Privacy & IT Security Policy

Privacy and data access

We only collect and use people’s personal data such as email addresses, name and contact details so that we can provide the services requested, email related information and carry out administrative tasks.   This includes business management system portals which may contain personal data recorded by our customers in their documentation and website pages.  Customers are free to request these to be removed at any time or as directed by legal / compliance requirements.  We do not sell any personal data to third parties.

More specifically the assessment system we use has a range of User access points which are username and password protected via secure third-party servers, see below. The types of Users are:

Assessment designers

  • We collect the designers name, company information such as email addresses and telephone number to set them up in the assessment system and create usernames and passwords. We also use this information for formal communications and help them create the necessary assessment content and manage their activity.

Assessment implementers

  • We collect the implementors name, company information such as email address and telephone number so that they can be set up in the assessment system using usernames and passwords. We also use this information for formal communications to help them run assessments to meet their specific requirements for implementation.

Assessment users

  • We do not collect personal data such as name, email address or demographics of assessment users unless these are specifically requested by the customer and specifically designed into their assessment or requested when an assessment is implemented. Being IT based the system collects IP addresses which are used for problem solving and analysis purposes should this arise.

Report users

  • We collect and use information such as names, email addresses and telephone numbers to create usernames and passwords to access the reporting dashboards so that report users can see assessment results.

Our IT Supplier

  • They do not collect any user identifiable information. This is not needed as they do not provide any end user support.  This is provided by Deep Fathom or its direct customer.  The supplier will only look at data in very specific cases, such as a consequence of troubleshooting an issue which uncovered a cause being labels of text in Cyrillic. The Supplier have their own Privacy, internal data controls and competence criteria to ensure the most appropriate person is allocated to the task no matter where they reside in the world.  Should sensitivities exist then this can be considered in arrangements / contract.

IT Security – Hosting

  • The Deep Fathom system comprising Data Warehousing and the infrastructure needed to create assessment / inspection content and collect the necessary data resides within the UK and Germany. Where necessary data is also stored in Google Cloud and on Amazon Cloud servers or as directed by customers by arrangement.
  • Deep Fathom uses competent third-parties to maintain the infrastructure used is certified to ISO 27001, is 27/4 surveillance video monitored, contains electronic access terminals and contains DDOS protection. The server centres are staffed 24/7, fire protected, with redundant power supply including UPS and diesel power generator in autonomous mode.
  • Production servers are backed up on daily basis either via whole system snapshot or server run backup with separate storage, or both.
  • The infrastructure including data centres have been the subjected to penetration testing.

If you have any questions or concerns about the content of this privacy notice, then please email Ian Rosam at ianrosam@hporisksolutions.com