Resilience Global uses the trusted payment gateway provided by Sage Pay
As a payment service provider (PSP), thousands of businesses outsource their transaction security to Sage Pay. It is their top priority to ensure that our customers’ transaction data is kept secure at all times.
All transaction information passed between merchant sites and Sage Pay’s systems is encrypted using 128-bit SSL certificates. No cardholder information is ever passed unencrypted and any messages sent to your servers from Sage Pay are signed using MD5 hashing to prevent tampering. You can be completely assured that nothing you pass to Sage Pay’s servers can be examined, used or modified by any third parties attempting to gain access to sensitive information.
Encryption and Data Storage
Once on Sage Pay systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards used by, among others, the US Government. The encryption keys are held on state-of-the-art, tamper proof systems in the same family as those used to secure VeriSign's Global Root certificate, making them all but impossible to extract. The data is extremely secure and Sage Pay are regularly audited by the banks and banking authorities to ensure it remains so.
Sage Pay’s systems are scanned quarterly by Trustwave which are an independent Qualified Security Assessor (QSA) and an Approved Scanning Vendor (ASV) for the payment card brands.
Sage pay is also audited annually under the Payment Card Industry Data Security Standards (PCI DSS) and is a fully approved Level 1 payment services provider, which is the highest level of compliance. Sage Pay are also active members of the PCI Security Standards Council (SSC) that defines card industry global regulation.
To view our PCI DSS certificate please contact Sage Pay directly.
Links to banks
Sage Pay has multiple private links into the banking network that are completely separate from the Internet and which do not cross any publicly accessible networks. Any cardholder information sent to the banks and any authorisation message coming back is secure and cannot be tampered with.
Sage Pay is controlled by Iris Scanners, which are the latest and most precise biometric security devices available for identification. As used by; chemical plants, airports, police stations, prisons and other facilities where security is paramount. No one can enter or leave the building without a valid security pass.
All employees at Sage Pay are Criminal Records Bureau (CRB) checked prior to employment and no unauthorized individual has access to or is able to decrypt transaction information or cardholder data. Sage Pay systems only allow access to our most senior staff and only in extenuating circumstances (such as investigations of Card Fraud by the Police). All transaction information and customer card information is secure even from Sage Pay's own employees.
Sage Pay operates on twin data centres to ensure optimal system security and up-time and has a full disaster recovery and business continuation policy.
1. Who we are
We are a fully Registered Charity in the United Kingdom Charity Number 1148367 Resilience Global. Our registered office is at 83 Victoria Street, Westminster, London, United Kingdom SW1H 0HW. We are also registered on the Information Commissioner's Office Register of Data Controllers. This registration covers all of our different business divisions.
For details of how to contact us, please refer to the Contact Us page.
2. How we collect information
We will collect information from you if you:
3. What we use your information for
We will use your personal information to provide any information on services that you have requested or any products that you have ordered. We may also contact you for feedback on your use of our products, services or our website.
We may use your personal data for internal purposes such as auditing, data analysis, and research to improve Resilience Global's products, services, website, and customer communications.
If you enter into a prize draw or competition, we may use the information you provide to administer those programmes.
We may also use your information to send important notices, such as communications about purchases and changes to our terms, conditions and policies. Because this information is important and sometimes critical, you may not opt out of receiving these communications.
From time to time, we may use your information to contact you with details about our products and services which we feel may be of interest to you. We may also share your information with our group companies, business partners and other carefully selected third parties so that they (or we) can contact you with information about their products or services which we feel may be of interest to you. We or they may wish to contact you for this purpose by telephone, post or email.
You have the right at any time to stop us from contacting you for marketing purposes. If you wish not to be contacted by us and/or our 3rd parties’ partners, you can send us an email with your request to email@example.com
4. Sharing your information
We may share your information with:
We may pass collective information about the use of our website or our products or services to third parties but this will not include information that can be used to identify you.
We will disclose your information if we are required to by law. We may disclose your information to enforcement authorities if they ask us to, or to a third party in the context of actual or threatened legal proceedings, provided we can do so without breaching data protection laws.
5. Cookies and Traffic Data
There are different types of cookies
Session Cookies - We use session cookies on our websites and in some of our products or services to identify and track users and to remember what is in your shopping basket (where relevant) and we also use session cookies in the VSP Admin reporting system to remember customer information used to complete transactions through the VSP Terminal. Our session cookies may contain your customer account number, company name and email address. These session cookies are deleted when you close your browser or leave your session in the product or service.
Persistent Cookies - Persistent cookies enable our website, product or service to “remember who you are” and to remember your preferences on our website. Persistent cookies will stay on your computer or device after you close your browser or leave your session in the product or service.
Web analytics and similar services - Our website uses web analytics services. Web analytics cookies allow us to recognise and count the number of visitors and see how they move around the website, product or service. This helps us make our service to you better.
