Our Social Enterprise’s data security and privacy standards
- We never pass on your personal information to anyone. Personal information is only disclosed with the user’s agreement, or if required by law.
- Users’ personal data is only collected when the user registers through an online account. When the user asks to register, a simple privacy and security conversation is generated on the users mobile phone or web page. This conversation explains the key elements of this policy, and asks the user to agree to them.
- This website is a secure (HTTPS encrypted) site. SSL is used as the standard security
technology for establishing an encrypted link between our web server and your browsers. This link ensures that all data passed between the web server and browser remain private.
- Each user account is completely private and only visible to you, and your home carer(s) and, if you register them and give them your login details, to your doctors and nurses that you nominate in your account. We never share patient information with anyone. We are registered as a data controller with the UK Information Commissioner’s Office (ICO) and are fully compliant with the UK Data Protection Act 1998, and the new General Data Protection Regulation (GDPR) [(EU) 2016/679].
- We keep the connected database of users’ personalised data on a different server to that used for the website/app.
- We do not use plain text files for person/patient data, but use encryption via international standard AES 256.
- We set a secure, minimum recommended password length for all our registered users. This is a password length of 10+ characters, including symbols, numbers, lowercase and uppercase characters. We offer them an Auto-Select facility via https://passwordsgenerator.net/.
- Passwords are generated on the user side, and are NOT sent across the Internet.
- We use 2 factor authentication, asking each user to register a personal answer to a common question such as mother’s maiden name.
- Site Visitors data will be protected by using electronic safeguards. Akismet is enabled on this site, so the contact form submission data (IP address, user agent, email address, site URL, and comment) is submitted to the Akismet service for spam checking.The actual submission data is stored in the database of the site on which it was submitted and is emailed directly to the site author who published the page on which the contact form resides. This email will include the submitter’s IP address, timestamp, name, email address, website, and message. The IP address is included as an abuse prevention measure. In using Akismet here, it is required for providing proper spam defense.
- Cookies will be used, and log files will be collected.
- Each user will be given the choice of receiving emails and/or SMS messages, or not, for each category of response by the system.
- Aggregated user data may be used for creating statistics, but will not contain personal data.
- Our data centre provider (WordPress.com) is registered to be achieving the standard ISO 27001, second edition 2013.
- Intrusions monitoring is included.
- We use the NHS Data Model and Dictionary, version 3 from HSCIC, that provides a reference point for approved Information Standards and Collections, and we register for it at http://www.datadictionary.nhs.uk/.
- The General Data Protection Regulation (GDPR) is a European Union (EU) law that took effect on May 25, 2018. The goal of GDPR is to give UK and EU citizens control over their personal data. This website is written using WordPress core software, which is GDPR compliant. The WordPress team has added several GDPR enhancements to make sure that WordPress is GDPR compliant. These include: comment consent check boxes, EU compliance add-on for Google Analytics, consent check boxes for WordPress forms, Email Marketing Opt-in Forms, plugin for EU Cookies Notices, Delete Me plugin.
page updated 17 Jan. 2019. © 2019 by social enterprise Diabetes-cutmyrisks.co.uk.™ Ltd.