SECURITY STATEMENT

 

This Statement should be read in conjunction with SimplePay’s Terms of Service,  Privacy Policy and GDPR Page.

Storage and transmission of data by SimplePay is done in compliance with the highest standards, including GDPR. Your personal information is secured from unauthorised access, use or disclosure via the means outlined below:

SSL
Data transferred between your browser and SimplePay’s servers is encrypted and secured by SSL certificates – the same protocol by your internet banking – so that no-one can eavesdrop on your communications.

PHYSICAL ACCESS CONTROL
SimplePay’s servers are stored in a data centre in Ireland provided by AWS (Amazon Web Services), where access to the buildings, data floors and individual areas is strictly controlled by means of individually programmed access cards – using biometrics and visual identification – ensuring secure, single-person entry.

HIGH SECURITY STANDARDS
The data centre provider has effective technical and organisational measures in place to ensure the protection of all information assets across their global operations. Meeting the stringent international security and compliance standards has lead to them receiving internationally recognised certifications and accreditations, such as ISO 27001 for technical measures, ISO 27017 for cloud security, ISO 27018 for cloud privacy, SOC 1, SOC 2 and SOC 3, PCI DSS Level 1, and EU-specific certifications such as BSI’s Common Cloud Computing Controls Catalogue (C5).

DATA PROTECTION
All data is instantaneously backed up to a secondary AWS location, to minimise data loss in case of disaster. There is also a separate backup made every 24 hours.

PERSONAL DATA BREACH PROCESS
In the unlikely event of a data breach, SimplePay will contact all affected parties in accordance with our Data Breach Process, formulated based on the requirements of GDPR.