Privacy Policy


Who We Are:

Viosec Systems Limited (‘we’ or ‘us’ or ‘our’) gather and process your personal information in accordance with this privacy notice and in compliance with the relevant data protection Regulation and laws. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.


Viosec Systems Limited’s registered office is at Pama House, Stockport Road East, Bredbury, Stockport, Cheshire SK6 2AA and we are a company registered in England and Wales under company number 11148017.


Information That We Collect:

Viosec Systems processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice. 


Below is a list of information we collect about you:


  • Contact Name 
  • Contact Phone Number 
  • Contact Email Address 
  • Business Name 
  • Business Address & Post Code 
  • Username 
  • Password 
  • Unique customer identifier(s) that tie you to customer account(s) on our systems 
  • IP Address 
  • VAT Number 
  • Various contact information as in above for Registrant, Admin, Tech and Billing contacts.



We collect information in the following ways - Online using web forms for applying for services or via email for applications of employment or new customer registration forms which may be completed via the trade counter or emailed directly to you. Should we collect your personal information during an enquiry we shall remove your personal data within 12 months of us recording it unless you subsequently become a customer or you wish to carry on receiving information on existing or new products. 


How We Use Your Personal Data (Legal Basis for Processing)

Viosec Systems takes your privacy very seriously and will never disclose, share or sell your data without your consent; unless required to do so by law. We only retain your data for as long as is necessary and for the purposes specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time by sending an email to admin@viosecsystems.com. The purposes and reasons for processing your personal data are detailed below:


1. As necessary to perform our contract with you for the relevant service: 


  • To ascertain the suitability for a contract to provide a service; 
  • To ensure that orders are completed and can be delivered to you as expected in the course of a contract; 
  • To manage and perform that contract; 
  • To trace your whereabouts to contact you about the contract we provide you with and in recovering debt. 


2. As necessary to comply with legal obligations: 


  • In the collection and storage of your personal data for business accounting and tax purposes in-line with UK law. 
  • For the prevention, detection and investigation of fraud. 


3. Based on your consent: 


  • To send you marketing information where we have asked for your consent to do so. Specifically promotion of new services or product promotions. 


You are free to withdraw your consent at any time, the consequences of which may mean we are unable to provide certain services to you. 


Data Subjects Rights (Your Rights)

You have the right to access any personal information that Viosec Systems Limited processes about you and to request information about: 


  • What personal data we hold about you 
  • The purposes of the processing 
  • The categories of personal data concerned 
  • The recipients to whom the personal data has/will be disclosed 
  • How long we intend to store your personal data for 


If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to update/correct it as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified. 


You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with data protection laws, as well as to object to any direct marketing from us, to exercise your data portability rights and to be informed about any automated decision-making we may use.


If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure. 


Sharing and Disclosing Your Personal Information

We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. Viosec Systems uses several to provide the below services and business functions; however, all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.


Depending on the service we provide you, will depend on whether we disclose your personal data to third-parties. Below is a list of services where we disclose your personal data in the form of your contact information, to third-parties and who those third-parties might be: 


Common to all services: 


  • Credit reference agencies, debt collection agencies such as Thomas Higgins (To verify a Company's or individuals credibility and in the pursuit of debt collection). Acting in the capacity of Data Processor. Mailchimp for any marketing emailed to you.
  • Government bodies, such as regulators, e.g. The Information Commissioners Office. 
  • The Courts of England & Wales (To comply with legal requirements, and for the administration of justice). Acting in the capacity of Data Processor. 


Payment Processing: 


  • Acquiring Banks depending on your choice of acquirer, e.g. Barclaycard, WorldPay, FirstData, etc... (To Provide Merchant Services to facilitate card processing). Acting in the capacity of Data Processor. 
  • Fraud prevention companies (To provide an anti-fraud mechanism to help protect you from fraud on your merchant account). Acting in the capacity of Data Processor. 


Card Processing

The Total Web Solutions EcomMerchant Card Processing System brings together a combination of industry-approved security technologies to deliver a product that keeps your data safe.  The service is operated to the highest standards and ran in conjunction with the Payment Card Industry Data Security Standard (PCI DSS) operated by Visa and MasterCard and endorsed by other key providers.

To highlight some of the security features employed, there are four primary areas of concern when it comes to securing data over the Internet:

  • Secure login and user authenticity.
  • Encryption while data is in transit and when stored on a      server
  • Network Security
  • Physical security of the Total Web Solutions servers and      network equipment.


Authenticity and Secure Channel

To begin a card authorisation session with a Total Web Solutions EcomMerchant service, the web site that has called the service must be authenticated.  Authentication takes several forms: passing of a valid set of credentials that authenticates the merchant (the entity that you are making a purchase from); validation of the network the request has come from; validation of the IP address and Domain name the details were posted from; will check to see that the post was submitted from a secure server facility to ensure end to end security.  Throughout the authentication process Information is securely transmitted (using SSL Secure Socket Layer encryption) between the web site visitor (the purchaser), the visited web site and ultimately the Total Web Solutions' authorisation servers.  This is achieved with the passing of certificates between the client and the server or the user and the servers involved in the authorisation process.


