We implement and maintain technical and organisational measures to protect data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access and have contracts in place with sub-processors to do the same. This includes physical security, firewalls, establishing secure and authorised connections to the server infrastructure, intruder detection, encrypting passwords and taking regular backups of data which are tested on a weekly basis.
The security measures help ensure ongoing confidentiality, integrity, availability and resilience of our systems and services; to help restore timely access to personal data following an incident; and for regular testing of effectiveness.
We may update or modify the security measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the services.
We take appropriate steps to ensure compliance with our security measures by our employees to the extent applicable to their scope of performance, including ensuring that all persons authorised to process personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
We operate a multi-layered approach to security including vulnerability scanning, intrusion detection, regular software maintenance and application of security patches, robust development and release processes, separation control, strong password management and rate limiting (read in full in this article). We also provide a PCI Compliance scanning service (see link below).
Other links that provide additional or complementary information:
- Our Data Processing Agreement
- Technical & Organisational Security Measures
- Website Development Lifecycle, Data Storage & Security
- Legislative, Data Protection & Major Changes
- Payment Processors PCI Compliance & SSL Certificates
- PCI DSS Compliance - Scanning Service For Ecommerce Sites
- REC+ Terms & Conditions