Terms of Service
You agree to the following terms and conditions when using our services.
WE AGREE TO BE CONTRACTED FOR THE DESIGN AND DEVELOPMENT OF YOUR PROJECT (THE “PROJECT”) AND / OR THE MAINTENANCE OF YOUR WEBSITE UNDER THE FOLLOWING TERMS AND CONDITIONS IN ACCORDANCE WITH THE PROPOSAL AND / OR SERVICE LEVEL AGREEMENT AGREED IN WRITING BETWEEN THE PARTIES (THE “PROPOSAL / SLA”). ONCE THE PROPOSAL DOCUMENT AND / OR SERVICE LEVEL AGREEMENT DOCUMENT (THE “AGREEMENT”) IS SIGNED AND DEPOSIT PAID, THE PROJECT SHALL BE DEVELOPED BY US (“SPACESHIP DIGITAL LTD) FOR YOU (THE “CLIENT”) OR IN THE CASE OF SERVICE LEVEL AGREEMENT THEN SUPPORT FROM US (“SPACESHIP DIGITAL LTD) FOR YOU (THE “CLIENT”) SHALL BEGIN.
1. The Project
1.1 In consideration of the Client paying Spaceship Digital Ltd the relevant Fees (as set out in the Project Proposal or Service Level Agreement), Spaceship Digital Ltd shall:
(a) develop the project in accordance with the Client Requirements set out in the Project Proposal or Service Level Agreement on behalf of the Client (the “Project”); and
(b) where agreed between the parties, provide the Services to the Client.
1.2 The Project Specification can be found in the Project Proposal or Service Level Agreement document.
1.3 Any amendments or variations to the Project Specification must be made in writing and agreed between the Parties. Where one Party does not agree with the proposed amendment or variation, the Parties shall meet and discuss the proposed changes in good faith. Where any changes to the Project Specification agreed would result in additional expense to Spaceship Digital Ltd over and above the Fees as outlined in the proposal, Spaceship Digital Ltd shall be entitled to charge the Client for the additional expenses at its standard rates from time to time.
2. Delivery and Acceptance
2.1 Upon completion of the Project, the Client shall make full payment of the fees to Spaceship Digital Ltd upon which Spaceship Digital Ltd shall handover files as agreed.
2.2 If the Client requires the completed project to be loaded onto third party hosting services provided by the client, Spaceship Digital Ltd reserves the right to charge additional fees to the Client for this service. The Client is responsible for ensuring that the intended file server or disk space is properly configured.
2.3 Once Spaceship Digital Ltd has delivered the project to the Client, the Client shall have a period of 14 working days (the “Acceptance Test Period”) to test the project to ensure it conforms to the Project Specification (the “Acceptance Test”). Acceptance of the project may only be withheld by the Client if it can demonstrate that the project does not conform materially to the Project Specification. Upon completion of the Acceptance Test, the Client shall confirm to Spaceship Digital Ltd that the Project is complete (the “Project Release”).
2.4 Acceptance of the project shall be deemed to have taken place upon the occurrence of any of the following events:
(a) the expiry of the Acceptance Test Period and the Client has not raised with Spaceship Digital Ltd any material differences between the project and the Project Specification; or
(b) the Client uses any part of the project other than for test purposes.
2.5 Upon receipt of the Project Release or deemed acceptance, Spaceship Digital Ltd shall have no further obligations to undertake any work in relation to the Project. The Client may however request that Spaceship Digital Ltd undertake further work relating directly or indirectly to the Project. If it agrees to undertake such work, Spaceship Digital Ltd reserves the right to charge the Client for any additional work carried out at its commercial rate at that time.
Any “renovations” or “extensions” to the project requested in the future as a result of change of mind, change in personal taste, change in business direction, change in design or written content, marketing statistics, marketing requirements, future research, future user studies or similar is additional work that will be costed for separately.
3. Delivery of Content, Materials and Feedback
3.1 The Client undertakes to deliver to Spaceship Digital Ltd all content, data, images and other information and all trade marks, trade names, logos and other branding of the Client (the “Customer Content”) required for the Project.
3.2 The Client acknowledges that Spaceship Digital Ltd’s ability to complete the Project is dependent upon the full and timely co-operation of the Client and the Client undertakes to notify Spaceship Digital Ltd promptly in writing of any delays in delivering the Client Content or specification input. Where the Client has notified Spaceship Digital Ltd of any delay, the Client will provide Spaceship Digital Ltd with a revised timetable for supplying such Client Content or input.
3.3 Spaceship Digital Ltd will not be responsible for any delays, missed milestones (where specified in the Project) or additional expenses incurred due to the late delivery or non-delivery of the Client Content or input where required by Spaceship Digital Ltd for the Project.
