Data privacy & security

d-cmr-new-logo-3smwebsiteOur Social Enterprise’s data security standards and processes for all our apps and websites include:

  1. We never pass on your personal information to anyone. Personal information is only disclosed with the user’s agreement, or if required by law.
  2. Users’ personal data is only collected when the user registers through an online account. When the user asks to register, a simple privacy and security conversation is generated on the users mobile phone or web page. This conversation explains the key elements of this policy, and asks the user to agree to them.
  3. Each user account is completely private and only visible to you, and your home carer(s) and, if you register them and give them your login details, to your doctors and nurses that you nominate in your account. We never share patient information with anyone. We are registered as a data controller with the UK Information Commissioner’s Office (ICO) and are fully compliant with the UK Data Protection Act 1998, and the new General Data Protection Regulation (GDPR) [(EU) 2016/679].
  4. We keep the connected database of users’ personalised data on a different server to that used for the website/app.
  5. We do not use plain text files for person/patient data, but use encryption via international standard AES 256.
  6. We set a secure, minimum recommended password length for all our registered users. This is a password length of 10+ characters, including symbols, numbers, lowercase and uppercase characters. We offer them an Auto-Select facility via http://passwordsgenerator.net/.
  7. Passwords are generated on the user side, and are NOT sent across the Internet.
  8. We use 2 factor authentication, asking each user to register a personal answer to a common question such as mother’s maiden name.
  9. User data will be protected by using electronic safeguards.
  10. Cookies will be used, and log files will be collected.
  11. Each user will be given the choice of receiving emails and/or SMS messages, or not, for each category of response by the system.
  12. Aggregated user data may be used for creating statistics, but will not contain personal data.
  13. Our data centre provider is registered to be achieving the standard ISO 27001, second edition 2013.
  14. Intrusions monitoring is included.
  15. We use the NHS Data Model and Dictionary, version 3 from HSCIC, that provides a reference point for approved Information Standards and Collections, and we register for it at http://www.datadictionary.nhs.uk/.
  16. The General Data Protection Regulation (GDPR) is a European Union (EU) law that took effect on May 25, 2018. The goal of GDPR is to give UK and EU citizens control over their personal data. This website is written using WordPress core software, which is GDPR compliant. The WordPress team has added several GDPR enhancements to make sure that WordPress is GDPR compliant. These include: comment consent check boxes, EU compliance add-on for Google Analytics, consent checkboxes for WordPress forms, Email Marketing Opt-in Forms, plugin for EU Cookies Notices,  Delete Me plugin.

page updated 05 July 2018.  © 2018 by social enterprise Diabetes-cutmyrisks.co.uk.™ Ltd.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.