Security Policy

📋Introduction

At Functional Flooring Ltd, we are committed to protecting your data and respecting your privacy. This Security Policy outlines how we maintain the security of our systems, protect sensitive information, and comply with applicable data protection regulations.

🛡️Our Security Commitment

We implement industry-standard security measures to ensure that your data is protected against unauthorized access, alteration, and disclosure. Our security protocols are regularly reviewed and updated to meet current best practices and regulatory requirements.

📊Data Collection & Purpose

We collect personal data only for specific, lawful purposes. This includes information necessary to provide our services, improve user experience, and comply with legal obligations. All data collection is transparent and complies with GDPR and UK data protection laws.

• •Customer account information
• •Transaction and billing data
• •Communication preferences
• •Usage analytics and behavior data

💾Data Storage & Retention

We store data in secure, encrypted databases with restricted access. Data is retained only for as long as necessary to fulfill the purposes for which it was collected, unless longer retention is required by law.

🔐Encryption & Transmission

All sensitive data is encrypted both in transit and at rest using industry-standard encryption protocols (TLS 1.2 and above). This ensures that your information cannot be intercepted or read by unauthorized parties.

🔑Access Control & Authentication

We implement strict access controls limiting employee access to personal data on a need-to-know basis. Multi-factor authentication is required for all administrative accounts, and all access is logged and monitored.

• •Role-based access control (RBAC)
• •Multi-factor authentication (MFA)
• •Comprehensive audit logging
• •Regular access reviews

🔍Vulnerability Management

We conduct regular security assessments, penetration testing, and code reviews to identify and address vulnerabilities. All security issues are prioritized and remediated promptly.

🚨Incident Response Plan

We maintain a comprehensive incident response plan to quickly address any security breaches. In the event of a data breach, we notify affected individuals and relevant authorities within required timeframes.

👥Employee Training & Awareness

All employees receive mandatory security and data protection training upon onboarding and annually thereafter. We maintain a culture of security awareness throughout the organization.

🤝Third-Party Security

We carefully vet all third-party vendors and service providers for security compliance. All vendor agreements include data protection and security requirements. Regular audits ensure ongoing compliance.

📜Regulatory Compliance

We comply with GDPR, UK Data Protection Act 2018, and other applicable privacy regulations. Our security practices are aligned with ISO 27001 standards and industry best practices.

✋Your Rights

You have the right to access, rectify, and delete your personal data. You can request a copy of your information, object to processing, or request data portability. To exercise these rights, contact us at the address below.

🍪Cookies & Tracking

We use cookies to enhance user experience and analyze website traffic. You can control cookie preferences in your browser settings. For detailed information, see our Cookie Policy.

📧Contact Us

If you have security concerns, data protection questions, or wish to report a vulnerability, please contact our security team immediately.