AboutMi is developed and managed by Here2There.me Ltd, we are committed to protecting the confidentiality, integrity, and availability of the information entrusted to us. Our platform enables organisations to create and manage digital Communication Passports for the individuals they support, and we take the security of this information extremely seriously.
Data Protection and Privacy
- GDPR Compliance: We are fully compliant with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Personal data is only collected, stored, and processed with clear consent and for legitimate purposes.
- Data Minimisation: We only collect the information necessary to fulfil the purpose of the Communication Passport. Data is retained only as long as necessary and can be deleted upon request by the data subject or their authorised representative.
Secure Hosting and Storage
- UK-Based Hosting: All data is hosted on secure servers located within the UK or in jurisdictions with equivalent data protection standards.
- Encryption: All data is encrypted in transit using TLS 1.2 or higher and at rest using AES-256 encryption.
- Regular Backups: Data is backed up regularly to protect against loss, with secure, redundant storage and disaster recovery processes in place.
Access Control
- Role-Based Access: Access to the platform is strictly controlled through role-based permissions, ensuring users can only access the data they are authorised to view or edit.
- Multi-Tenancy Isolation: Organisational data is segregated to ensure no unauthorised cross-organisation access is possible.
- User Authentication: We support secure login protocols, including integration with trusted identity providers (e.g. Active Directory), and enforce strong password policies.
Audit and Monitoring
- Activity Logging: User actions on the platform are logged for auditing and accountability.
- Monitoring: Our systems are actively monitored for suspicious activity and unauthorised access attempts.
- Vulnerability Management: We conduct regular security assessments and promptly apply software updates and patches.
Third-Party and Staff Responsibilities
- Data Processing Agreements: All third-party providers involved in data processing are subject to rigorous due diligence and contractual obligations to uphold our security and privacy standards.
- Staff Training: All staff are trained in data protection and cyber security best practices, with access to sensitive systems limited to essential personnel.
Your Responsibility
Organisations using our platform are responsible for managing their users' access and ensuring that personal data input into the system is done lawfully and ethically.