5.1 We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. The following security procedures and technical and organisational measures to safeguard your personal information have been put in place: in cases where personal data is being processed by third-parties, a rigorous adequacy process is being performed to ensure that your data is always secured. Web applications of MHDP are operated in ISO 27001 certified secure data centres in the UK. Firewalls, intrusion detection and prevention, anti-virus and anti-malware and backup and disaster recovery is in place to prevent data loss or deletion. 24/7 security guard, closed-circuit television and door access control to authorised personnel secures office and data centre. Applications operated by MHDP are engineered and secured by industry standards to minimise security vulnerabilities and updates on a regular basis. Intrusion detection and prevention secures the network traffic to the server’s applications. Anti-malware and anti-virus software is deployed to all our servers and regularly scan and update with the latest anti-malware and virus signatures. Employees undergo background screening and selection process ensuring that only employees with the highest security clearance are allowed physical access to network infrastructure. Employee access is logged and secured through personal access control cards. Access to infrastructure, elevated privileges and network are granted on an as-needed basis. Infrastructure and web applications operated by MHDP is backed up on a regular basis and business continuity and disaster recovery is tested on a regular basis. We will use all reasonable efforts so safeguard your personal information. However, you should be aware that the use of the Internet is not entirely secure and for this reason, we cannot guarantee the security or integrity of any personal information which is transferred from you or to you via the internet. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Have more questions? Submit a request