Security & Compliance.
We hold and process personal data on behalf of our customers and ourselves and we take this responsibility very seriously.
We are proud to hold industry leading certifications and to use the services of 3rd party companies to audit us and provide security advice and consultancy.
We use specialist tooling and specialist companies to help us continuously monitor for threats and vulnerabilities and maintain a secure environment. We have a 24/7 SOC (Security Operations Centre) monitoring, detecting and protecting against cyber security threats.
We run exercises internally to ensure we are ready for any event that may occur and regularly test all our incident, disaster and recovery processes.
Security
Certifications we hold:
ISO27001:2022: Our operations globally are covered by this standard, providing for specific operational controls around how we manage the security, confidentiality, integrity, and accessibility of all of the information we use every day, in whatever format it is stored. A copy of our certification can be provided upon request.
ISAE3402 Type 2: Our AIR platform is audited to the International Standard on Assurance Engagements 3402, ‘Assurance Reports on Controls at a Service Organisation,’ issued by the International Auditing and Assurance Standards Board and covers our global operations. A copy of our certification can be provided upon request.
Security by Design and Zero Trust.
All our staff take part in a continuous data security training program and take the necessary steps to ensure that our information is properly managed and protected, by being aware of how we use information every day, understanding and following our guidelines and highlighting and reporting any potential (or real) security risks, issues or other observations to our Security Team.
We only process personal data in a manner as required for the permitted purposes of our contractual agreements.
We take all necessary steps to ensure that the information we hold is properly managed and protected. All information is stored on secure servers within the Google Cloud Platform and within the Google Cloud Network. We use industry-standard security systems and firewalls, we maintain physical, electronic, and procedural safeguards in connection with all the information we hold.
We have implemented Security by Design across our organisation into our development processes and continue to engrain data security into our ISO controls.
With our Zero Trust approach to security, we continuously validate security configurations and postures and require all users to be authenticated and authorised with the minimum access rights possible before being given access to data.
GDPR
The General Data Protection Regulation (GDPR) came into effect on the 25th May, 2018. For useful information from the Information Commissioner, please see their website https://ico.org.uk.
As a Data Processor, we hold and process personal data on behalf of our customers.
We have carried out a comprehensive Data Protection Impact Assessment (DPIA) of the GDPR requirements and the impact on our platforms. We have carried out staff training, reviewed and analysed all the data we hold and have worked hard to implement the required changes. We are working with our customers to implement the changes they require to comply with the regulations.
Eagle Eye is proud to be fully certified to the International Standard ISO27001:2022. This standard provides for specific operational controls around how we manage the confidentiality, integrity and accessibility of all the information we use every day, in whatever format it is stored. We have implemented Privacy by Design into our development processes and continue to engrain GDPR into our ISO controls.
Our Policies
We have a number of policy documents that we keep up to date to keep you informed on how we use data and how our site works, these include our cookie policy, our privacy policy and our terms of use.
Our Patents
Eagle Eye Solutions owns a number of patents covering the use of a Chip and PIN terminal. These patents notably cover the use of a Chip and PIN terminal in a mode of operation for transacting coupons, vouchers and loyalty transactions. If you would like to enquire about licensing or to report a suspected infringement please contact us on contact@eagleeye.com.