|
| |
| This document is written
in: |
Plain english/ for everyone |
| It is accurate as of: |
23/02/2008 |
| Document type: |
AGCC Policy (all practices of AGCC
and its subsidiaries/ affiliates must conform to this
document) |
|
|
| |
This document informs end users of our privacy policy and data protection
data surrounding the way that we (AGCC) collect user information,
the reason behind doing so, its use and finally its storage and destruction
to ensure you (the reader) are fully aware of how we deal with your
data. It's written in plain english so anyone can understand it.
The data controller is: AGCC Networks
Contact information: Can be found on our contact us page or support
department |
| |
| AGCC takes customer privacy protection very seriously. We believe
all users of the internet have a right to privacy and as such do not
take an invasive approach to gathering information unlike some of
our peers and competitors. |
| |
| AGCC is a UK based company with its servers housed within datacentres
in the UK and as such conforms to all aspects of UK law for data collection,
storage and handling. |
| In accordance with the Regulation of Investigatory Powers Act (2000)
AGCC will co-operate with investigations with the UK police force
and /or the UK intelligence services upon request. |
| |
| In accordance with the Data Protection Act (1998), you are fully
within your rights to view all of the data that we hold within our
databases about you. AGCC will provide a full report containing all
of the information we hold about you*. AGCC will however charge an
administrative fee of £45 to collate and send you this data,
and reports will typically take between 2-5 days to be sent. To arrange
a data report, please contact our support department. |
| |
| AGCC must at all times ensure that it holds customer information
in a secure manner and does not disclose data to third parties unless
required to via court order. |
| |
| Customers must at all times ensure that their username(s) and password(s)
are kept in a secure fashion and not be disclosed to third parties
including but not limited to friends, family & work colleagues.
It is the customers responsibility to ensure that all information
held within the database is up-to-date and accurate. It is also the
customers responsibility to notify AGCC that they no longer wish to
be a customer in order to remove them from our database. |
| |
Our site's registration form requires users to give us contact
information (like their name, email, and postal address) and demographic
information (like their zip code, age, sex)
Contact information from the registration forms is used in but not
limited to processing purchases, assisting in technical support or
to returning phone calls or sales requests.
The customer's contact information is also used to get in touch with
the customer when necessary, and for other purposes such as AGCC orientated
newsletters (if applicable) |
| |
When accessing AGCC services through either your web browser and/
or our software, we use your IP address to determine demographic information
and your hostname.
This is collected when connected to any AGCC owned, managed or operated
server, network device or other networked device as part of our security
policy and as an industry standard.
Your IP address is also used for other purposes. Such as our web counters,
these log all the hits our site receives, this information can be
from the country our users are from and the browser they are using
etc. Your information may be collected by other areas of our web site,
such as our support request form, which collects your browser name
(such as Firefox/ Internet explorer) so that we can advise you with
comparability issues.etc This information is securely stored on the
AGCC servers, and cannot be accessed by anyone other than the network
administrators. (please see security & logging for more information) |
| |
Services requiring authentication (login) from a web browser will
typically create a "cookie" or a "session".
A cookie is a very very small file (typically no more than a few bytes),
A session is a very very small amount of data stored in your computers
memory (RAM).
This is an industry standard practice and a core principle in authentication
technology to authenticate your machine against our server whilst
using a secure area. AGCC uses a very high level of encryption to
ensure data integrity and security and use time based algorithms to
ensure that both cookies and sessions become obsolete after a set
period. Both cookies and sessions also do not house sensitive information
such as usernames and/ or passwords. |
| |
Information collected by AGCC is stored in a secure fashion on an
AGCC database server.
The data can be used to assist both our sales and software department
in assisting with a request and/ or purchase (with non-related information
not available to the member of staff), as well as for use by the user
in their online control panel and/ or portal.
Any passwords and other sensitive information is encrypted with a
very high algorithm using a mixture of both industry standard software
and in-house developed software to ensure your data stays secure. |
| |
| AGCC destroys all user information with exception of billing information
1 calendar year (365 days) after the user ceases to be a customer
of AGCC. Billing information is destroyed 3 years after a user has
ceased to be a customer of AGCC. This is to assist our billing department
with tax filling, fraud prevention and other related issues. |
| |
To protect your data and our servers, infrastructure, software
and company secrets - AGCC maintains security systems to prevent
misuse and tampering of its systems. We also use logging and monitoring
in connection with fault notification and monitoring to ensure a
reliable and responsive service.
Upon accessing a element hosted on a AGCC web server, mail server
and/ or SQL server, your IP address will automatically be logged.
Log files can only be viewed by the network administrators. An example
of a log file entry can be seen as:
192.168.0.1 - - [23/Feb/2008:16:08:40 +0000] "GET /index.php
HTTP/1.1" 200 9858 "-" "Mozilla/4.0 (compatible;
MSIE 5.0; Windows NT)" |
| |
| Authentication |
| End users must renember their own login username and password and
not share it with a third person. In the event you forget your username
and/ or password, please use the 'lost password' tool which will email
a link containing the web page and hash to a new password entry system.
The email will be sent to the address we stored in our database. Customers
are reminded it is their obligation to keep any information held about
them up-to-date and accurate for contact purposes, however in the
event you are no longer able to access the email account you initially
used or cannot renember it, please contact our support department.
More information on this can be found in our security policy. |
| |
AGCC maintains a high security presence both virtually and physically.
AGCC typically utilizes above industry standard encryption rates and
ensures its technicians configure security software such as sentinels,
check systems, backup devices, firewall's and routers to the best
of their ability. Software is also routinely updated and maintained
to ensure vulnerabilities are patched when discovered. |
| |
AGCC also houses its servers within a ultra-secure physical environment
including biometric security, CCTV, 24/7 on-site guards, remote monitoring
and ensures that the servers are kept locked within a server rack
within a cage/ data suite in on the data floor. Only AGCC accredited
and vetted technicians have access to the servers. Data centre staff
may from time to time require access to physically sensitive areas
where the servers are located but do so with prior request from AGCC.
Any third parties such as AGCC customers, non technical staff or official
third parties [such as government agents (firemen, police, paramedics)]
may have supervised proximity to the servers but will not be granted
access to them. |
| |
| * = In the interest of protection to our systems, 'hashed' data
from the database (such as a password) are not included in the packs.
Passwords are also never decrypted or transmitted as a 'plain text'
by any means physical or mechanical (post or email). Users that have
lost or forgotten their email addresses should see the above mentioned
section "authentication". |
| |
