Data Privacy Notice

SAFETY4 LIMITEDS POLICY ON USER PRIVACY & DATA PROTECTION

Safety 4 Limited is committed to protecting the privacy of its customers, clients & employees. We believe that privacy and data protection of our customers, clients, suppliers and employees are basic human rights.

We have a duty of care to all persons whose name is held within our data, we will never sell, distribute or make public any of your personal information and we will only contact you by email or telephone when we need to in order to;

• answer any questions or queries you may have
• arrange online training for you or your staff.
• inform you of any updates in the system
• tell you of any new or changing legislation that may affect your business
• conduct normal business transactions

We would also like to contact you occasionally just to ensure that you are getting the best from our online system and to offer any assistance that you may require.

Principles relating to processing of personal data

Safety4 Limited endorses and adheres to the principles of Data Protection as set out in the General Data Protection Regulation 2018 that state that personal data must be;

1. processed lawfully, fairly and in a transparent manner in relation to the data subject
2. collected for specified, explicit and legitimate purposes only
3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
4. accurate and, where necessary, kept up to date
5. kept for no longer than is necessary for the purposes for which the personal data are processed
6. processed in a manner that ensures appropriate security of the personal data

Under the GDPR, Safety 4 Ltd is the 'Controller' of the personal data you provide to us.

What we need

We collect and hold basic data about your company that may include including the name of the company and its main directors, trading address, telephone number and email address. We do not collect any sensitive information.

Why we need it

We need to know your company details in order to set up your online account and provide you with information so you can use our online system. We may also need to contact you from time to time either telephone or by email to provide you with updates on H & S issues and online training.

What we do with it

All company data collected by Safety 4 Ltd, is processed in the UK by Safety 4 Ltd staff. For the purposes of IT hosting and maintenance this information is located on servers within the UK. No third parties have access to your personal data.

How long we keep it for

We keep your data ie; (name, address, contact details) for as long as you continue to use our online products and services.

Your data will be securely kept file on with us until you notify us that you no longer wish to use our services. All data about your company will be deleted from all servers within 40 days of your notification.

What we would also like to do with it

Your company email address or telephone number may be used to contact you to let you know of any new features or safety issues that may be of interest to you. We will never use your data for marketing purposes nor shall we pass your information to any other company for marketing or any other purpose.

This information is not shared with third purposes and you can unsubscribe at any time via telephone or email to support@safety4ltd.com.

Contact forms & emails

Should you choose to contact us using the contact form on our 'Contact us' page or via email, no data you provide will be stored on our website or passed to any of the third party data processors. The data you provide will be collated into an email and sent to us directly through our chosen email provider G-Suite .

Where links are provided to other websites, these are provided in good faith with all links having been verified to the best of our knowledge, as being safe sites.

SECURITY

We have a rigid Data Protection regime in place to oversee the effective and secure processing of your personal data. Details of our server & data protection procedures are listed in a separate document

SSL Certificate

Access to our website and online system is secure having SSL Certification. SSL Certificates are small data files that digitally bind a cryptographic key to an organization's details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser.

OUR THIRD PARTY DATA PROCESSORS

We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with relevant data legislation.

• Google (Privacy Policy)
• Questionwriter (Privacy Policy)
• Mailchimp (Privacy Policy)
• HA247 (Privacy Policy)

What are your rights?

Should at any time you believe that the information we process on you is incorrect you can request to see this information and have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner's Office (ICO).

Our Data Protection Officer is Tony Keetley - you can contact him at tony.keetley@safety4ltd.com

Data Security Document

Our online systems Safety4bodyshops.com, Myelephantmail.com & Equiplog.com are hosted on secure servers provided by HA247 Limited. Information regards the security of data and building security is as detailed below.

Security

Security is Safety 4 Limited's highest priority and it has driven our choice of third-party server providers to host our online systems. For this reason we use HA247 limited who's data centre, server configuration, software and procedures are as below:

Server continuity, back-ups and preservation of data

HA247 High Availability servers have fully automated failover. Their High Availability service uses three servers per client (Linux or Windows dedicated server, plus real-time replication server, plus separate data back-up server in a geographically separate data centre.

Daily back-ups are kept for 30 days by default, or longer if required. HA247 ensures that replication between the primary server and replication server is consistent. If a server fails, ARCHI monitoring software will issue the command to fail over the server within 30 seconds. If the server fails to start due to file corruption, HA247 will repair the server from the latest complete backup.

Firewalls: hardware and kernel-based

All HA247 servers are supplied with software firewalls. In Linux servers this is IP Tables, and with Windows it is Windows own firewall.

Network security and mitigation of malicious cyber-attacks (e.g. DoS and DDoS)

HA247 data centre systems are fully automated and analyze traffic before it hits the client's server to identify an attack and automatically disrupt it.

Operating System security maintenance

OS security is automatically updated. System checks are put in place to ensure all security updates are applied correctly.

Intrusion detection and prevention

OSSIM and OSSEC (HIDS) intrusion detection systems are deployed to provide an alert to potential attack and security threats.

Log monitoring and IP blocking

Fail2Ban is installed on all Linux servers so they can monitor logs for attacks such as SSH, FTP or for example Word Press logins, and block an offending IP address.

Data Centre Physical / Data security

HA247's IceCoLo Manchester Data Centre facility is owned and operated by M247, a global leader in data centre facilities. The Data Centre is accredited ISO27001 for physical / data security, and is PCI compliant.

HA247's data centre partner hosts multiple websites for large financial institutions and the NHS. The building itself is located in a secure fenced and gated compound, with multiple physical security layers. It is manned 24/7/365 by expert staff deploying:

• CCTV surveillance cameras
• Advanced VESDA laser smoke detection
• FM200 Fire Suppression gas discharge with fully trained staff
• Access controlled maglock internal doors
• Locked cabinets, cages and safes are also available.

Data Centre connectivity and network capacity

• Multiple diverse and redundant optical fibre entry points
• 80-gigabits of live Internet connectivity
• Cost effective IP transit available
• Cost effective Layer2 Ethernet circuits
• Astra Satellite feeds available
• NHS N3 connectivity
• Extensive and expanding advanced 10 / 20 Gbps IP and MPLS network connected directly to 7 of the world's largest and most important Internet exchanges
• Resilient European network ring spanning Manchester, London, Amsterdam, Frankfurt, Paris and Belgium with a full M247 London bypass
• Direct peering relationships with 70% of all the European ISPs
• Range of national network operators on-site, including BT, Virgin Media, Cable & Wireless and KCOM

Date: March 2018