Our Data Protection Policy kitchenaidredeptions.co.uk

We understand how important the security of your personal information is to you. We've put a variety of measures in place to protect them from accident or attack.

Why do We Collect Your Data?

We only collect your data to be able to validate and process your redemption claim. We share your data with UPS for the sole purpose of delivering your free KitchenAid product.

We never give, rent, or sell access to your data to anyone else, nor do we make use of it ourselves for any purpose other than to provide our services. See our full privacy policy for more information.

Your data is retained by us for a period of one month (30 days) after the final date for claims, and is then deleted.

Your data is also shared with KitchenAid. To understand how your data is protected once it has been sent to KitchenAid, please read the KitchenAid Data Privacy Policy

How Do We Keep Your Data Private and Secure?

We only use state of the art data centres and cloud providers. The data centres we use are all highly secure sites, featuring 24/7 security, access control and monitored secure networks

Data Centre Compliance

The data centres we use are located in the UK. They are ISO 27001 and 9001 certified, and PCI-DSS compliant. They are also certified to the environmental standards of ISO 14001.

Physical Security

The data centres we use implement physical controls designed to prevent unauthorized access to, or disclosure of, personal data.

Dedicated Security Team

Access to servers and data is controlled and managed by a 24/7 security team, with a full audit trail retained to meet compliance requirements.

Security Policies

The security team at the data centres we use automatically check over 200 security best practice policies and generate non-compliance reports.

Awareness and Training

All staff and contractors at the data centres we use go through a vetting process where they are subject to background checks and confidentiality agreements.

There is an ongoing program of security awareness training designed to keep all members of staff informed and vigilant of security risks. This includes regular assessment of comprehension to measure the program's effectiveness.

Security Testing

API and event logging are used to monitor for and alert the security team about any security-related changes in the data centre environment.

Potential security risks are identified by non-intrusive vulnerability and penetration tests.

Website Security

This website is protected by a fully managed redundant shared firewall.

A firewall provides a critical element of a hosting solution, as unprotected servers are vulnerable to online attacks, leading to downtime or a compromise of data. A firewall is a protective system that lies, in essence, between your network and the Internet, preventing unauthorized use and access to your network.

Its job is to analyse data entering and exiting the network based on your configuration. Playing an important role on your network, a firewall provides a protective barrier against most forms of attack coming from the outside world.

Our Security Controls

User Access

We put considerable effort into ensuring the integrity of sessions and authentication credentials. Password storage and verification is based on a one-way encryption method, meaning passwords are stored using a strong salted hash.

The databases are further protected by access restrictions, and key information is encrypted when stored. Data is uploaded directly into the application using a web browser which uses secure transfer protocols.

Logging Management

All key actions on the application are logged and audited, for instance whenever our staff access an account for maintenance or support functions, such activities are logged so we can refer to them later.