Your data is safe with us.
AssistAR has partnered with Amazon AWS for its cloud technology and personal data is processed to a very high level of security.
When processing personal data AssistAR bases its security policy on the UK version of GDPR currently in place following the UK’s exit from the European Union. AssistAR is a PCI DSS Level 1 service provider and so it is familiar with the correct procedures necessary to guarantee the security of personal data to the highest possible level.
During the remote visual assistance sessions, personal data is captured and stored in the form of images, chat text, name & address and phone number. This information must be secured and managed correctly according to the UK GDPR policy. To this end AssistAR implements the following security controls and procedures:
Amazon AWS secure storage
The web site and storage systems are based on AWS technology located in the relevant local zone (eg UK) which features a firewall, encryption at rest, two-factor administration authentication, TLS 1.2 media encryption in transit, change logging and daily backups amongst other security features. Amazon AWS is also accredited to ISO27001 and PCI DSS Level 1 which are both relevant to personal data security.
Monthly automated scans and six-monthly penetration tests are conducted to identify weaknesses that may have been recently discovered before they become an issue.
AssistAR is fully backed up daily with a log of each daily change. It can roll back to any previous point in time in the event of a breach or unstable update. The main web site has a staging platform that is synchronised with the main site which is used to pre-test major updates.
Web application firewall
AssistAR uses a web application firewall and proxy to protect it against attack from the internet and provide alerting when an attempt is made. This system provides a great deal of flexibility and ease of administration without compromising our customer experience.
Personal data export and deletion
If a user requests for AssistAR to delete or view their personal data, the administrator of the marketplace can do this easily using a built-in tool. Once the user approves the change, the administrator can remove the data from their database. If they wish to view data stored, they can then be provided with this. When deleted, all personal data is permanently removed totally from the database and storage systems.
Policies and procedures
AssistAR is a trading style of Hostcomm Ltd which is a Level 1 PCI DSS accredited service provider. It follows the PCI DSS policies and procedures which are the highest standard possible and subject to yearly independent auditing.