Privacy and security policies

Copyright Witness operates a strict privacy policy regarding client information.

• All our personnel dealing directly with client details are required to sign a confidentiality agreement.
• All client details, registered works or registration details are considered confidential and except where legally required, (i.e. by court order or Police investigation), will not be disclosed to any third party without prior consent.
• Client details will never be passed onto other companies, mailing lists, etc.
• All electronic back ups of works are encrypted, to ensure they cannot be accessed by unauthorised personnel.
• All documents and files containing client data that require disposal, (such as redundant or expired files) are disposed of in a secure manner, normally by shredding and/or incineration.

Confidentiality is a fundamental company principal that extends throughout the web site.

Digital certificates

Digital certificates are fundamental to our web site security, they provide

1. Authentication  

   Certificates are issued by an independent, trusted third party known as a Certificate Authority (CA). Before certificates are issued, the Authority independently verifies our company‘s legal documents, the names of the directors, their association with the company, and the company‘s ownership and right to use the Internet domain names. This means you can be 100% sure we are who we say we are.

2. Encryption  

   The certificates form the basis for encrypted communication channels over the internet. Encryption is the scrambling of data that ensures that information you send cannot be read by anyone intercepting the transmission. It means that only our servers and your browser are capable of understanding the data.

Our secure servers use the latest high security 256bit digital certificates from DigiCert. We proudly display the DigiCert seal on our web site. This seal is your assurance that the site is secure and safe. You can verify our credentials by clicking on any DigiCert seal displayed on our web site. This will take you direct to DigiCert who will provide details about our certificates and confirm our details.

Secure servers

We host our web sites and services using our own secure web and email servers and have in-house IT specialists who manage our systems. This means that your information and files are never stored or copied by any third parties along the way.

1. Uploads and registrations

   When you register or update a work online, any files you upload are sent only over a over highly encrypted channel that directly connects your computer and our server, and authenticated using a digital certificate.

2. Data entry on forms

   We believe the protection of personal data is so important that whenever you access one of the forms on our web site, even if it is a form such as feedback, where you may not immediately be concerned about security, you will be redirected to a secure server so that you may enter information without fear of it being distributed around the internet. This can be verified by the URL starting with ‘https:’.

   You can verify this yet further - your browser will have a ‘padlock’ symbol showing that you may enter data in confidence.

When we store your work electronically, it is done in such a way to ensure that it cannot be accessed by any unauthorised person.

Files you upload are immediately obfuscated, and all back up files are encrypted. Our storage servers cannot be directly accessed from the Internet, so they cannot be targeted by hackers.

We do not store your card details on our servers. When you register online using your credit card, we simply pass the details you supply to one of our payment service providers over an dedicated 256 bit encrypted channel. The payment service providers we use are regularly audited by Visa and Mastercard to ensure that they meet strict security standards.

If you supply credit card details on a postal application form, these are securely disposed of once payment has been taken.

3D Secure verification

Some transactions* may also use ‘MasterCard SecureCode’ or ‘Verified by Visa’ secure authentication. These systems (collectively known as ‘3D Secure’) use personal passwords or identity information to further protect card users against unauthorized use. (*Dependant on participating bank and payment service provider)