Our compliance to data security

We understand how important the privacy and security of your data is to you and have strict controls in place to secure your data, while achieving and maintaining compliance with regulatory requirements and guidelines on security and quality. Texthelp Ltd.’s third-party audits, certifications and legal commitments help support our compliance.

Information Security Management System ISO 27001


Texthelp BSI ISO27001 logoTexthelp takes the security and privacy of all customer data very seriously and implements an Information Security Management System certified to the requirements of ISO 27001:2013 (certificate # IS 679535) that is audited annually by the British Standards Institute (BSI).


All data that is stored by Texthelp, and classified as Customer/Personal Information, is stored in compliance with the following guidelines:
  • Encrypted at Rest
  • Encrypted in Transit using SSL Encryption
  • All Access to the information is Logged
  • Access protected by two-factor authentication
  • All data must be stored in an ISO 27001 or equally secure facility
  • All data must be backed up regularly and securely
  • All data should be recorded in the data security management system
  • Any relevant data security contracts that have been entered into between Texthelp and a Customer must be recorded in the Data Security Management System
**No customer or private data will be transported using physical media**

All data stored by Texthelp is stored according to our Information Security Policy.

 

Quality Management Systems ISO 9001

Texthelp BSI 9001 logoTexthelp strives for continual improvement in our products and services and in our customer satisfaction. To help achieve this we implement a Quality Management System certified to the requirements of ISO 9001:2015 (certificate # FS 59973) that is audited annually by the British Standards Institute (BSI). 



 

General Data Protection Regulation (GDPR)

Texthelp GDPR logoTo comply with GDPR and in the interest of best practice, we have undertaken the following steps:
  • Updated consent via re-permission campaign to meet high GDPR standards.
  • Updated and amended our terms and conditions, customer agreements and privacy statements to bring them in line with the GDPR legislation.
  • Ensured that correct and appropriate contractual terms are in place with data Controllers & Processors which support the principles of GDPR including international data transfers.
  • Updated our internal policies and practices to respond to GDPR requirements.
  • Continuing to invest in our products, services and staff training.


Data processing

At Texthelp, we are committed to safeguarding and preserving the privacy of our customers, product users and website visitors. Our Product Privacy Policy explains what happens to any personal data that you provide to us or that we collect from you while you use our software or visit our site. Texthelp has signed the Student Data Pledge, and implemented COPPA compliant data policies. All data stored by Texthelp is stored according to our Information Security Policy.

We already have strong Data & Privacy Policies, and we regularly revise them to meet the requirements of ISO 27001 accreditation. Texthelp recognise that the GDPR will help us move towards the highest standards of operations in protecting customer data.


International Data Transfers 

Data is stored with Amazon Web Services (AWS) and meets the EU-US Privacy Shield framework adopted by the European Commission. This complies with data protection requirements and GDPR legislation when transferring data outside of the EU.


Staff training

Texthelp provides opportunities for staff to explore Data Protection and GDPR issues through training, team meetings, and supervisions. All staff are required to sign an electronic form signifying that they have read, understood and accept Texthelp’s Information Security policies.
 

UK withdrawal from European Union (Brexit)

The UK left the European Union on 31st January 2020. A transitional period during which EU law will continue to apply in the United Kingdom will last until 31 December 2020. With regard to personal data, the situation remains unchanged and no transfer mechanism under Chapter V of the GDPR or of the Law Enforcement Directive is therefore required. Currently the UK government and EU Commission are working to achieve an agreement that will outline the future trading relationships between the two entities. However, there is the possibility of a deal not having been agreed by that date. 

This notice is designed to address any concerns our Customers may have regarding the possible implications of a ‘no-deal Brexit’.


For Customers/Partners in the UK

Texthelp does not have a supply chain that originates or has links inside the European Union in the manufacture or delivery of any of its products or services. Therefore, we do not anticipate disruption to our supply chains for customers in the UK.


For Customers/Partners in the EU

Our analysis to date indicates that the delivery of products and services to customers and partners inside the European Union will not be affected by a no-deal Brexit. 


Potential impact of a ‘No-deal Brexit’ on General Data Protection Regulation (GDPR)

We do not anticipate any impact on GDPR compliance post Brexit. In the event of a no-deal Brexit the UK will become what the EU Commission’s GDPR terms a ‘third country’ and this will mean that, in dealing with Texthelp Ltd., the data of EU citizens will, post Brexit, be processed in a third country outside of the EU. The EU Commission has specified a number of third countries that it recognises as having an adequate level of data protection and where data can be transferred freely. The UK cannot be added to this list until it formally leaves the EU at the end of March. However, the UK government currently enforces GDPR and it is anticipated that the UK will be added to the list of countries with an adequate level of data protection post Brexit, in which case there should be no change necessary to current arrangements.

Some data collected is stored in the US with Amazon Web Services (AWS). Amazon AWS has signed up to the EU-US Privacy Shield framework adopted by the European Commission. In addition, the USA is one of the countries included in the GDPR's list of countries of adequacy with regard to information security provisions. This complies with data protection requirements and GDPR legislation when transferring data outside of the EU.

For further information on how we treat data subject information please see the Texthelp Products Privacy Policy and the Texthelp website Privacy Policy.

If you have any further queries not addressed by this notice please contact us at info@texthelp.com.