11th May 2016
This policy explains how ThinkingSafe safeguards the privacy of our website visitors and treats your personal information.
ThinkingSafe is accredited to ISO 27001 Information Security Management. This accreditation demonstrates our commitment to maintaining the highest security and compliance standards. With the growth of cloud and remote computing, it is more important than ever to demonstrate quality assurance and confidentiality in relation to cyber security and IT governance. Maintaining ISO 27001 across every aspect of our business is an important part of this because it supports client confidence in our technology, infrastructure, processes and procedures.
Any information collected or submitted via our website will be treated not only in accordance with the Data Protection Act 1998 but also in accordance with the principles of our ISO 27001 accreditation.
Data Protection Registration
ThinkingSafe is registered as a data controller with the UK Information Commissioner's Office.
Our data protection registration number is Z673851X and our registration is valid until 7th May 2017.
Further details: https://ico.org.uk/ESDWebPages/Entry/Z673851X
ISO 27001 Information Security Management
ISO 27001 provides the framework to meet compliance in data protection, privacy and IT governance. It covers all areas of the business including research and product development, cloud services delivery, project management, professional services, support and quality assurance.
In 2015 ThinkingSafe successfully transitioned from the earlier 27001:2005 standard to the newly defined 27001:2013 standard which places even greater emphasis on the measurement of an organisation’s information security systems.
Accreditation was awarded by ACS Registrars and is valid until 2018.
ISO 9001 Quality Management
ISO 9001 is the most widely recognised quality management system standard in the world. Accreditation to this standard demonstrates our commitment to supplying products and services that consistently meet the requirements of our customers and other stakeholders.
The Cyber Essentials scheme has been developed as part of the UK’s National Cyber Security Programme. The standard provides assurance of cyber security good practice.
Cyber Essentials is mandatory for central government contracts which involve handling personal information, and our certification to the standard should provide users of our website with further reassurance that their personal information will be handled safely and securely.
SSL Certificates are small data files that digitally bind a cryptographic key to an organisation’s details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser.
Typically, SSL is used to secure credit card transactions, data transfer and logins, and more recently is becoming the norm when securing browsing of social media sites. SSL Certificates bind together:
* A domain name, server name or hostname.
* An organisational identity (i.e. company name) and location.
Our website has an SSL Certificate with the strongest 2048 bit Diffie-Hellman group encryption, ensuring secure connections from our web server to your browser. The security of the site can be independently tested at SSL Labs (https://www.ssllabs.com/ssltest/). Tests after installing the certificate, and again at the point of updating this policy, show it scoring the highest possible A+ rating for security:
What information do we collect, and when do we collect it?
We collect an email address when you subscribe to the newsletter or download a document.
The ‘Contact Us’ page (https://www.thinkingsafe.com/contact-us) has a ‘Get in Touch’ form with fields for:
* Email address
* Phone number
* Company name
It also has an option (via tick box) to ‘opt- in’ to receiving newsletters and other promotional information. Unlike most websites where all fields must be completed in order for the form to be submitted, our site allows you to complete only the fields you want to, allowing you to submit only the information you feel necessary for us to respond to your enquiry via your preferred method of communication.
How do we use your information?
We may use the information we collect from you when sign up for our newsletter, download a document, or complete the ‘Get in Touch’ form in the following ways:
* To respond to queries received via the website
* To send periodic emails regarding our products and services
* To follow up with correspondence
If you are submitting the personal details of another person on our site, you must obtain their consent both to the disclosure of that information and its processing by us in accordance with this policy.
Disclosure of Personal Information
We may disclose your personal information to our employees for the purposes for which you have provided it, for example by sending a query received via the website to our support staff.
ThinkingSafe will never sell, trade, or otherwise transfer to outside parties your personal information for the purpose of their or any other third party's direct marketing.
We may share information with trusted third parties where this is necessary for the operation of the website, for example website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information to the extent that we are required to do so by law.
What are cookies?
A cookie is a small file of letters and numbers put on your computer as part of your use of a website. More details about cookies are available from a number of online sources including ‘All About Cookies’: http://www.allaboutcookies.org/
Cookies allow us to distinguish visitors from each other and (anonymously) record the traffic to the website. This helps ensure a good user experience, and the data is valuable in assessing and improving the website.
Which cookies do we use?
We use the following cookies on this site:
Session cookie (reflect). This cookie is ‘strictly necessary’ for the site to function. This is a session cookie that is integral to the code that runs the content management system. It only lasts for the duration of a user’s visit to the website. A web browser normally deletes session cookies when it quits.
Google Analytics cookies. We employ utma, utmb, utmz, utmc. These are performance cookies. We collect them anonymously and assessing the data they provide allows the site to be improved. Google provides details of all the cookies used by Google Analytics:
By using the website, you agree that we can place these types of cookies on your device.
Opting out, Removing and Managing cookies
However if you choose to opt-out/block cookies you may not be able to access certain sections of the site, and/or functionality may be impaired.
Alternatively, you may wish to delete the cookies from your system at the end of your visit to our site.
You can change your browser settings to manage cookies – including opting-out/blocking. The website About Cookies gives browser-specific instructions on how to manage cookies: http://www.allaboutcookies.org/manage-cookies/
If you would like to prevent all Google Analytics cookies being set, you may want to install the Google Analytics Opt-Out Browser Add-On: https://tools.google.com/dlpage/gaoptout
Please note that opting-out or blocking cookies may impair your use of this (and other) websites.
www.thinkingsafe.com is owned and operated by Thinking Safe Limited, registered in England under registration number 03341249. Our registered office is at The Orchard Building, Royal Holloway University of London, Egham, Surrey, TW20 0EX.
You may instruct us at any time not to process your personal information for marketing purposes.
You can contact us by the following methods:
UK Enquiries: 0844 842 8500
International Enquiries: +44 1784 497312
Email our Customer Service Team: firstname.lastname@example.org
Email our CEO Directly: email@example.com
Using our contact form:
Post The Orchard Building
Royal Holloway, University of London
We may update this policy from time to time, and in these instances will publish an amended version on our website. You should occasionally check this site to ensure you are happy with any changes to this policy. We may notify you of any changes to this policy via email.