Security Policy

Secure Website Access

  • All access to the website will be secured using HTTPS protocol.
  • Passwords will be hashed and salted before being stored in the database.
  • Two-factor authentication (2FA) will be implemented for all user accounts.

Data Protection

  • All sensitive information entered into the website will be encrypted in transit.
  • Personal information, such as name, address, phone number, age, license number, and location, will be protected using encryption.
  • User comments and questions will be stored in a secure database accessible only to authorized personnel.
  • Regular backups of the website and its database will be taken, and backup data will be stored off-site.

Access Control

  • Access to the website’s backend system will be granted only to authorized personnel with a legitimate need to know, such as managing directors and website maintenance personnel.
  • User accounts with administrator access will require a strong password and must be changed every 90 days.

Data Protection Laws Compliance

  • The website will comply with applicable data protection laws, such as the ICO Data Protection Act.
  • A Data Protection Officer (DPO) will be appointed to ensure compliance with data protection laws.
  • Data subjects will be informed about their rights under data protection laws, such as the right to access, rectify, and erase their personal information.

Incident Response

  • An incident response plan will be developed to respond to any security incidents promptly.
  • All incidents will be reported to the appropriate authorities.