Resilience Global uses the trusted payment gateway provided by Sage Pay
As a payment service provider (PSP), thousands of businesses outsource their transaction security to Sage Pay. It is their top priority to ensure that our customers’ transaction data is kept secure at all times.
All transaction information passed between merchant sites and Sage Pay’s systems is encrypted using 128-bit SSL certificates. No cardholder information is ever passed unencrypted and any messages sent to your servers from Sage Pay are signed using MD5 hashing to prevent tampering. You can be completely assured that nothing you pass to Sage Pay’s servers can be examined, used or modified by any third parties attempting to gain access to sensitive information.
Encryption and Data Storage
Once on Sage Pay systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards used by, among others, the US Government. The encryption keys are held on state-of-the-art, tamper proof systems in the same family as those used to secure VeriSign's Global Root certificate, making them all but impossible to extract. The data is extremely secure and Sage Pay are regularly audited by the banks and banking authorities to ensure it remains so.
Sage Pay’s systems are scanned quarterly by Trustwave which are an independent Qualified Security Assessor (QSA) and an Approved Scanning Vendor (ASV) for the payment card brands.
Sage pay is also audited annually under the Payment Card Industry Data Security Standards (PCI DSS) and is a fully approved Level 1 payment services provider, which is the highest level of compliance. Sage Pay are also active members of the PCI Security Standards Council (SSC) that defines card industry global regulation.
To view our PCI DSS certificate please contact Sage Pay directly.
Links to banks
Sage Pay has multiple private links into the banking network that are completely separate from the Internet and which do not cross any publicly accessible networks. Any cardholder information sent to the banks and any authorisation message coming back is secure and cannot be tampered with.
Sage Pay is controlled by Iris Scanners, which are the latest and most precise biometric security devices available for identification. As used by; chemical plants, airports, police stations, prisons and other facilities where security is paramount. No one can enter or leave the building without a valid security pass.
All employees at Sage Pay are Criminal Records Bureau (CRB) checked prior to employment and no unauthorized individual has access to or is able to decrypt transaction information or cardholder data. Sage Pay systems only allow access to our most senior staff and only in extenuating circumstances (such as investigations of Card Fraud by the Police). All transaction information and customer card information is secure even from Sage Pay's own employees.
Sage Pay operates on twin data centres to ensure optimal system security and up-time and has a full disaster recovery and business continuation policy.
We collect various kinds of personal data in the day-to-day running of our business and it is our aim to uphold the absolute highest standards when handling your personal information. For the purposes of this policy Resilience Global is the “Data Controller”, which means we are in a position to make decisions about the processing of data we hold about you, the “Data Subject”.
This is our Privacy Statement for online users: those who visit our site, fill out one of our online contact forms, and those we correspond with.
Our Approach to the GDPR
We follow the principles of the General Data Protection Regulation (GDPR), under which the law requires us to process data fairly; for specified purposes; limited to what is necessary and for as long as necessary; and to ensure data is accurate and secure.
We consider good data protection to be crucial in building positive working relationships, so we never collect data or process any data in a manner which we think would surprise people, and hope to exceed expectations in transparency about our data processing.
We always carefully consider our legal bases for processing under the GDPR for every single item of data we collect, and we make every effort to only process data when we absolutely must to comply with our legal and contractual obligations, and when we are satisfied that it is necessary for our business to function.
We take measures to keep data secure and protect against unauthorised access, and we take particular care before collecting and holding any data that could adversely affect your rights and freedoms or cause you loss or other damage.
Our website uses the following cookies to enable web analytic (held for the stated length of time), so we can monitor the effectiveness of our website.
Our websites also make use of ExpressionEngine CMS which sets several cookies for security and performance but no personally identifiable information is stored.
Our website also makes use of the Google reCAPTCHA API to improve the security of our website by collecting device and application data from our web users, and sending this data to Google for analysis. The information collected in connection with this service will be anonymised and used by Google to improve reCAPTCHA and for general security purposes. Google will not use this data for personalized advertising – to read more about Google’s use of data click here.
We process this data for our legitimate interest in operating an effective website and have performed an adequate legitimate interest assessment.
We do not collect or use any other information about web users to profile or track them for direct marketing purposes.
When users sign up to one of our mailing lists we only record the information that they input into the form.
We use this information to market suitable goods/services to clients or potential clients and do so on the basis of consent.
We process names and contact details from emails, together with any other Personal Data provided, for the purposes of our legitimate interest of entering into business correspondence with clients, service users and other individuals who we may contact in our day-to-day operations, and we maintain adequate records of our correspondence with anyone who we may communicate.
