GDPR Compliance Statement

Eggbox Designs Ltd statement of GDPR Compliance

Eggbox Designs Ltd have taken due care and attention to act in the following areas:

Process

  • We have notified all our clients that we hold data on them and have given them the opportunity to request that data be removed, including analytical data and copied emails.
  • We have made sure whois data is up-to-date for both us and our clients.
  • All our passwords follow strict guidelines so that there are no two passwords the same.

Online

  • We have added a privacy policy to our website which explains our online and offline data processes and how that data is collated and kept, including information on any cookies that we collate.
  • All online forms have an opt-in checkbox for users to contact us and agree to.
  • Our website(s) and online services use an SSL certificate, so when you browse and interact with us you are interacting with our services as securely as possible. This also includes sending any data via online forms and API’s over an encrypted network.
  • We have updated all our clients to use HTTPS and imposed a basic GDPR and cookie policy on their websites including opt-in check boxes on forms.
  • We have made sure our domain DNS has an adequate SPF Record for sending emails that are trusted.
  • We installed and now maintain a database switcher for our website(s) to make it/them more secure.
  • We have made greater efforts to obfuscate plain text emails on all the websites we server including our own.
  • We have made steps to tighten up .htaccess files hashing algorithms and the way we create them.
  • We use SSH keys to access systems and servers where possible when working on our projects.
  • We regularly remove the DNS subdomain from projects when they are no longer needed.
  • We made sure our internal wireless is hidden and cannot be connected to.
  • When a client leaves association with us we destroy all copies of data we have for them including test websites, usernames and passwords.
  • As part of our services we make sure clients do not have any external client data on their WordPress website that is no longer needed.
  • We ask clients to sign a disclaimer as part of the agreement with caveat, when creating social networks for the first time we will choose a password that is secure. We suggest they change it once work is completed, however if any future work is to be taken on we may ask for permission to access the account until work has finished. If social networks are already set up, we will need to request access to it as part of the work.
  • When a client leaves association with us we destroy all copies of usernames and passwords.
  • We have diligently removed any sensitive data from any online systems both active and any backups and databases that are no longer required.
  • We have installed WordFence Plugin on all of our WordPress websites.
  • We have put in place a data retention policy for data, projects and offline assets we collect and work on (images, psd’, pdf’s) for any projects (which is 5 years) and emails which are 180 days old.
  • We regularly back up and update all our online services, websites, databases and servers to make sure they are as secure as possible.

Offline

  • We empty/permanently remove our trash, downloads, temporary files, and history regularly.
  • When a client leaves association with us we destroy all copies of data we have for them including test websites, usernames and passwords.
  • We have put in place a data retention policy for data, projects and offline assets we collect and work on (images, psd’, pdf’s) for any projects (which is 5 years) and emails which are 180 days old.

Premises

  • We closed erroneous ports down on our routers and regularly check these to control access.
  • We use CCTV to monitor our premises.
  • We have adequate business insurance policies in place.
  • We have put in place a data retention policy for data, projects and offline assets we collect and work on (images, psd’, pdf’s) for any projects (which is 5 years) and emails which are 180 days old.

Equipment

  • We have removed and regularly remove all saved passwords and online form data from our website browsers that we use and where necessary use incognito or private browsing.
  • We have tidied up our keychains and saved passwords at machine levels.
  • We removed any saved passwords from any FTP clients that we use which are Filezilla.
  • We have put in place an end of day policy for hardware shutdown procedures so that we only have essential services running outside business hours.
  • We have put in place a data retention policy for data, projects and offline assets we collect and work on (images, psd’, pdf’s) for any projects (which is 5 years) and emails which are 180 days old.
  • We keep our hardware’s, PC’s, Laptops, Tablets and Mobile devices updated regularly as soon as updates are released.