Protecting your data
All the data we hold is processed in strict accordance with the Data Protection Act 2018.
Your control access
As the subscription holder you have control over who has access and what they are able to do.
Access to the Diagnostax Ecosystem Service is provided through a login and password. We require all accounts to have strong passwords with a minimum of 8 characters containing a combination of special characters, numbers, upper case and lower case letters. We believe this will help reduce the risk of your account being accessed by an unauthorised person.
Moving with the times
We’re constantly improving Diagnostax, delivering new features and performance enhancements. We regularly carry out updates, taking care to ensure minimum interruption to our service and users.
Build to perform at scale
Diagnostax has been designed to grow with your business. Our secure servers, networks and infrastructure ensure we can deliver excellent service to you and other users.
We value our working relationship with you and understand the importance of protecting your data from unauthorised use or disclosure. As such, we promise not to share your information with our Tax Panel unless and until you confirm we have your consent to do so (by clicking the “Get Quote” button beside the relevant tax issue or sending an email requesting a quote to PAPteam@diagnostax.co.uk). Under the terms of our agreement with the Tax Panel, they are forbidden from contacting you directly without express consent from you to do so. Unless and until such consent is provided, they will liaise with you only regarding their proposed quotation.
Where is the data stored?
All the data is stored within a MYSQL database, and is secured through software and physical means.
Your data is protected by software at several different levels. There are constantly tested and updated firewall and operating system software programs in place on our server that restricts access to unauthorised users.
The databases are further protected by access restrictions, and all the data fields are encrypted when stored. We use encryption to protect client data as it is globally accepted as the best privacy-preserving technology in existence. It ensures that data stored digitally on computer systems or transmitted via the internet is kept private and this is done by obfuscating the data into unreadable code which protects client data by rendering it unreadable to anybody without the required user authentication.
We use AES encryption with 256bit keys, which is the current prevailing best-practice security software available. All data transmit through our website, between end-user devices and our server are encrypted with the use of a CA Security Council approved SSL certificate.
Our security is regularly and thoroughly tested by external software security experts who make recommendations for new methods to increase the security around your data. We are constantly examining and reviewing ways to implement additional security measures to provide ongoing protection.
Our data centre is located within a ring-fenced media broadcast hub, and has several layers of protection around our servers:
Level 1: fencing and entrance barriers to all boundaries
Level 2: 24x7x365 manned and patrolled external security
Level 3: Centrally controlled access system recorded, logged and audited
Level 4: isolated card and pin entry combination required to the Data Centre
Level 5: Video surveillance cameras are monitored constantly
Your data is constantly mirrored to a redundant backup server, meaning in the event of any significant failure we can switch to this live backup with minimal risk of data loss.
All our key hardware have redundant backups thus in the unlikely event of disk failure, data loss is adequately safeguarded against. Additionally, all the data is regularly backed up to an off-site location, in the event of a system-wide disaster, we can perform a full backup recovery.
We go to great lengths to keep your data safe and secure because we understand just how important it is to you.
Your Online safety
A phishing email is a form of social engineering that attempts to obtain sensitive information, such as usernames, passwords, and credit card details, often for malicious purposes, by disguising as a trustworthy entity. The email will look as though it has come from a reputable organisation, but will attempt to trick you into:
clicking on a link that will infect your computer with malicious software
following a link to a fake (but convincing looking) website that will steal your login details
opening an attachment that will infect your computer.
Recognising a Phishing email
Email is not sent directly to your email address – check the ‘to’ field.
The email is from an email address containing random digits – hover over the name
Incorrect spelling or grammar: legitimate organisations don’t always get it 100% right, but be suspicious of emails with basic errors.
Check the URL – often a misleading domain name is used or one that is just slightly different to the one you normally go to
Check site for design glitches
Message contains poor spelling and grammar
Message asks for personal information – a reputable company would never send you an email requesting your login details.
Don’t believe everything you see – just because the email has a convincing logo and an apparently valid email address doesn’t mean it’s legitimate.
If you suspect you’ve received a phishing or malicious email, and it says it’s from Diagnostax or uses Diagnostax’s logo, do not click on anything in the email – please report it by forwarding the email to email@example.com
If you would like to make a data request or have any concerns regarding the security of your data, please contact us at: firstname.lastname@example.org