Data Security and Privacy Policy

Business Net Solutions Ltd is 100% committed to the security and privacy of your data. This policy states our privacy practices for you, during your visit to our websites. Our mission in implementing this privacy policy is to first protect your information, and second, use it only to provide you with the highest quality, most personalised information services available.

PRIVACY

We promise that we never have and never will sell, lease, share, rent, or barter your contact details, or any of your business information entered into our systems. This includes both personal information and any aggregated information that may be gathered.

COOKIES

We do not gather information about your personal use of our web site, other than standard web-usage statistics as gathered by marketing products such as Google Analytics.

CHANGES TO PRIVACY POLICY

We reserve the right to change or update this Privacy Policy. If you feel that we are not abiding by this privacy policy, or have any questions, then you should contact us immediately via telephone at 01908-236807 (UK).

The following statement relates to the services we provide from our .NET web sites.

SERVER SECURITY, PERFORMANCE, MONITORING, & BACKUP

Our servers are hosted and maintained by Fast Hosts who are one of the country’s leading ISPs. The servers are built using the leading-edge technology, and running Microsoft Windows 2008 Standard edition 64 bit, and SQL Server 2012 web edition 64 bit. Fast Hosts operate a secure, air-conditioned data centre, with fully independent redundant power supplies, and multiple connections to the internet via different providers, and supported by teams of highly qualified IT specialists. Fast Hosts guarantee 99.99% availability.

The health of the servers is continuously monitored using basic “ping” tests of the web sites. In addition we also monitor CPU performance, disk usage, and communications traffic to alert us instantly of any service outage, so we can respond and correct any issue as quickly as possible.

The server only runs client web sites, with no experimental development, and no access to the server other than by our system’s administrator and our lead developer.

The server includes mail services with additional anti-spam and anti-virus checks. We operate a software firewall on the server, in addition to the hardware firewall configured by the ISP. Both of us continuously monitor and block denial-of-service attacks, and attempts to crack the security mechanisms of the site. The server software is updated with the latest security fixes and patches provided by Microsoft, and we follow all recommendations made by the Microsoft Baseline Security Advisor.

Backups of all databases, web files and binaries are downloaded daily to our offices. When deemed necessary by some clients we also maintain fail-over mirror web sites on other web servers.

Using standard Windows/IIS security we protect the contents of the web site by denying access to the folders and files unless necessary, and providing protection against denial of service attacks.

The web site is built using Microsoft .NET framework using programming techniques which eliminate code injection attacks. We can control whether users are allowed to use weak or strong passwords. We can also if necessary force periodic changes to password. Access to the security configuration of the web sites is controlled to authorised users only. Secure HTTP and FTP access to folders to the site and folders can be protected if necessary via SSL encryption.

SECURE COMMUNICATIONS

Communications with your custom web site can optionally be protected using a GeoTrust® SSL certificate. Users of the site know that their communications are encrypted to the highest level and secure from prying eyes with a padlock symbol appearing in their browser.

data security and privacy policy

UK DATA PROTECTION ACT

Your application will be compliant with the provisions of the UK Data Protection act as follows:

  ·         We protect the security of our servers following the advice of the Microsoft Baseline Security Advisor. This will be regularly audited and any security or procedural weaknesses will be acted on.

  ·         No data will be exported or used by any business other than the client.

  ·         All data will be stored with the UK and will not be moved from the server other than for the purposes of backup to another secure server.

  ·         All client records will be deleted at the expiry of the contract (after a specified period of grace).

  ·         Access to the records is controlled solely by user access rights granted by the client to its users.

  ·         Changing of user security will only be undertaken following phone conversation and email confirmation with the client’s agreed point of contact.

Ultimately however, Business net Solutions is providing a cloud service to you the client, and it is your responsibility to register, monitor, and comply with the provisions of the Data Protection Act.