How we keep your information safe

During your service with us, we collect lots of personal and sensitive information about you, and we take keeping your data safe very seriously. To accomplish this, we have our own expert teams and use a mature information security management system so that your data will be treated appropriately and won’t end up in the wrong hands. To achieve this, we use a three-layered approach: People, Processes and Technology.

We use a number of technology systems to control how your data is accessed and secured. Our technology covers multiple levels of our systems to ensure we can control your data from end to end. All our users are trained in the best ways of handling personal data and confidentiality and follow strict policies and procedures to ensure security is kept to a high level.

We operate role-based access control which means users access to your personal information is limited dependant on the task they carry out as part of their role.

We test our systems regularly using both internal and external testers and auditor to ensure weaknesses are identified and rectified.

We are ISO27001 accredited, which is an internal standard for information security.  We also maintain cyber essentials certification which is a set of technical controls we comply with to protect ourselves against common online security threats.

In all our operations we will:

  • Keep your information confidential
  • Staff and third parties attend annual Data Protection training
  • Only share your information with authorised and vetted third parties, agencies or people
  • Use it lawfully, fairly and in a transparent way
  • Keep your personal information for as long as necessary for the purposes we have told you about
  • Protect your data and keep it secure
  • Have contractual obligations for data management and protection when outsourcing functions to third parties to process your personal information on our behalf
  • Carry out security and cyber security checks