Those who email us should refrain from sharing the personal details of others without that person’s permission, and any such information shall be processed under Article 14.5 of the GDPR, absolving our obligation to contact every Data Subject mentioned to us due to the disproportionate effort required.
Who do we share this information with?
We only transfer Personal Data we control to third party Processors for specified purposes, under strict instructions and with the assurance that appropriate measures are in place to protect your information. Our third party processors include:
We may share your personal information with other entities in our group.
We may also have to share any of the personal information that we hold in the context of a possible sale or restructuring of the business, or when we are required to by a regulator or to comply with the law.
We do not transfer any of the personal information of our web users outside the EU.
Our email servers are cloud hosted in the EU and the US under appropriate GDPR-compliant safeguards.
We will never share the personal data of our contacts with any marketing organisation or any other third party not outlined above. If this ever changes we will seek the express consent of the Data Subjects concerned.
Will the information be used for automated decision making or profiling?
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
How long do we keep this information?
We retain Personal Data in compliance with our Retention Policy and Schedule for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Our Retention Policy & Schedule is available on request by contacting our officer responsible for data protection detailed below.
We retain and process personal data for which we have your consent unless and until you chose to withdraw your consent.
How do we keep this information secure?
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We ensure all our our third-party service providers take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
What rights do you have?
Data Subjects are entitled to request that we erase, restrict, rectify or provide you with a copy of the data we hold, and may object to processing activities.
If we process Personal Data on the basis of Consent, the Data Subject may withdraw their Consent in respect of the particular processing activity at any time.
It is our policy to fulfil any such request within the statutory period of one month unless there is a compelling legal or contractual obligation which prevents us from doing so.
To make any such request please contact our officer responsible for data protection, whose contact details are Nick Kirkby, email@example.com
You also have the right to lodge a complaint with the UK’s data regulator, the Information Commissioner’s Office. Visit www.ico.org for more information.
Our contact information
Unit 6, Satellite Business Village,
Crawley RH10 9NL
020 3818 0830
This website is designed by Resilience Global in order to be accessible to all users, and to comply with the Disability Discrimination Act (DDA) header.
The DDA was passed in 1995 (updated 1999 & 2004) to end the discrimination facing many disabled people, including when using the Internet. The Web Content Accessibility Guidelines (WCAG) were set out by the http://www.w3.org/World Wide Web Consortium (W3C) in 1999 to give checkpoints for accessible web design that complies with the DDA.
This website follows the Priority 1 and 2 guidelines relating to accessibility as set out by the WC3. Please see below for a summary of how the site meets these terms, as well as the Priority 3 guidelines.
All pages on this website have also been validated for XHTML and CSS, with accordance to the web standards set out by the W3C.
A Web content developer must satisfy this checkpoint. Otherwise, one or more groups will find it impossible to access information in the document. Satisfying this checkpoint is a basic requirement for some groups to be able to use Web documents.
A Web content developer should satisfy this checkpoint. Otherwise, one or more groups will find it difficult to access information in the document. Satisfying this checkpoint will remove significant barriers to accessing Web documents.
A Web content developer may address this checkpoint. Otherwise, one or more groups will find it somewhat difficult to access information in the document. Satisfying this checkpoint will improve access to Web documents.
Summary of how www.resilienceglobal.org follows Priority 1 Guidelines
Summary of how www.sagepay.com follows Priority 2 Guidelines
Summary of how www.resilienceglobal.org follows Priority 3 Guidelines
Resilience Global follows all of the Priority Three guidelines.
We strive to make the website accessible to all.
If you are not able to view any crucial content of this site please contact us at firstname.lastname@example.org
Resilience Global is committed to conducting business in an honest and ethical manner. In particular, we do not tolerate bribery and corruption and we are committed to acting professionally, fairly and with integrity in all our business dealings and relationships wherever we operate. We are committed to implementing and enforcing effective systems and processes to counter bribery and corruption.
As a UK company, Resilience Global is bound by the laws of the UK, including the Bribery Act 2010, in respect of our conduct both at home and abroad. In addition, we will uphold all laws relevant to countering bribery and corruption in all the jurisdictions in which we operate.
As well as ensuring our own conduct is appropriate, we have also put in place procedures to prevent bribery being committed on our behalf by any associated persons, i.e. anyone that performs services for or on our behalf, such as our people, and in some cases, subsidiaries and third parties we work with such as resellers, referrers and business partners.
This is the standard of behaviour customers, suppliers and partners can expect from us and that we expect from them.