Party Wall PRO Security and GDPR Compliance

Party Wall PRO Security and GDPR Compliance

Information Technology Specifications

  1. Hosting

PartyWall PRO is hosted on a virtual private server provided by a third party service provider called Digital Ocean (www.digitalocean.com/).

Party Wall PRO therefore provides a 99.99% uptime SLA around network, power and virtual server availability. The data is hosted in London (LD1) using Equinix IBX data centre with average download speeds of 60Mb/s and upload speeds of 30Mb/s.

Equinix are the service providers of choice for law firms and financial institutions in the City of London. Equinix facilities are regularly audited and are SSAE16/ISAE3402 SOC-1 Type II and ISO 27001; 9001; and 50001 certified.

  1. Connectivity

PartyWall PRO uses SSL encryption to secure connections and keep our customers’ data safe from monitoring and tampering while in transit between the browser and the remote server.

All traffic is also routed through CloudFlare which provides additional security and stops attacks before they even get to our site. (http://cloudflare.com/).

Cloudflare provides Party Wall PRO with 15Tbps DDoS protection, combined with rate limiting and a web application firewall to mitigate both large and volumetric attacks and complexe attacks targeting various levels of the OSI model.

  1. Storage

PartyWallPro uses a MySQL database for storage. Users’ passwords are encoded with the BCrypt strong hashing function.

  1. Backups

Party Wall PRO customers benefit from automatic nightly backups of the database and automated weekly backups of the whole server.

  1. Disaster Recovery

Party Wall PRO benefits from Equinix’s IBX multiple disaster recovery facilities in and around London.

General Data Protection Regulation Compliance

  1. Our Commitment

We have been following the developments of the GDPR from the outset to make sure we understand exactly how it impacts your party wall business and how it will impact the way we handle data on your behalf.

We gave a series of webinars on the subject and how the GDPR will affect your practice and we are committed to keeping you informed of any changes.

We are committed to facilitating GDPR compliance efforts by ensuring that data privacy continues to be a major consideration going forward. This is to give you the peace of mind that data you upload will be looked after in accordance with GDPR.

Our GDPR commitments form an integral part of our core values of honesty and integrity whilst we continue delivering value and innovation to the party wall community.

We welcome and questions of concerns that you may want to raise and for more information do not hesitate to contact us at info@partywallpro.com

  1. What is the GDPR and why does it affect party wall surveyors?

The General Data Protection Regulation (GDPR) is the biggest shakeup in data protection laws since the word “data” made it into the Oxford Dictionary and it will happen on 25 May 2018. The new piece of legislation will replace the current Data Protection Act 1998 (DPA).

This piece of legislation will affect party wall surveyors because as part of their job surveyors will collect personal data and process such data.

For more information on how the GDPR affects party wall surveyors, please read our Blog post here: www.partywallpro.co.uk

  1. What is Party Wall PRO’s role under GDPR?

Party Wall PRO is both a data controller and a data processor under the regulation and since the GDPR introduces more obligations on the data processor than the DPA, we need to be on top of our game.

We are a data controller in connection with data we collect from our customers in order to deliver our services and provide efficient customer support. This data is limited to customer name and contact details.

We are also a data processor for all data uploaded to Party Wall PRO by our users (and our users are considered data controllers of that data). In relation to that data, we have to comply with what our users direct us to do, but we also need to comply with the new obligations applying to data processors deriving from the GDPR.

  1. How do we comply?

We have conducted an in-depth analysis of how we deal with personal data. This included the nature of the data, the scope of our processing and what our service providers were handling for us.

We have entered into an agreement with our web hosting service provider to ensure that they provide GDPR compliant services. This agreement can be found here: https://www.digitalocean.com/security/gdpr/data-processing-agreement/

We reviewed our terms and conditions and privacy policy and made all necessary changes to comply with the new legislation.

We also implemented internal policies and procedures to make sure that Party Wall PRO adheres to the “compliance by design” principle of the GDPR (even though we are a tiny company).

  1. What do we process and store

We only process data that our users are giving us voluntarily. The majority of the data in question relates to party wall jobs. This includes the names and postal addresses of the building owners and adjoining owners, names of surveyors and third surveyors and their contact details.

  1. How do we delete data from our servers

In the event a user wants to delete any data that he or she has uploaded onto Party Wall PRO, the customer only needs to email us at info@partywallpro.com to request that all personal data be deleted and we will comply.

  1. How do we deal with data portability

In the event a customer wishes to get a copy of the his/her personal data stored inside Party Wall PRO, the user can do so by emailing us at info@partywallpro.com and we’ll deliver the data in a “portable” medium.

  1. Do we transfer data outside the EEA?

We are taking all steps to ensure that all our data is stored within the UK and our US service providers are certified under the Privacy Shield. This means that if data was to be transferred to the US (in case of UK data center failure for example) it would be done in accordance with GDPR.