Secured Data Transfer & Storage

Once the server session is established, the user and the server are in a secured environment. Because the web site you are making a purchase from has been certified by a certificate authority such as Verisign or Thawte, data travelling between the user and the server will be encrypted with Secure Sockets Layer (SSL) protocol.  To ensure the certificate on the web site you are making a purchase from is secure see the Internet Security section below.  With SSL, data that travels between you and ultimately the clearing bank is encrypted (mathematically jumbled) and can only be decrypted with the public and private key pair. In short, the Total Web Solutions server issues a public key to the end user's browser and creates a temporary private key. These two keys are the only combination possible for that session. When the session is complete, the keys expire and the whole process starts over when a new end user makes a server session. The encryption/decryption happens in the background and therefore requires no knowledge by the end user. 

Once a transaction has taken place the credit card information is stored on a Total Web Solutions server.  The storage of any credit card numbers is handled through an encryption algorithm.  Once the credit card number has been encrypted it is stored in the Database in an encrypted format.  Unless a would be criminal had access to both the public and private keys it would be impossible for them to gain access to this sensitive information.  Even if they stole the credit card clearing server or managed to gain access to the database.  Any credit card information handled during the clearing process is safe from third parties due to SSL function encrypting all data handled between all servers.  The private key is essentially a password which is used to unlock an encrypted source of information.  Keys or key passwords are only available to and split between key custodians so no-one person can decrypt card details.  Keys are restricted to a select group of individuals and are managed in line with the policies subscribed in the PCI DSS standard.


Router and Firewall

All transactions put through the Total Web Solutions EcomMerchant systems are filtered through network hardware which monitor and filter packets throughout the EcomMerchant environment. As a minimum, a router, which is a hardware device, works in conjunction with the firewall, another hardware device, to block and direct traffic coming to the authorisation servers. The configuration begins by disallowing ALL traffic and then opens holes only when necessary to process acceptable data requests, such as retrieving web pages or sending customer requests to authorise cards.  Total Web Solutions deploys a high performance, resilient network gateway and provides security of the highest level for its Internet services.  The exact configuration cannot be covered here due to the nature of security policy that is in place.


Physical Security of the Servers and Networks

All Total Web Solutions servers are maintain by its internal staff.  Access to the servers is via a select group of individuals.  Our Network Operations Centre is manned 24 Hours a day by security and access to the centre is via a security pass and cardkey.  It is not possible to gain access to the centre without a pass and card key.  The centre is monitored 24 hours a day by CCTV.  The servers are stored in rack cabinets which are locked via a key code entry mechanism and the servers are all password protected with the passwords only available to Total Web Solutions Ecom Administrators.


Internet Security

How do I know the page I'm looking at is encrypted?

Your browser will tell you. In the bottom of the browser window or in your browsers URL bar, there will be an icon that tells you if the page has been encrypted. Don't purchase products or supply your debit or credit card details to a web site which does not display a closed padlock or unbroken key.

Access to the digital certificate for the site you are purchasing from is possible by clicking on the padlock or key in your browser.  This will display information pertaining to the digital certificate and the expiry date of the certificate.  Do not submit card details to a site which has an expired certificate.


Safeguarding Measures

Viosec Systems takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including but not limited to: 


  • Secure Socket Layer (to latest TLS standard) 
  • Encryption of sensitive data DOB
  • Hardware Firewalls 
  • Anti-Virus software 
  • Regular software security updates 
  • Password protection and authentication 
  • Regular Vulnerability Scans


Consequences of Not Providing Your Data

You are not obligated to provide your personal information to Viosec Systems, however, as this information is required for us to provide you with our services, we will not be able to offer some/all of our products or services without it. 


How Long We Keep Your Data:

Viosec Systems only ever retains personal information for as long as is necessary. We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed.

Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.


Your Right To Complain

Viosec Systems only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority. 


Data Protection Officer Name 

Viosec Systems Limited 

Pama House,

Stockport Road East,

Bredbury,

Stockport 

Cheshire 

SK6 2AA


T: 0161 639 1234 or E: admin@viosecsystems.com 


Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF - T: 0303 123 1113 


Cookie Notice 

A cookie’ is a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing. When you visit a site that uses cookies for the first time, a cookie is downloaded onto your computer/mobile device so that the next time you visit that site, your device will remember useful information such as items added in the shopping cart, visited pages or logging in options. 


Cookies are widely used in order to make websites work, or to work more efficiently, and our site relies on cookies to optimise your user experience and for features, products and services to function properly. 


Most web browsers allow some control to restrict or block cookies through the browser settings, however if you disable cookies you may find this affects your ability to use certain parts of our website or services. For more information about cookies visit https://www.allaboutcookies.org. Classification: Public 


Our web site operates a soft opt-in giving you an opportunity to discontinue using it before cookies are set on a first visit to our web site. Continuing to use this web site by accepting this opt-in means you are agreeing to the use of.