have a rigid Data Protection regime in place to oversee the effective and secure processing of your personal data. Details of our server & data protection procedures are listed in a separate document
Access to our website and online system is secure having SSL Certification. SSL Certificates are small data files that digitally bind a cryptographic key to an organization's details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser.
OUR THIRD PARTY DATA PROCESSORS
We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with relevant data legislation.
What are your rights?
Should at any time you believe that the information we process on you is incorrect you can request to see this information and have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner's Office (ICO).
Our Data Protection Officer is Tony Keetley - you can contact him at firstname.lastname@example.org
Data Security Document
Our online systems Safety4bodyshops.com, Myelephantmail.com & Equiplog.com are hosted on secure servers provided by HA247 Limited. Information regards the security of data and building security is as detailed below.
Security is Safety 4 Limited's highest priority and it has driven our choice of third-party server providers to host our online systems. For this reason we use HA247 limited who's data centre, server configuration, software and procedures are as below:
Server continuity, back-ups and preservation of data
HA247 High Availability servers have fully automated failover. Their High Availability service uses three servers per client (Linux or Windows dedicated server, plus real-time replication server, plus separate data back-up server in a geographically separate data centre.
Daily back-ups are kept for 30 days by default, or longer if required. HA247 ensures that replication between the primary server and replication server is consistent. If a server fails, ARCHI monitoring software will issue the command to fail over the server within 30 seconds. If the server fails to start due to file corruption, HA247 will repair the server from the latest complete backup.
Firewalls: hardware and kernel-based
All HA247 servers are supplied with software firewalls. In Linux servers this is IP Tables, and with Windows it is Windows own firewall.
Network security and mitigation of malicious cyber-attacks (e.g. DoS and DDoS)
HA247 data centre systems are fully automated and analyze traffic before it hits the client's server to identify an attack and automatically disrupt it.
Operating System security maintenance
OS security is automatically updated. System checks are put in place to ensure all security updates are applied correctly.
Intrusion detection and prevention
OSSIM and OSSEC (HIDS) intrusion detection systems are deployed to provide an alert to potential attack and security threats.
Log monitoring and IP blocking
Fail2Ban is installed on all Linux servers so they can monitor logs for attacks such as SSH, FTP or for example Word Press logins, and block an offending IP address.
Data Centre Physical / Data security
HA247's IceCoLo Manchester Data Centre facility is owned and operated by M247, a global leader in data centre facilities. The Data Centre is accredited ISO27001 for physical / data security, and is PCI compliant.
HA247's data centre partner hosts multiple websites for large financial institutions and the NHS. The building itself is located in a secure fenced and gated compound, with multiple physical security layers. It is manned 24/7/365 by expert staff deploying:
Data Centre connectivity and network capacity
Date: March 2018