GDPR Compliance Statement

Eggbox Designs Ltd statement of GDPR Compliance

Eggbox Designs Ltd have taken due care and attention to act in the following areas:

Process

  • Have notified all our clients that we hold data on them and have given the opportunity to them to request that data and or be removed including and analytical data and copied emails
  • Made sure whois data is up-to-date for both us and our clients
  • All our passwords use follow strict guidelines so that there are no two passwords the same

Online

  • Have added a privacy policy to our website that explains about our online and offline data processes and how that data is collated and kept including information on any cookies that we collate
  • All online forms have an opt-in checkbox for users to contact us and agree to
  • Our website(s) and online services uses an SSL certificate so when you browse and interact with us you are interacting with our services as securely as possible, this also includes sending any data via online forms and API’s over an encrypted network
  • We have updated all our clients to use HTTPS and imposed a basic GDPR and cookie policies on their websites including opt-in checkboxes on forms
  • Have made sure our domain DNS has an adequate SPF Record for sending emails that are trusted
  • Installed and maintain a database switcher for our website(s) to make them more secure
  • Have made greater efforts to obfuscate plain text emails on all the websites we server including our own
  • Have made steps to tighten up .htaccess files hashing algorithms and the way we create them
  • Use SSH keys to access systems and servers where possible when working on our projects
  • Regularly remove the DNS subdomain for projects when they are no longer needed
  • Made sure our internal wireless is hidden so cannot be connect to
  • When a client leaves association with us we destroy all copies of data we have for them including test websites, usernames and passwords
  • As part of our services we make sure clients do not have any external client data on their WordPress website that is no longer needed
  • Ask clients to sign disclaimer as part of the agreement with caveat that when creating social networks for the first time we will choose a password that is secure. We suggest they change it once work is completed however if any future work is to be taken on in the future we may ask for permission to access the account until work has finished. If social networks are already set up, we will need to ask access to it as part of the work
  • When a client leaves association with us we destroy all copies of usernames and passwords
  • Have diligently removed any sensitive data from any online systems both active and any backups and databases that are no longer required
  • Have installed WordFence Plugin on any our WordPress websites
  • Have put in place a data retention policy for data, projects and offline assets we collect and work on (images, psd’, pdf’s) for any projects (which is 5 years) and emails which are 180 days
  • Regularly back up and update all our online services, websites, databases and servers to make sure they are as secure as possible.

Offline

  • Empty/permanently remove our trash, downloads, temporary files, and history regularly
  • When a client leaves association with us we destroy all copies of data we have for them including test websites, usernames and passwords
  • Have put in place a data retention policy for data, projects and offline assets we collect and work on (images, psd’, pdf’s) for any projects (which is 5 years) and emails which are 180 days

Premises

  • Closed erroneous ports down on our routers and regularly check these to control access
  • We use CCTV to monitor our premises
  • We have adequate business insurance policies in place
  • Have put in place a data retention policy for data, projects and offline assets we collect and work on (images, psd’, pdf’s) for any projects (which is 5 years) and emails which are 180 days

Equipment

  • Have removed and regularly remove all saved passwords and online form data from our website browsers that we use and where necessary use incognito or private browsing
  • Have removed and regularly remove all saved passwords and online form data from our website browsers that we use and where necessary use incognito or private browsing
  • Have tidied up our keychains and saved passwords at machine levels
  • Removed any saved passwords from any FTP clients that we use which are Filezilla
  • Have put in place an end of day policy for hardware shutdown procedures so that we only have essential services running outside business hours
  • Have put in place a data retention policy for data, projects and offline assets we collect and work on (images, psd’, pdf’s) for any projects (which is 5 years) and emails which are 180 days
  • Keep our hardware’s, PC’s, Laptops, Tablets and Mobile devices updated regularly as soon as updates are released