27 June 2017

Updates to our FAQs and important information about data security

We've reviewed and updated our FAQs and in light of recent high profile data breaches added information about our data security policies and protocol.  You can click through and read the FAQs in full here.
The new important sections are here:


Does CJS have a Privacy Policy?
Yes: we will not give, exchange, buy or sell your details to any unauthorised party. (See also: Is your database properly registered and our T&Cs)?

Is your database properly registered?
Yes. Data Protection Act Registration Number: Z9570707. Names, addresses, etc*. are held on our computer. Your Credit / Debit card details are NOT held on any of our computers, the web payments are taken by PayPal and WorldPay, please see their T&C. We have an up to date PCI DSS certificate (the Credit Card Industry security standard, read about it here and download our certificate here.)
We will NOT give, exchange, buy or sell your details to any unauthorised party.  Where we have your details on paper and once these are no longer needed we then burn (in the winter when the stove is lit) or shred the paper before it's used as bedding for our various animals and then composted for use on the garden.  That's pretty secure.
*In March this year we blogged about the data we hold about you, what and why, read that post here.

What about data security?
In addition to the registration above CJS has an in-house data security and recovery policy. We operate an automatic overnight backup of all data and a weekly rolling backup of the main data (including all databases). The weekly rolling backup is stored on air-gapped hardware meaning it is not connected to the office network or the internet and thus is secure from hacking.  Should the worst happen the most we would lose is one week of data - and there are paper copies of most things plus emails are stored off site in the cloud so it would be a large but not impossible task to put it all back.