SekChek is committed to protecting your personal information, such as your contact details. Personal information stored by SekChek may include your email address, organisation name, job title and telephone number.
This information is collected so we can contact you in connection with the provision of SekChek services, including processing your SekChek reports, resolving your problems and questions, and distributing business-related documents, such as contracts, invoices, statements and newsletters.
In particular, SekChek ensures that:
- Access to your personal information is restricted to employees of SekChek
- Your details are only used for the purpose of providing SekChek services to you
- Your details are not shared or disclosed to any third party
- Your details are promptly updated or deleted from our systems on request by you
Please let us know if you have any questions about SekChek’s privacy policies.
To ensure the privacy and confidentiality of our clients’ information we have adopted the following standards.
Encryption of Clients’ Data and Reports
SekChek files and reports are encrypted in a double security-envelope using a one-time key and user-supplied password before they are transmitted to us.
SekChek reports can only be decrypted using a combination of the SekChek client software and the secret user-supplied password.
Scan files can only be decrypted via a combination of the SekChek software located at our premises and the user password that was used to encrypt them.
SekChek files and reports can also be encrypted using PKI based encryption technologies (including Thawte and Verisign certificates). This provides an additional level of security on top of SekChek’s standard encryption.
Disposal of Client Data and Reports
SekChek’s default policy is to retain client data and reports on our systems in encrypted format for a maximum of 5 days. This is so we can recreate your report if it is accidentally damaged or destroyed. Our default retention period can be overidden by the client and can be set to zero (immediate deletion) if required.
Note that data and reports may be retained on (off-line) backup tapes for a maximum of 21 days. This is to ensure we can perform a timely and full recovery of our production systems in the event of serious hardware or hardware-related problems. Backup tapes are stored in a locked safe in a building which is separate to our processing site.
All sensitive printed material is shredded and burnt before it is removed from our premises. SekChek reports are not printed.
The only information retained for a longer period is information that is essential for statistical analysis purposes. This information is anonymous and highly summarized and could not be used to compromise security of a client’s system. It is used for producing SekChek’s industry average comparisons.
Only SekChek and its authorized employees have access to sensitive client information stored at our premises. None of the data received for analyses by SekChek may be used for purposes other than processing of client reports.
All SekChek employees are bound by our published Standards and Guidelines documents of which they have been made aware and have signed. Only a partner of SekChek can approve any deviation from these standards.