we take Security and data privacy seriously
IMIN LTD is registered with the ICO under the Data Protection Act. Our registration number is ZA264932. We are an IASME Gold and Cyber Essentials certificated company, which includes a GDPR self-assessment, and use ISO 27001 compliant technical infrastructure.
Evidence of audit and certification can be found at https://www.iasme.co.uk/certified-organisations/
Wherever personal details are captured as part of the Service these will only be accessible to those who need to use them. They will only be used in other contexts if the data subjects explicitly opt in. We do not share personal details further without permission.
imin is an IASME Gold Certified Company through continuous self-assessment and independent annual audit. The most recent annual audit was completed on 19 November 2017.
Where possible all core platform infrastructure and peripheral cloud services reside within the European Economic Area (EEA). Where services reside outside of the EEA, they are certified under the EU-US Privacy Shield. This ensures that "appropriate safeguards" are in place for GDPR compliance (see Art 46 of the GDPR).
imin’s core e-mail, productivity and collaboration tools are provided by G Suite, which is run within Google’s global infrastructure (https://gsuite.google.co.uk/intl/en_uk/security/). When sharing a e-mail and documents with imin using this medium, data may be transmitted outside of the EEA. Google provides capabilities and contractual commitments for their customers designed specifically to help address EU data protection requirements and the guidance provided by the Article 29 Working Party. G Suite offers EU Model Contract Clauses and a Data Processing Amendment, which imin have accepted on 17 October 2017. Additionally, G Suite has been assessed as appropriate for use with the UK government's Cloud Security Principles "OFFICIAL (including OFFICIAL- SENSITIVE)". Google also complies with ISO 27001, SOC 2 and SOC 3.
imin’s core platform infrastructure, provided by Heroku (https://www.heroku.com/policy/security) and Amazon Web Services (https://aws.amazon.com/compliance/), hold ISO 27001, FISMA, SOC 2, SOC 3 certifications. All other sub-processors use infrastructure that is certified to ISO 27001, SOC 2 Type II, or PCI Service Provider Level 1.
imin do not store credit card information directly, and instead use a tokenisation mechanism via secure SSL connection to defer this storage to Stripe, which assures PCI DSS compliance using the “Pre-filled SAQ A” method (https://stripe.com/docs/security).
All of the following organisational measures are included in imin’s Information Security Policy, which each member of staff strictly adheres to.
All of the following technical measures are centrally controlled, enforced, managed and monitored.
Questions, comments and requests regarding our security are welcomed and should be sent to our trading address at IMIN LTD, 14-22, Elder Street, London, E1 6BT, or emailed to [email protected].