Questions Answered
DATA SECURITY FAQS
The applications used by our staff are proprietary, and so any data we capture is stored in our own server environment. Our servers are managed within Amazon Web Services, in an EU data center with our own firewall that is scanned weekly for weaknesses. All data in our databases is encrypted at rest using AES-256. Where we are provided with copies of documents, these are stored in an Amazon S3 bucket and are also encrypted at rest. We run continuous backups for point-in-time recovery.
We retain the services of DataGuard
(https://www.dataguard.com/) for guidance on data privacy and information security management processes, and we use their online tools such as the staff security awareness program.
Our privacy notice can be found here (https://lifetimelegal.co.uk/privacy-policy/), and this sets out more detail regarding the way data is processed, as well as your rights as a data subject.
In order to carry out the initial checks, we have a direct integration with Landmark Information Services via a secure API. This is used to request data from the Land Registry and to run a search against datasets held by Experian. Landmark’s privacy policy can be found here: (https://www.landmark.co.uk/privacy-policy/).
We also have direct integrations with Hooyu Ltd and Credas Technologies Ltd for the purpose of carrying out facial recognition checks. Both firms are certified against the UK Government Digital Identity and Attributes Trust Framework, https://www.digital-identity-services-register.service.gov.uk
Under HMRC guidelines for Anti-Money Laundering, Estate Agents have an obligation to retain evidence of due diligence for 5 years after the end of their business
relationship with their client. We have a contractual relationship with the Estate Agent to provide compliance services and to that end we will retain data for as long as the Estate Agent needs to rely on us. In practice this means that we will retain data for a minimum of 5 years. In the event of a deletion request however, we will verify with the Estate Agent that they have retained everything they need and do not need to rely on us to retain data any longer, and we will then delete the data we hold in line with the timescales set out under GDPR.
We do not sell personal data to any third parties.
Emails:
Our emails use TLS, or Transport Layer Security, encrypts emails in transit, protecting them from eaves dropping and tampering during transmission between email servers. It’s a standard protocol that most email services support, enhancing email security by creating a secure, encrypted connection between sending and receiving servers.
Phone Lines:
Calls are encrypted using Transport Layer Security (TLS) for controlling the call and Secure RT (SRTP) for the conversation to protect from unauthorised access and eaves
dropping. Calls are encrypted at all times, including internal calls and from the line provider all the way through to our staff phones.
Staff use software phones, to which access is controlled using encrypted username and password and multi-factor authentication before any call can be made or received.
Call recordings are held in a Google cloud bucket and are encrypted at rest. Select members of the Senior Leadership Team have access to the bucket via multi-factor
authentication. Approved staff can access individual recordings and with access restricted at department level.
South Africa:
The staff operating in Cape Town use our own proprietary software, to which access is controlled using encrypted username and password, and multi-factor authentication. All data that is captured is entered directly into our software platform, a cloud-based platform which is hosted by Amazon Web Services, in UK-based data centres, and encrypted at rest. This is the same for all staff – no data is saved locally by staff either in Cape Town or in our Wokingham office.