To ensure GDPR compliance we have revised our Information Security Management System to ensure we have in place all the necessary technical, administrative and physical safeguards for the personal information we process and store.
We store personal data in the Microsoft Azure Public cloud hosted in their Northern and West Europe data centres. Microsoft's computers are housed in secure data centres with heavily restricted access with numerous levels of security to prevent unauthorised access to those servers including firewalls and passwords. Microsoft provide comprehensive details on Azure Security and Privacy here.
When your data is moving between you and us, everything is encrypted and sent securely using HTTPS. We also encrypt your data at rest using Transparent Data Encryption.
This includes documentation regarding information security processes, formalised data retention procedures to ensure that data is kept up to date and for only as long as is necessary, and is securely disposed of when no longer needed. We have clean desk and password protection policies which govern the way our staff work when they are handling the personal information of our customers. We also have procedures in place to ensure that all the data we collect and store is held and backed up securely. A Data Breach Management Plan clearly sets out the steps to be followed in the event of a data breach, and our policy governing acceptable use sets out guidance about how all LeaveWizard owned resources including computer equipment and software are to be used.
For further information about any of these areas, please contact [email protected]