3.4 For clear tracking and to help with administration – feedback and comments are only accepted via our support system and not via email or verbally. It ensures we have a record of all feedback in one central location that can be delegated and managed easily, also ensuring we maintain accuracy and stay within our agreed timeline. Spaceship Digital is not responsible for missing any feedback submitted via email or communicated verbally.
3.5 To ensure availability for all stakeholders – calls or meetings that are required will be scheduled one week in advance on available dates and times for all parties involved in the particular stage of a project.
3.6 You agree that any deviation from the agreed timeline as a result of delays from 3rd parties or the client is not the fault of Spaceship Digital Ltd and will push out the timeline and the final deadline.
4. Fees and Payment
4.1 The Client will pay the Project fees set out in the Project Proposals Payment Schedule (the “Fees”) to Spaceship Digital Ltd.
4.2 Notwithstanding any specific payment milestones set out in the Project Specification, the Fees shall be payable by the Client in the following instalments :
(a) 50% of the Fees estimated in proposal to be paid at least 5 days before commencement of the Project by Spaceship Digital Ltd;
(b) remainder of the Estimated Fees to be paid monthly as the service hours are spent and on completion (before or on handover of files or go live) ; and
(c) any outstanding balance of the development Fees to be paid no later than 10 days after the expiry of the Acceptance Test Period.
4.3 The Client shall make all payments due in full without any deduction whether by way of set-off, counterclaim, discount, abatement or otherwise.
4.4 Without prejudice to any other right or remedy that Spaceship Digital Ltd may have, if the Client fails to pay the Fees on the due date, Spaceship Digital Ltd may, at its option:
(a) claim interest at its discretion on any unpaid amounts under the Late Payment of Commercial Debts (Interest) Act;
(b) suspend the Project until payment has been made in full;
(c) disable the project in whole or in part until payment has been made in full; or
(d) terminate this Agreement immediately upon notice.
4.5 All invoices are sent to the Client via email to the Client’s specified email address. The Client will notify Spaceship Digital Ltd of any changes to the invoicing address.
4.6 Spaceship Digital Ltd will return the Deposit to the Client, if the project does not go ahead on account of Spaceship Digital Ltd. If works have already commenced, and the contract is cancelled by the Client, the deposit will be returned minus costs for works completed.
5. Intellectual Property Rights
5.1 The Client grants to Spaceship Digital Ltd a non-exclusive, revocable, royalty-free licence to use and reproduce the Client Content solely for the purpose of performing its obligations under this Agreement.
5.2 Upon full payment, the project design, software and coding produced by Spaceship Digital Ltd in respect of the project (excluding any Client Content) (the “Developer Materials”) will be licenced to the Client under the our End User Licence Agreement unless otherwise agreed within the signed proposal.
5.3 The Client undertakes not to access, modify, alter all or part of Spaceship Digital Ltd Materials with a view to creating a separate project or licensing the project to a third party or diminish the design and function of the project, without the prior written consent of Spaceship Digital Ltd.
5.4 Spaceship Digital Ltd can register and renew domain names on behalf of and as requested by the Client. Fees and expenses incurred in registration and/or renewal will be included as part of the Fees. On payment of the Fees and delivery of the Project Release by the Client, Spaceship Digital Ltd undertakes to transfer all registration details for the project, including but not limited to technical and administrative details, to the Client if requested.
6.1 Each party warrants that it has full power and authority to enter into and perform this Agreement.
6.2 Spaceship Digital Ltd warrants that it will perform its obligations under this Agreement with reasonable skill, care and diligence and that the Client’s use of Spaceship Digital Ltd Materials will not infringe any third party intellectual property rights.
6.3 The Client warrants that it, or its licensors, is the owner of any intellectual property rights in the Client Content and that the Client has authority to use the Client Content in relation to the project and that Spaceship Digital Ltd’s use of the Client Content in accordance with this Agreement will not infringe any third party intellectual property rights.
6.4 The Client confirms that to the best of their knowledge and belief that the Client Content does not contain anything which may reasonably be considered blasphemous, defamatory or obscene and does not breach any applicable law or regulation.
6.5 Save as expressly provided in this Agreement, all warranties, conditions, or other terms implied by statute, common law or otherwise are excluded.
7. Indemnities and Limitation of Liability
7.1 Nothing in this Agreement shall exclude or restrict the liability of either Party to the other Party for death or personal injury resulting from negligence or for liability for fraudulent misrepresentation or for any other liability which cannot be excluded by applicable law.
