top of page

DATA SECURITY AND PRIVACY POLICY

Business Net Solutions Ltd is committed to the security and privacy of your data. This policy states our privacy practices for you, during your visit to our websites. Our mission in implementing this privacy policy is to first protect your information, and second, use it only to provide you with the highest quality, most personalised information services available.

 

PRIVACY

 

We promise that we never have and never will sell, lease, share, rent, or barter your contact details, or any of your business information entered into our systems. This includes both personal information and any aggregated information that may be gathered.

COOKIES

 

We do not gather information about your personal use of our web site, other than standard web-usage statistics as gathered by marketing products such as Google Analytics.

CHANGES TO PRIVACY POLICY

 

We reserve the right to change or update this Privacy Policy. If you feel that we are not abiding by this privacy policy, or have any questions, then you should contact us immediately via telephone at 01908-236807 (UK).

The following statement relates to the services we provide from our .NET web sites.

SERVER SECURITY, PERFORMANCE, MONITORING, & BACKUP

 

Our servers are hosted and maintained by UKFast who are one of the country’s leading ISPs. The hardware is built using leading-edge Dell, CISCO, and Microsoft technology, protected by hardware and software firewalls. UKFast operate a secure, air-conditioned data centre, with fully independent redundant power supplies, and multiple connections to the internet via different providers, and supported by teams of highly qualified IT specialists.

The health of the servers is continuously monitored using basic “ping” tests of the web sites. In addition we also monitor CPU performance, disk usage, and communications traffic to alert us instantly of any service outage, so we can respond and correct any issue as quickly as possible.

The server only runs client web sites, with no experimental development, and no access to the server other than by our system’s administrator and our lead developer.

The server includes mail services with additional anti-spam and anti-virus checks. We operate a software firewall on the server, in addition to the hardware firewall configured by the ISP. Both of us continuously monitor and block denial-of-service attacks, and attempts to crack the security mechanisms of the site. The server software is updated with the latest security fixes and patches provided by Microsoft, and we follow all recommendations made by the Microsoft Baseline Security Advisor.

Recovery backups are continuously updated. When deemed necessary by some clients we also maintain fail-over mirror web sites on other web servers.

Using standard Windows/IIS security we protect the contents of the web site by denying access to the folders and files unless necessary, and providing protection against denial of service attacks.

The web site is built using Microsoft .NET framework using programming techniques which eliminate code injection attacks. We can control whether users are allowed to use weak or strong passwords. We can also if necessary force periodic changes to password. Access to the security configuration of the web sites is controlled to authorised users only. Secure HTTP and FTP access to folders to the site and folders can be protected if necessary via SSL encryption.

SECURE COMMUNICATIONS

 

Communications with your custom web site are protected using SSL certificates. Users of the site know that their communications are encrypted to the highest level and secure from prying eyes with a padlock symbol appearing in their browser.

 

GENERAL DATA PROTECTION REGULATION

Business Net Solutions is a “Data Processor” on behalf of clients using our servers. Those clients own the data we store on their behalf, and are the respective “Data Controllers”. In the event of a system failure, or data breach, we will notify our clients with the timeframe mandated by GDPR and the clients’ service contracts.

Our ISP (UK Fast) is certified to ISO 27001 standard for Information Security Management Systems. They perform a regular security audit of our solution, and provide threat monitoring, mitigation of DDOS attacks, dedicated CISCO hardware firewall.

Your application will be compliant with the provisions of the General Data Protection Regualtion as follows:

We protect the security of our servers following the advice of the Microsoft Baseline Security Advisor. This will be regularly audited and any security or procedural weaknesses will be acted on.

No data will be exported or used by any business other than the client.

All data will be stored within the UK and will not be moved from the server other than for the purposes of backup to another secure server.

All client records will be deleted at the expiry of the contract (after a specified period of grace).

Access to the records is controlled solely by user access rights granted by the client to its users.

Changing of user security will only be undertaken following phone conversation and email confirmation with the client’s agreed point of contact.

Ultimately however, Business Net Solutions is providing a cloud service to you the client, and it is your responsibility to register, monitor, and comply with the provisions of GDPR.

MOBILE SCORECARD AND GDPR

 

All communications between our servers and the Mobile Scorecard app are encrypted.

 

We enforce the usage of strong passwords by all users.

 

When a user downloads and registers to use the app, they acknowledge that the details they provide are necessary for, and will only be used to communicate with them. No data will be sold or communicated to any other party, other than the owner of the application.

 

In addition, each time a user collects data on a device, they are reminded to accept about our data privacy policy and security controls.

GDPR
bottom of page