Our compliance to data security

We understand how important the privacy and security of your data is to you and have strict controls in place to secure your data, while achieving and maintaining compliance with regulatory requirements and guidelines on security and quality. Texthelp Ltd.’s third-party audits, certifications and legal commitments help support our compliance.

General Data Protection Regulation (GDPR)

Texthelp GDPR logoTo comply with GDPR and in the interest of best practice, we have undertaken the following steps:
  • Updated consent via re-permission campaign to meet high GDPR standards.
  • Updated and amended our terms and conditions, customer agreements and privacy statements to bring them in line with the GDPR legislation.
  • Ensured that correct and appropriate contractual terms are in place with data Controllers & Processors which support the principles of GDPR including international data transfers.
  • Updated our internal policies and practices to respond to GDPR requirements.
  • Continuing to invest in our products, services and staff training.


Data processing

At Texthelp, we are committed to safeguarding and preserving the privacy of our customers, product users and website visitors. Our Product Privacy Policy explains what happens to any personal data that you provide to us or that we collect from you while you use our software or visit our site. Texthelp has signed the Student Data Pledge, and implemented COPPA compliant data policies. All data stored by Texthelp is stored according to our Information Security Policy.

We already have strong Data & Privacy Policies, and we regularly revise them to meet the requirements of ISO 27001 accreditation. Texthelp recognise that the GDPR will help us move towards the highest standards of operations in protecting customer data.


International Data Transfers 

Texthelp Billing & Contact Data is stored in Amazon Web Services (AWS) which may involve the transfer of Personal Data to the United States of America. Texthelp has entered into Standard Contractual Clauses with AWS in compliance with Article 46 of the GDPR.


Staff training

Texthelp provides opportunities for staff to explore Data Protection and GDPR issues through training, team meetings, and supervisions. All staff are required to sign an electronic form signifying that they have read, understood and accept Texthelp’s Information Security policies.

Quality Management Systems ISO 9001

Texthelp BSI 9001 logoTexthelp strives for continual improvement in our products and services and in our customer satisfaction. To help achieve this we implement a Quality Management System certified to the requirements of ISO 9001:2015 (certificate # FS 59973) that is audited annually by the British Standards Institute (BSI). 
 

 

Information Security Management System ISO 27001


Texthelp BSI ISO27001 logoTexthelp takes the security and privacy of all customer data very seriously and implements an Information Security Management System certified to the requirements of ISO 27001:2013 (certificate # IS 679535) that is audited annually by the British Standards Institute (BSI).


All data that is stored by Texthelp, and classified as Customer/Personal Information, is stored in compliance with the following guidelines:
  • Encrypted at Rest
  • Encrypted in Transit using SSL Encryption
  • All Access to the information is Logged
  • Access protected by two-factor authentication
  • All data must be stored in an ISO 27001 or equally secure facility
  • All data must be backed up regularly and securely
  • All data should be recorded in the data security management system
  • Any relevant data security contracts that have been entered into between Texthelp and a Customer must be recorded in the Data Security Management System

**No customer or private data will be transported using physical media**

All data stored by Texthelp is stored according to our Information Security Policy.




 

UK withdrawal from European Union (Brexit)

The transition period for the UK leaving the European Union ended on 31st December 2020 and a trade deal between the EU/UK has been agreed but with some items still outstanding to be negotiated. As a result of the UK’s exit from the EU the UK, with regards to the transfer or EU citizens data, is now regarded  as a third country. The EU & UK have agreed that transfers of data from the EU to the UK may carry on as before for a period of up to 6 months while an adequacy decision is made. 

So, with regard to personal data, the situation remains unchanged and the transfer of data may continue as before.

It is hoped that the UK will, at some point during the next 6 months, be added to the list of countries considered by the EU authorities to have an adequate level of data protection, in which case there should be no change necessary to current arrangements. We will keep you updated on developments on this page as we become aware of them. 


For further information on how we treat data subject information please see the Texthelp Products Privacy Policy and the Texthelp website Privacy Policy.

If you have any further queries not addressed by this notice please contact us at info@texthelp.com.
 

Subject data access request

Texthelp complies with Article 15 of the General Data Protection Regulation (GDPR) and the rights of the Data Subject with regard to personal data that we may store about them.

Article 15 incudes (but is not limited to) the requirement of the Data Controller (where Texthelp is the Data Controller) to provide the Data Subject with information relating to:
  • the purposes of our processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipient we disclose the personal data to;
  • our retention period for storing the personal data or, where this is not possible, our criteria for determining how long we will store it;
  • the existence of their right to request rectification, erasure or restriction or to object to such processing;
  • the right to lodge a complaint with the ICO in the UK or the Data Protection Acts of states in the USA, PIPEDA in Canada, The Privacy Act (1988) in Australia, The Privacy Act (1993) in New Zealand or another supervisory authority in territories in which we operate;
  • information about the source of the data, where it was not obtained directly from the individual;
  • the existence of automated decision-making (including profiling); and
  • the safeguards we provide if we transfer personal data to a third country or international organisation.
We may be providing much of this information already in our privacy notice.

A Data Subject Access Request may be made via this form. It can also be made via any medium so you are not obliged to use this form to make a request. Alternatively you may telephone using the numbers on our 'Contact Us' page or email to datasecurity@texthelp.com

Texthelp will fulfil a Data Subject Access Request within 40 days of the request being received or will provide information explaining why the request cannot be fulfilled such as those restrictions described in Article 23.