Privacy & security

Our Social Enterprise’s data security and privacy standards

  1. We never pass on your personal information to anyone. Personal information is only disclosed with the user’s agreement, or if required by law.
  2. Users’ personal data is only collected when the user registers through an online account. When the user asks to register, a simple privacy and security conversation is generated on the users mobile phone or web page. This conversation explains the key elements of this policy, and asks the user to agree to them.
  3. This website is a secure (HTTPS encrypted) site. SSL is used as the standard security technology for establishing an encrypted link between our web server and your browsers. This link ensures that all data passed between the web server and browser remain private.
  4. Each user account is completely private and only visible to you, and your home carer(s). Only to your doctors and nurses that you nominate in your account, if you register them and give them your login details.
  5. We never share user information with anyone. We are registered as a data controller with the UK Information Commissioner’s Office (ICO) and are compliant with the UK Data Protection Act 1998, and the new General Data Protection Regulation (GDPR) [(EU) 2016/679].
  6. We keep the connected database of users’ personalised data on a different server to that used for the website/ app.
  7. We do not use plain text files for person/patient data, but use encryption via international standard AES 256.
  8. We set a secure, minimum recommended password length for all our registered users. This is a password length of 10+ characters, including symbols, numbers, lowercase and uppercase characters. We offer them an Auto-Select facility via https://passwordsgenerator.net/.
  9. Your password for this site is generated on the user side, and is NOT sent across the Internet.
  10. We use 2 factor authentication, asking each user to register a personal answer to a common question such as mother’s maiden name.
  11. Site Visitors data will be protected by using electronic safeguards, Encryption, by Default, Firewalls, Monitoring Suspicious Activity, Security Testing, Data Backup and Recovery.
  12. Akismet is enabled on this site, so the contact form submission data (IP address, user agent, email address, site URL, and comment) is submitted to the Akismet service for spam checking.The actual submission data is stored in the database of the site on which it was submitted and is emailed directly to the site author who published the page on which the contact form resides. This email will include the submitter’s IP address, timestamp, name, email address, website, and message. The IP address is included as an abuse prevention measure. In using Akismet here, it is required for providing proper spam defense.
  13. Cookies will be used, and log files will be collected.
  14. Each user will be given the choice of receiving emails and/or SMS messages, or not, for each category of response by the system.
  15. Aggregated user data may be used for creating statistics, but will not contain personal information.
  16. Our data centre provider (WordPress.com) is registered to be achieving the standard ISO 27001, second edition 2013. This provides a set of standardised requirements for an Information Security Management System.
  17. Intrusions monitoring is included.
  18. We use the NHS Data Model and Dictionary, version 3 from HSCIC, that provides a reference point for approved Information Standards and Collections, and we register for it at http://www.datadictionary.nhs.uk/.
  19. The General Data Protection Regulation (GDPR) is a European Union (EU) law that took effect on May 25, 2018. The goal of GDPR is to give UK and EU citizens control over their personal data. This website is written using WordPress core software, which is GDPR compliant. The WordPress team has added several GDPR enhancements to make sure that WordPress is GDPR compliant. These include: comment consent check boxes, EU compliance add-on for Google Analytics, consent check boxes for WordPress forms, Email Marketing Opt-in Forms, plugin for EU Cookies Notices,  Delete Me plugin.
  20. Before revealing any non-public information about a site, an account, or a user, WordPress.com require a valid subpoena, search warrant, or court order. The only exception is when we have a good faith belief that there is an emergency involving imminent danger of death or serious physical injury. 

page updated 31 May 2020.  © 2020 by social enterprise Diabetes-cutmyrisks.co.uk. Ltd.