| |
We store the minimum amount of information required to operate
customer accounts and are fully compliant with the General Data Protection Regulation (GDPR) legislation.
In respect to our customers’ email data we think that Arrowmail Ltd would be
determined to be a Data Processor under GDPR legislation. Whatever our status, we do have a responsibility
to store our customers’ email data and the security or our customers' data is paramount.
Here are some points in regards to this:-
We impose confidentiality obligations on all personnel that have access to our company records or our customers’ data.
We implement appropriate measures designed to ensure the security of all the
data we store on behalf of our customers. These include:-
a) Using UK datacentres with strong physical security.
b) Requiring multiple levels of strong passwords in order to gain administrative access to our servers.
c) Only allowing administrative access to our servers from a small list of IP addresses managed
and operated by Arrowmail.
We will notify a customer within 24 hours of
becoming aware of any security breach that may have led to unauthorised access to their data..
Under the Data Retention (EC Direction) Act of 2009 we are obliged to store email metadata
for all emails that pass in and out of our servers for a minimum of 12 months.
This data shows who sent what, when, to
whom and the Subject Line of each email but
not the contents of the email body or any attachments.
We use commercial digital certificates to encrypt all connections between our servers and customers.
We also attempt to use encryption between our servers and external servers, however,
we can’t guarantee that connections will remain encrypted once they have left our system.
We only accept credit card payments using the 3rd party payment processing company PayPal.
This means that we don't need, and are never in possession of, any credit card details.
We will cooperate with the appropriate authorities investigating
criminal activities by allowing them access to our company and server records.
We will keep unsolicited
communication between ourselves and our customers, not directly related
to the operation of their account, to a reasonable minimum and confine
it to advisories on changes to services, price structure or operational
procedures.
We will never pass on any email address or any other information we
hold about customers, to any 3rd party.
|
|
