We promise that we never have and never will sell, lease, share, rent, or barter your contact details, or any of your business information entered into our systems. This includes both personal information and any aggregated information that may be gathered.
We do not gather information about your personal use of our web site, other than standard web-usage statistics as gathered by marketing products such as Google Analytics.
The following statement relates to the services we provide from our .NET web sites.
SERVER SECURITY, PERFORMANCE, MONITORING, & BACKUP
Our servers are hosted and maintained by UKFast who are one of the country’s leading ISPs. The hardware is built using leading-edge Dell, CISCO, and Microsoft technology, protected by hardware and software firewalls. UKFast operate a secure, air-conditioned data centre, with fully independent redundant power supplies, and multiple connections to the internet via different providers, and supported by teams of highly qualified IT specialists.
The health of the servers is continuously monitored using basic “ping” tests of the web sites. In addition we also monitor CPU performance, disk usage, and communications traffic to alert us instantly of any service outage, so we can respond and correct any issue as quickly as possible.
The server only runs client web sites, with no experimental development, and no access to the server other than by our system’s administrator and our lead developer.
The server includes mail services with additional anti-spam and anti-virus checks. We operate a software firewall on the server, in addition to the hardware firewall configured by the ISP. Both of us continuously monitor and block denial-of-service attacks, and attempts to crack the security mechanisms of the site. The server software is updated with the latest security fixes and patches provided by Microsoft, and we follow all recommendations made by the Microsoft Baseline Security Advisor.
Recovery backups are continuously updated. When deemed necessary by some clients we also maintain fail-over mirror web sites on other web servers.
Using standard Windows/IIS security we protect the contents of the web site by denying access to the folders and files unless necessary, and providing protection against denial of service attacks.
The web site is built using Microsoft .NET framework using programming techniques which eliminate code injection attacks. We can control whether users are allowed to use weak or strong passwords. We can also if necessary force periodic changes to password. Access to the security configuration of the web sites is controlled to authorised users only. Secure HTTP and FTP access to folders to the site and folders can be protected if necessary via SSL encryption.
Communications with your custom web site are protected using SSL certificates. Users of the site know that their communications are encrypted to the highest level and secure from prying eyes with a padlock symbol appearing in their browser.
GENERAL DATA PROTECTION REGULATION
Business Net Solutions is a “Data Processor” on behalf of clients using our servers. Those clients own the data we store on their behalf, and are the respective “Data Controllers”. In the event of a system failure, or data breach, we will notify our clients with the timeframe mandated by GDPR and the clients’ service contracts.
Our ISP (UK Fast) is certified to ISO 27001 standard for Information Security Management Systems. They perform a regular security audit of our solution, and provide threat monitoring, mitigation of DDOS attacks, dedicated CISCO hardware firewall.
Your application will be compliant with the provisions of the General Data Protection Regualtion as follows:
We protect the security of our servers following the advice of the Microsoft Baseline Security Advisor. This will be regularly audited and any security or procedural weaknesses will be acted on.
No data will be exported or used by any business other than the client.
All data will be stored within the UK and will not be moved from the server other than for the purposes of backup to another secure server.
All client records will be deleted at the expiry of the contract (after a specified period of grace).
Access to the records is controlled solely by user access rights granted by the client to its users.
Changing of user security will only be undertaken following phone conversation and email confirmation with the client’s agreed point of contact.
Ultimately however, Business Net Solutions is providing a cloud service to you the client, and it is your responsibility to register, monitor, and comply with the provisions of GDPR.
MOBILE SCORECARD AND GDPR
All communications between our servers and the Mobile Scorecard app are encrypted.
We enforce the usage of strong passwords by all users.
When a user downloads and registers to use the app, they acknowledge that the details they provide are necessary for, and will only be used to communicate with them. No data will be sold or communicated to any other party, other than the owner of the application.