1. Driving Monitor data protection policy
This document provides an overview of where your data is stored and what it is used for. You can see below a diagram that illustrates how we have many systems in place to protect your data. We also have redundancy systems built in through out to make sure that we are constantly protecting your data.
2. Data transmission
All relevant customer data and acquisition processes are protected by the SSL 3.0 encryption. The SSL 3.0 procedure is applied which is successfully used by a number of banks for their online banking. We do not allow your data to be transferred via any of the other weaker encryption protocols.
For the transmission of your personal data we use a secure server with SSL technology (Secure Socket Layer) with at least 256 Bit encryption. The encryption procedure has developed into a renowned standard and guarantees the highest level of security.
256 bit encryption contains (2^256 combinations) or approximately 58,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 combinations, making it effectively impossible for this encryption to be hacked by a brute force method.
Beyond this we are continually reviewing our security measures and we aim to maintain them at the highest level. This means that your personal data is transmitted securely and unauthorised people cannot view this data.
3. Data storage
Your data is stored on a secure password protected database on our server. This database is further locked down so that it can’t be directly accessed by any other external computer.
The server also sits behind it’s own dedicated firewall. The firewall provide robust, enterprise-class security services including stateful inspection firewalling, standards-based IPsec Virtual Private Networking (VPN), intrusion protection and much more. The firewall is built upon a hardened, purpose-built operating system for security services. Looking for over 55 different attack signatures, the firewall keeps a vigilant watch for attacks and it built to protect your data
We also run bi-annual penetration tests on the server, using a leading market product to check all known attack methods and ensure that your data is 100% secure and safe.
Also, the Driving Monitor website has been built to be secure and many anti-hacking devices have been built in to protect your data. We are continually working to ensure your information is fully secure in today's digital world.
4. Data Centre
The server is based in a data centre in London that is equipped with features such as backups for power (UPS) and advanced fire detection and suppression. We also employ the highest possible security features, including video surveillance, by both visible and hidden cameras, motion sensors, biometric identification systems, controlled photo ID key-card access and 24-hour security-guard patrols.
Data centres can be classified by Tiers, with Tier 1 being the most basic and inexpensive, and Tier 4 being the most robust and costly. According to definitions from the Uptime Institute and the latest draft of TIA/EIA-942 (Telecommunications Infrastructure Standard for Data Centers), a Tier 1 data centre is not required to have redundant power and cooling infrastructures. It needs only a lock for security and can tolerate up to 28.8 hours of downtime per year. In contrast, a Tier 4 data centre must have redundant systems for power and cooling, with multiple distribution paths that are active and fault tolerant. Furthermore, access should be controlled with biometric readers and single-person entryways, gaseous fire suppression is required, the cabling infrastructure should have a redundant backbone, and the facility can permit no more than 0.4 hours of downtime per year.
Tier 1 or 2 is usually sufficient for enterprise data centres that primarily serve users within a corporation. Financial data centres are typically Tier 3 or 4 because they are critical to our economic stability and, therefore, must meet higher standards set by our government. Public data centres that provide disaster recovery/backup services are also built to higher standards.
All of Driving Monitor data is stored in a Tier 4 data centre
5. Who has access to your data?
Only trusted members of the Driving Monitor team and verification personnel will have access to your data. We are also registered with the Data Protection Registrar which states that personal information must be:
- fairly and lawfully processed;
- processed for specified purposes;
- adequate, relevant and not excessive;
- accurate and, where necessary, kept up to date;
- not kept for longer than is necessary;
- processed in line with the rights of the individual;
- kept secure; and
- not transferred to countries outside the European Economic Area unless the information is adequately protected.
The personal contact details that you provide us with are dealt with absolute confidentiality. We retain your personal information only for the purpose of helping your company manage their fleet of drivers.
We will never disclose your personal data to any other third parties.
If you would like to review our registered entry on the register of Data Controllers simply visit http://ico.org.uk/ESDWebPages/search.asp and search for:
Company name: Driving Monitor
Registration Number: Z9273931
The company names of "Driving Monitor" or "Mavada" are both registered on the website. The Driving Monitor system is developed by our parent Company Mavada Ltd so our entry with the Information Commissioner shows our trading address and company details.
6. What standards do you adhere to, to protect my data?
Driving Monitor operates to the ISO 27001 standards for ensuring quality and data management. These are worldwide accepted standard for managing procedures and data and you can view our certification numbers below:
CERTIFIED QUALITY SYSTEM - ISO 27001:2013
Driving Monitor is also GDPR compliant as of the new GDPR regulations that came into force of 25th May 2018. The new standards are continually monitored and as GDPR evolves we track and enhancements and legislation to ensure our product meets any new variations that arise from this.
Driving Monitor does not sub-contract its data management and we have full GDPR coverage on our terms & conditions with our customers.