Data protection policy

From time to time Customer Journey Consultancy processes customer data on behalf of our Clients for the purpose of conducting customer research.

We take our responsibilities for protecting this data very seriously.

We are registered with the Information Commissioner’s Office as an organisation that processes personal data.

We also take a number of technical measures to ensure data is safe.  All personal data is held in a data vault that is password protected.  Only members of staff with a legitimate need can access the vault.

All data held in the vault that is ‘at rest’ is encrypted using 256-bit Advanced Encryption Standard (AES).  We use Secure Sockets Layer (SSL)/Transport Layer Security (TLS) to protect data if it is in transit between apps and servers. SSL/TSL creates a secure tunnel protected by 128-bit or higher Advanced Encryption Standard (AES) encryption.

Our data vault provider’s file storage applications and infrastructure are regularly tested for security vulnerabilities, and hardened to enhance security and protect against attacks.

Our system is protected by up to date virus and malware protection.

Our system is also checked and email notifications are sent to the responsible officer if any suspicious behaviour, risky activity, and potential data leaks are detected. risky activity includes:

·        Mass deletion – A team member deletes an unusually large amount of data over a short period of time.

·        Mass data move

·        Sensitive content in team folders shared externally

·        Malware shared from outside the team

·        Malware shared within the team

·        Too many login attempts

·        Login from a high-risk country