we take Security and data privacy seriously
IMIN LTD is registered with the ICO under the Data Protection Act. Our registration number is ZA264932. We are an IASME Gold and Cyber Essentials certificated company, which includes a GDPR self-assessment, and use ISO 27001 compliant technical infrastructure.
Evidence of audit and certification can be found at https://www.iasme.co.uk/certified-organisations/
imin is an IASME Gold Certified Company through continuous self-assessment and independent annual audit. The most recent annual audit was completed on 19 November 2017.
IMIN LTD is registered with the ICO under the Data Protection Act. Our registration number is ZA264932. We use ISO 27001 compliant technical infrastructure.
Wherever personal details are collected as part of the Service these will only be accessible to those who need to use them. They will only be used in other contexts if the data subjects explicitly opt in. We do not share personal details further without permission.
Where possible all core platform infrastructure and peripheral cloud services reside within the European Economic Area (EEA). Where services reside outside of the EEA, the EU Standard Contractual Clauses or equivalent are used as the data transfer mechanism. This ensures that "appropriate safeguards" are in place for GDPR compliance (see Art 46 of the GDPR). Our list of sub-processors and their data processing locations can be found here.
imin’s core e-mail, productivity and collaboration tools are provided by Google Workspace, which is run within Google’s global infrastructure (https://workspace.google.com/intl/en_uk/security/). When sharing a e-mail and documents with imin using this medium, data may be transmitted outside of the EEA. Google provides capabilities and contractual commitments for their customers designed specifically to help address EU data protection requirements and the guidance provided by the Article 29 Working Party. Google Workspace offers EU Model Contract Clauses and a Data Processing Amendment, which imin have accepted on 17 October 2017. Additionally, Google Workspace has been assessed as appropriate for use with the UK government's Cloud Security Principles "OFFICIAL (including OFFICIAL- SENSITIVE)". Google also complies with ISO 27001, SOC 2 and SOC 3.
imin's infrastructure is secured by Cloudflare's Web Application Firewall and accelerated by its Content Distribution Network, which are run within Cloudflare's global infrastructure (https://www.cloudflare.com/en-gb/network/). If Cloudflare transfers any Personal Data outside of the EEA or UK, Cloudflare always ensures that a legal mechanism to achieve adequacy in respect of that processing is in place (https://www.cloudflare.com/en-gb/gdpr/introduction/). Cloudflare also complies with ISO 27001, SOC 2, and PCI DSS 3.2.1.
imin’s core platform infrastructure, provided by Heroku (https://www.heroku.com/policy/security) and Amazon Web Services (https://aws.amazon.com/compliance/), hold ISO 27001, FISMA, SOC 2, SOC 3 certifications. All other sub-processors use infrastructure that is certified to ISO 27001, SOC 2 Type II, or PCI Service Provider Level 1.
imin do not store credit card information directly, and instead use a tokenisation mechanism via secure SSL connection to defer this storage to Stripe, which assures PCI DSS compliance using the “Pre-filled SAQ A” method (https://stripe.com/docs/security).
All of the following organisational measures are included in imin’s Information Security Policy, which each member of staff strictly adheres to.
All of the following technical measures are centrally controlled, enforced, managed and monitored.
Questions, comments and requests regarding our security are welcomed and should be sent to our trading address at IMIN LTD, Kemp House, 152-160 City Road, London, EC1V 2NX, or emailed to firstname.lastname@example.org.