7.2 Subject to clause 7.1 and 7.4, neither Party shall be liable, whether in contract, tort (including negligence), statutory duty or otherwise, under or in connection with this Agreement for any loss of revenue, loss of actual or anticipated profits, loss of business, loss of operating time or loss of use, loss of opportunity, loss of reputation, loss of, damage to or corruption of data or any indirect or consequential loss or damage howsoever caused.
7.3 Notwithstanding clause 7.2 above, Spaceship Digital Ltd shall have no liability for any loss or damage caused to the Client due to:
(a) any network failure and/or inability on the part of the Client to access the project due to a problem with the Internet and/or any telecommunications network;
(b) any viruses, worms, Trojan horses or other similar devices.
7.4 The Client shall indemnify and keep Spaceship Digital Ltd fully indemnified against any and all third party claims of infringement of intellectual property rights affecting the Client Content or the Hosting Services.
7.5 The aggregate liability of Spaceship Digital Ltd under this Agreement shall in no event exceed €250.
7.6 Notwithstanding clause 7.5 above, the total aggregate liability of Spaceship Digital Ltd under this Agreement shall in no event exceed €1,000.
7.7 The Client acknowledges that it is for the Client to ensure that the project does not infringe the laws of any jurisdiction within which it is actively promoted.
7.8 From time to time governments enact laws and levy taxes and tariffs affecting Internet electronic commerce. The client agrees that the client is solely responsible for complying with such laws, taxes, and tariffs, and will hold harmless, protect, and defend WDI and its subcontractors from any claim, suit, penalty, tax, or tariff arising from the client’s exercise of Internet electronic commerce.
8.1 If the Client is not taking services from Spaceship Digital Ltd, this Agreement will terminate automatically upon delivery of the Project Release to Spaceship Digital Ltd, unless otherwise extended by the Parties in writing. Otherwise, this Agreement shall continue unless or until terminated by either Party in accordance with the terms of this Agreement.
8.2 Notwithstanding clause 8.1 above, either Party may terminate the Agreement immediately in the event that the other Party:
(a) commits a material or persistent breach of its obligations under this Agreement which is incapable of remedy (and non-payment shall be deemed a material breach);
(b) fails to remedy a breach of any of its obligations under this Agreement, where it is capable of remedy, or persists in any breach of any of its obligations under this Agreement after having been required in writing to remedy or desist from such breach within a period of 30 days;
(c) is unable to pay its debts within the meaning of section 123 of the Insolvency Act 1986;
(d) makes or proposes any voluntary agreement or enters into a compromise for the benefit of its creditors;
(e) being a company, becomes subject to an administration order or goes into liquidation, (other than for the purpose of amalgamation or reconstruction);
(f) has a receiver appointed to administer any of its property or assets
(g) ceases or threatens to cease to carry on business; or
(h) has failed to meet expectations. In this case the client will pay Spaceship Digital Ltd for all work completed at the hourly rate of Spaceship Digital Ltd. Spaceship Digital Ltd will then pass all material developed under the project to the client.
8.3 On the termination of the Agreement other than under clause 8.1 above, the Client undertakes to return promptly any test examples of the project and any document, manuals or other printed materials which have been delivered to the Client by Spaceship Digital Ltd and to return or destroy any copies thereof (as requested by Spaceship Digital Ltd).
8.4 Any termination of the Agreement shall be without prejudice to any rights accrued in favour of either Party and will not affect those provisions of the Agreement which are by their construction intended to survive such termination.
9.1 Each Party undertakes that it shall not at any time during this Agreement, and for a period of 2 years after completion of the Project, disclose to any person any confidential information concerning the business, affairs, trade secrets, technical, commercial, financial, operational, marketing or promotional information or data of either Party or the terms of this Agreement, except as may be required by law, court order or any governmental or regulatory authority.
9.2 The provisions of clause 9.1 shall not apply to confidential information received by a Party which: (i) that party can prove was known before receipt; (ii) is in or enters the public domain through no wrongful default by or on behalf of that party; or (iii) was received from a third party without obligations of confidence owned directly or indirectly to that Party.
9.3 Neither Party shall use the other Party’s confidential information for any purpose other than to perform its obligations under this Agreement.
10.1 Upon acceptance of the project by the Client, the Client shall procure and maintain a hyperlink from the project homepage to Spaceship Digital Ltd’s homepage in the form, “designed and developed by Spaceship.ie” or similar.
10.2 Spaceship Digital Ltd shall be permitted to refer to their working relationship and/or discuss the Project in any press or publicity, without obtaining the approval of the Client to the content of the disclosure unless otherwise agreed in The Proposal.
