- Service security – technical measures taken to protect your information.
- Financial information – the handling of credit card payments.
- Confidential information – how private information can and can't be used.
- Information about Your access and use of the Service – what "meta" information is collected and how it can and can't be used.
1. Service security
a. Data storage and transmission
All Data and Personal Data is stored within a secure database at NIP's UK offices. If You access or input information from any country outside the UK, You consent to it being transferred from one country to the other (including via any intermediate country) as a function of transmission across the internet.
The Website through which the Service is provided has an SSL Certificate, so all Data and Personal Data transferred between You and the Service is encrypted. However, You are responsible for ensuring that Your browser supports the encryption security used in connection with the Service.
b. Service access
Access to the Service is only possible with a valid Login and NIP has implemented several additional defensive measures:
- Any attempt to navigate directly to a page when not logged-in results in the login screen being presented.
- Failed login attempts are logged – along with the originating IP address – to a file on the server, which is regularly monitored.
- To mitigate against the risk of malicious attempts to guess a valid Login, the Service deliberately uses one error message, regardless of whether the username or password is incorrect (or both).
c. Password security
Your password is hashed, not known to NIP, and cannot be retrieved by NIP.
Each cookie expires after a certain period of time, depending on what it is used by NIP for, i.e.:
- To authenticate Your identity, such as confirming whether You are currently logged-in to the Service.
- To improve the Service, by measuring Your usage and tracking referral data.
2. Financial information
NIP uses Sage Pay to collect/process transaction information.
Please see Sage Pay's Security Policy for further information.
3. Confidential Information
Both of The Parties will take all steps as shall from time to time be necessary to protect the Confidential Information of the other.
To provide you with the Service, You grant NIP (and permitted sub-contractors or agents) the rights to:
- Use Personal Data in the creation of a Login for you to access the Service.
- Use, copy, transmit, store, and back-up the Data and Personal Data for the purposes of enabling You to access and use the Service.
- Access Personal Data and Data as part of regular management of the Service.
- Use Personal Data to contact You (typically by email) in connection with Your use of the Service.
However, except as permitted or contemplated hereunder, neither You nor NIP (and permitted sub-contractors or agents) shall at any time, for any reason whatsoever, disclose to any third party (or permit the disclosure of to any third party) the other's Confidential Information, in whole or part.
This obligation of confidentiality shall not apply to any Confidential Information which shall have come into the public domain without fault on the part of either party or which is disclosed to either party or is known to or recorded by either party prior to it entering into the Agreement.
Otherwise, though, no disclosure shall be made to any third party (other than to permitted sub-contractors or agents) by one party of the other party's Confidential Information without that other party's explicit consent, except:
- To any person having a legal right or duty to obtain or require such Confidential Information; or
- To any professional adviser, or other third party to whom it is essential that such Confidential Information be disclosed in, or for the purpose of, any legal proceedings or arbitration involving either party to the Agreement, or for normal accounting purposes.
4. Information about Your access and use of the Service
As You access and use the Website and Service, various pieces of "meta" information are collected:
- Information about how You access the Service, including (but not limited to):
- Your originating IP address (from which it may be possible to infer Your geographic location).
- The operating system and browser used.
- Information about Your interaction with the Service, including (but not limited to):
- The source that referred You (e.g. a link on a website or in an email).
- Which pages You access and for how long.
- When You perform actions (such as accessing and submitting an Assessment).
To collect this information, NIP uses a combination of (i) third party tracking services that employ cookies and page tags (e.g. Google Analytics), (ii) a web server log file that records each time a device accesses the Website and the Service, and (iii) a management interface to the Service.
NIP (and permitted sub-contractors or agents) uses such information as follows:
- To manage the Service.
- To better understand our customers' requirements and usage patterns, such that we can further develop the Service.
- To contribute to aggregate statistics about the Service – e.g. numbers of users, average time taken to complete an Assessment, etc – which are only indirectly derived from Your use of the Service (along with other users of the Service) and that will never be presented to third parties in a way that can be used to identify You.