We always process and hold your data in a secure way by:
- only giving access to people who are authorised to see your data
- using secure systems that are protected by firewalls and passwords
- encrypting your information
- changing a key identifier (for example your name) so external people cannot identify you (pseudonymisation)
- carrying out regular tests of our IT systems
- carrying out audits of the data we hold
- regularly reviewing our data handling procedures
- regularly training our staff in data protection and information governance
We will store your data on UK servers. If we have to send your data to another organisation, it might get put on a system in the European Economic Area (EEA). The same data protection standards protect your rights in the UK, EU and EEA.
We have procedures in place to deal with a suspected data security breach. We will notify you and any regulator of a suspected data breach, where required by law.
