SimplePay secures the storage and transmission of your personal information from unauthorised access in line with, and in many instances beyond, the requirements of the relevant pieces of data protection legislation. Your personal information is secured from unauthorised access, use or disclosure via the means outlined below:
TWO FACTOR AUTHENTICATION
To verify the identity of the user who is logging in, SimplePay offers a two factor authentication system, whereby logging in and performing certain actions requires a newly generated verification code. This means that even if your password were to be compromised, an unauthorised user would still be barred from accessing your account.
Data transferred between your browser and SimplePay’s servers is encrypted and secured by SSL certificates – the same protocol by your internet banking – so that no-one can eavesdrop on your communications.
PHYSICAL ACCESS CONTROL
SimplePay’s servers are stored in a data centre in Ireland provided by AWS (Amazon Web Services), where access to the buildings, data floors and individual areas is strictly controlled by means of individually programmed access cards – using biometrics and visual identification – ensuring secure, single-person entry.
HIGH SECURITY STANDARDS
The data centre provider has effective technical and organisational measures in place to ensure the protection of all information assets across their global operations. Meeting the stringent international security and compliance standards has lead to them receiving internationally recognised certifications and accreditations, such as ISO 27001 for technical measures, ISO 27017 for cloud security, ISO 27018 for cloud privacy, SOC 1, SOC 2 and SOC 3, PCI DSS Level 1, and EU-specific certifications such as BSI’s Common Cloud Computing Controls Catalogue (C5).
All data is instantaneously backed up to a secondary AWS location, to minimise data loss in case of disaster. There is also a separate backup made every 24 hours.
PERSONAL DATA BREACH PROCESS
In the unlikely event of a data breach, SimplePay will contact all affected parties in accordance with our Data Breach Process, formulated based on the requirements of GDPR.