top of page
Business Meeting

Security Policy

How Do We Ensure Your Data Is Safe

At Match My Venue, we are committed to ensuring the security and protection of all data collected, processed, and stored within our systems. This policy outlines the measures we take to safeguard personal and business data and the steps we follow in the event of a security incident. Our security practices comply with applicable data protection laws, including the GDPR.

1. Technical Security Measures

We implement industry-standard security measures to protect our systems and the data entrusted to us:

  • Encryption: We use Secure Socket Layer (SSL) encryption on our website to protect data during transmission.

  • Antivirus and Malware Protection: We use Microsoft Defender as our primary antivirus software and Norton Virus Protection on our phones to ensure all devices are protected against malware and cyber threats.

  • Firewalls and Intrusion Detection: We employ firewall protection to safeguard our systems from unauthorised access.

2. Data Access Controls
  • Role-Based Access Control (RBAC): Access to data is restricted based on user roles, ensuring that only authorised personnel (senior management and relevant team members) can access sensitive information. This minimises the risk of data breaches.

  • Multi-Factor Authentication (MFA): We use MFA for all access points, ensuring an extra layer of protection beyond passwords.

3. Data Storage and Backup
  • Data Backups: All client and venue data is regularly backed up on Microsoft Cloud services, with data stored securely within the EU. We also rely on HubSpot for data storage and backup, which follows GDPR guidelines and stores data within the EU.

  • Backup Security: Backups are encrypted and stored securely to prevent unauthorised access.

4. Third-Party Security
  • We work with trusted third-party service providers such as HubSpot and Wix, both of which are fully GDPR compliant and store data within the EU.

  • Annual Compliance Review: We review the security policies of third-party providers annually to ensure their continued compliance with our security standards and data protection regulations.

5. Incident Response

While we take every precaution to safeguard data, we recognise the importance of having a plan in place to address security incidents:

  • Detection and Reporting: We monitor our systems for any signs of a breach or unauthorised access. If a security incident is detected, it is reported to the Data Protection Officer (DPO) immediately.

  • Containment and Assessment: Upon detection of a breach, we take steps to contain the incident, assess the scope, and identify the root cause.

  • Notification: If personal data is compromised, we will notify affected individuals as required by law and provide guidance on protective measures.

  • Recovery and Documentation: We will restore data from secure backups where necessary and document the breach, including the actions taken and outcomes.

  • Review: Following any security incident, we will conduct a review to improve our security measures and prevent future breaches.

6. Employee Training

We ensure that all staff members who have access to sensitive data are trained on best practices for data security, including secure handling of data, recognising phishing attempts, and following protocols for data access and backup.

7. Policy Updates

We regularly review and update our security measures to ensure they reflect the latest industry standards and regulatory requirements. This policy will be reviewed annually to ensure ongoing compliance with data protection regulations.

8. Contact Us

If you have any questions regarding our Security Policy or wish to report a security concern, please contact us:

Match My Venue
Events Networking Limited
32 Hayes Square, Exeter, EX5 7AT
Phone: 020 4591 3554
Email: adam@theeventsconsultant.com

bottom of page