1. All our files are held within a cloud-based file management system which is password protected for access. These files are limited to our tutors and administrator, on a need to know basis.
2. Every person having access to those files has signed a confidentiality agreement with our company.
3. We require all companies working with us (such as website building & newsletter management) to sign a confidentiality agreement. In practice this is likely to be a standard part of contractual arrangements.
4. Any specific files, such as databases, also have their own password for a second level of protection. This includes our master password list which is itself password protected. Where possible two-step authentication is implemented.
5. Wherever emails are sent to more than one person, apart from internal emails amongst staff members, or student groups, all recipients of emails are blind copied, with the sender sending the email to themselves so that no one else shows in the received line. This is known as “bcc”. We will not send you emails about our courses and publications unless you have actively given us your permission. Our newsletters are managed within MailChimp for efficient and compliant data storage purposes.
6. Where files are of a personal nature they are sent using a specific web-based encrypted service, WeTransfer.com. Alternatively we may send them using a password-protected file attached to an email. If we use this second method we send the password via a different method, either using a mobile phone message or a Signal (Android and apple app) message.