Information transfer, storage, disposal
We value your trust and therefore take the security and privacy of your information very seriously. Whether transferring, storing, or disposing of information, we ensure that your information is safeguarded throughout its journey.
Information transfer methods
- Via our secure file transfer website. We maintain a secure website that uses Transport Layer Security (TLS) encryption to protect your information in transit. This method ensures that any information transmitted between your system and ours is encrypted and secure. Talk to us about accessing this through your web browser.
- Via our SFTP Server. SSH Secure File Transfer Protocol (SFTP) provides a secure channel for information transfer. Your information is encrypted during transmission from your environment to ours, which enables its confidentiality and integrity to remain intact. Talk to us about engaging with your IT team to set you up with an access path to our SFTP server.
- Via your own SFTP Server or secure file transfer website. Alternatively, if your organisation has its own SFTP server or secure file transfer tool, talk to us about utilising it for transferring information securely through to us.
Information transfer via email
Please do not send us your customer’s personal information via email. The transfer of information via email poses significant security and privacy risks for your organisation as email traffic is susceptible to interception, unauthorised access and modification.
Please talk to us if the above options feel confusing – we’ll talk you through it and it won’t cost you a cent.
Protection of information in storage
While your information is stored with us, you can be assured that it is protected on multiple levels. This includes default encryption at rest on our servers using full-disk encryption.
Disposing of information which is no longer needed
Upon completion of an engagement, we endeavour to remove any client or supplier information from accessible storage within a reasonable timeframe, provided it is not necessary to be kept to meet legislative requirements.
For most of our clients this means the removal of any personally information (PII) after 6 months, and all other information after 5 years.
