1. Entrance Control 
2. System Access Control 
3. Data Access Control 
Website data is hosted at Bytemark, please refer to their DPA for this information.

4. Transmission Control 
We recommend implementing HTTPS on websites to securely encrypt data during transmission over the internet.

5. Data Entry Control 
The client as the Data Controller will ensure they have mapped their overall data entry points and who can access data, and thereby can identify which points take place on their website. This will typically be via user forms, newsletter signups and checkout processes. Refer to our GDPR section for articles on users rights to Access, Rectification, Erasure. Administrators entering or accessing data on the website are controlled via system login and User Access Control permissions with auditing available for key activities.

6. Data Processing Control 
Refer to our GDPR section for articles on users rights to Restricted Processing, Right To Object, Data Portability, Deleting Form Data.

7. Availability Control 
Website data is hosted at Bytemark, please refer to their DPA for this information and also our article on Website Data Storage & Security concerning our own measures at an REC+ application level and admin access by our support staff.

8. Separation Control
REC+ software achieves separation of personal data from one and any other customer, and customers can access their own data as detailed in the article The Right Of Access (User Login To View Their Data). Data collected for different purposes, such as forms and orders, is stored and accessed separately within the system.