We keep a record of traffic data which is logged automatically by our server, such as your Internet Protocol (IP) address, the website that you visited before ours, the website you visit after leaving our site. We also collect some site, product and service statistics such as access rates, page hits and page views. We are not able to identify any individual from traffic data or site statistics.
How to disable cookies
Most web browsers allow some control to restrict or block cookies if you wish, however if you disable cookies you may find this affects your ability to use certain parts of our website, products or services. For more information about cookies and instructions on how to adjust your browser settings, see the Internet Advertising Bureau website www.youronlinechoices.co.uk .
6. Your information
If we hold any information about you which is incorrect or if there are any changes to your details please let us know so that we can keep our records accurate and up to date. If you would like to update your records or see a copy of the information that we hold about you, you can contact us at Data Protection Officer, Resilience Global, at our Registered Office Address. If you request a copy of your information you will need to pay a statutory fee which is currently £10.
8. Security and storage of information
We will keep your information secure by taking appropriate technical and organisational measures against its unauthorised or unlawful processing and against its accidental loss, destruction or damage.
Some communications sent over the internet, such as email, may not be secured unless they are encrypted. Although we do our best to monitor and improve how we protect your personal data, we cannot guarantee the security of your data which is transmitted to our website or other products and services via an internet or similar connection and any transmission of data to our site is at your own risk. We do however use secure connections in our direct debit sign up pages, online application form and VSP Admin area, so please use these pages when providing us with sensitive information.
If we have given you (or you have chosen) a password to access certain areas of our website, product or service please keep this password safe - we will not share this password with anyone.
9. Transfers outside Europe
Personal data in the European Union is protected by data protection laws but other countries do not necessarily protect your personal data in the same way. Our website and some of our products or services or parts of them may be hosted in the United States and this means that we may transfer any information which is submitted by you through the website, product or service outside the European Economic Area (which means all the EU countries plus Norway, Iceland and Liechtenstein) ("EEA") to the United States. When you send an email to us, this may be stored on email servers which are hosted in the United States, if we do this, we will take steps to ensure that our hosting provider uses the necessary level of protection for your information but if you do not want your information to be transferred outside the EEA you should not use our website, product or service or contact us via email.
10. Other Sites
If you follow a link from our website, product or service to another site or service, this policy will no longer apply. We are not responsible for the information handling practices of third party sites or services and we encourage you to read the privacy policies appearing on those sites or services.
11. Further Information
If you would like further information about data protection, or if you would like to view the register of Data Controllers, you can visit the Information Commissioner's site at www.ico.gov.uk.
Thank you for visiting our website.
This website is designed by Resilience Global in order to be accessible to all users, and to comply with the Disability Discrimination Act (DDA) header.
The DDA was passed in 1995 (updated 1999 & 2004) to end the discrimination facing many disabled people, including when using the Internet. The Web Content Accessibility Guidelines (WCAG) were set out by the http://www.w3.org/World Wide Web Consortium (W3C) in 1999 to give checkpoints for accessible web design that complies with the DDA.
This website follows the Priority 1 and 2 guidelines relating to accessibility as set out by the WC3. Please see below for a summary of how the site meets these terms, as well as the Priority 3 guidelines.
All pages on this website have also been validated for XHTML and CSS, with accordance to the web standards set out by the W3C.
A Web content developer must satisfy this checkpoint. Otherwise, one or more groups will find it impossible to access information in the document. Satisfying this checkpoint is a basic requirement for some groups to be able to use Web documents.
A Web content developer should satisfy this checkpoint. Otherwise, one or more groups will find it difficult to access information in the document. Satisfying this checkpoint will remove significant barriers to accessing Web documents.
A Web content developer may address this checkpoint. Otherwise, one or more groups will find it somewhat difficult to access information in the document. Satisfying this checkpoint will improve access to Web documents.
Summary of how www.resilienceglobal.org follows Priority 1 Guidelines
Summary of how www.sagepay.com follows Priority 2 Guidelines
Summary of how www.resilienceglobal.org follows Priority 3 Guidelines
Resilience Global follows all of the Priority Three guidelines.
We strive to make the website accessible to all.
If you are not able to view any crucial content of this site please contact us at firstname.lastname@example.org
Resilience Global is committed to conducting business in an honest and ethical manner. In particular, we do not tolerate bribery and corruption and we are committed to acting professionally, fairly and with integrity in all our business dealings and relationships wherever we operate. We are committed to implementing and enforcing effective systems and processes to counter bribery and corruption.
As a UK company, Resilience Global is bound by the laws of the UK, including the Bribery Act 2010, in respect of our conduct both at home and abroad. In addition, we will uphold all laws relevant to countering bribery and corruption in all the jurisdictions in which we operate.
As well as ensuring our own conduct is appropriate, we have also put in place procedures to prevent bribery being committed on our behalf by any associated persons, i.e. anyone that performs services for or on our behalf, such as our people, and in some cases, subsidiaries and third parties we work with such as resellers, referrers and business partners.
This is the standard of behaviour customers, suppliers and partners can expect from us and that we expect from them.