11.1 Any notice given by either Party must be in writing and must be delivered personally or sent by prepaid first class post to the address provided by that Party.
11.2 Notices shall be treated as received, if delivered by hand, when delivered, if sent by first class post, 48 hours after posting.
11.3 All other commercial communications relating to the Project between the Parties (other than stipulated notices under this Agreement) may be sent by email and will be deemed to have been received when sent.
12.1 Neither party may assign or otherwise transfer this Agreement or any rights, duties and obligations hereunder without the prior consent in writing of the other party.
13. Force Majeure
13.1 Neither Party shall be liable for delay or failure to perform any obligation under this Agreement if the delay or failure is caused by any circumstances beyond its reasonable control, including but not limited to acts of god, war, civil disorder or industrial dispute. If such delay or failure continues for a period of at least 90 days, the Party not subject to the force majeure shall be entitled to terminate the Agreement by notice in writing to the other.
14. Joint Venture or Partnership
14.1 Nothing in the Agreement shall be construed as creating a partnership, joint venture or an agency relationship between the Parties and neither Party shall have the authority or power to bind the other Party or to contract in the name of or create a liability against the other Party.
15.1 The Client undertakes not to solicit any Spaceship Digital Ltd staff (temporary, part-time or full-time) for the purposes of employment directly or indirectly with the Clients business or any associated businesses. The Client agrees that should such solicitation be made or should an employee or contractor to Spaceship Digital Ltd take up employment with the Client or any of its associated businesses that the client will compensate Spaceship Digital Ltd in the amount of one full year’s salary and bonuses or fees offered to that employee or €80,000, whichever is greater.
16. Service hours and availability
16.1 Our business hours are 8am to 4pm Monday to Thursday and 8am to 1pm on Fridays. Communication received outside of these business hours will be collected, however no reply or action can be guaranteed until the next working day.
16.2 You agree to acknowledge that on some occasions, we may be unavailable at times to answer questions immediately due to other commitments. When this occurs, we agree to get back to you at the earliest possible time, via our support system or if required via phone call or Zoom.
16.3 We reserve the right to not work after business hours and follow the code of practice on the right to disconnect outlined by the Irish government.
17.1 Failure or delay by either Party to enforce any right or remedy under the Agreement shall not be taken as or deemed to be a waiver of that right or remedy, unless the waiving party acknowledges the waiver in writing. Waiver of a breach of any term of this Agreement shall not operate as a waiver of breach of any other term or any subsequent breach of that term.
17.2 If any provision of this Agreement is or becomes illegal, invalid or unenforceable in any jurisdiction, that shall not affect the legality, validity or enforceability in that jurisdiction (or in any other jurisdiction) of any other provision of this Agreement.
17.3 No addition to or modification of any clause in the Agreement shall be binding on the Parties unless made by in writing and signed by both Parties.
17.4 This Agreement constitutes the entire agreement and understanding of the Parties in respect of the subject matter of this agreement and supersedes and extinguishes any prior agreements, undertakings, promises or conditions between the Parties relating to the subject matter. Each party acknowledges to the other that it has not been induced to enter into this Agreement nor has it relied upon any representation, promise, assurance, warranty or undertaking not contained in this Agreement.
17.5 A person who is not a party to this Agreement has no rights to enforce, or to enjoy the benefit of, any provision of this Agreement.
This Agreement and any dispute or claim arising out of or in connection with it (including non-contractual claims or disputes) shall be interpreted, construed and enforced in accordance with Republic of Ireland law and shall be subject to the exclusive jurisdiction of the Irish Courts.
19. Changes to terms and conditions
You can review the most current version of the Terms of Service at any time on our website. We reserve the right, at our sole discretion, to update, change or replace any part of these Terms of Service by posting updates and changes to our website. It is your responsibility to check our website periodically for changes. Your continued use of or access to our website or the Service following the posting of any changes to these Terms of Service constitutes acceptance of those changes.
20. Contact Information
Questions about this terms and conditions should be sent to us at firstname.lastname@example.org
We follow the data protection commission’s guidelines on data protection and comply with the EU’s GDPR legislation. Our insurance requires us to have a stringent process in place with regard to data protection.
Spaceship Digital Ltd is committed to protecting your privacy by ensuring that any personal data is collected and used lawfully and transparently. When delivering our professional service, we are the Data Controller of the personal data that you supply to us under your contract with us.
When providing these services, we take our responsibilities regarding data protection very seriously and are bound by all applicable data protection laws in respect of the handling, processing and collection of data. All employees who handle personal and business data are fully trained to ensure that the data is processed in line with the General Data Protection Regulations 2018 (GDPR) as well as The Data Protection Act 2018 (DPA 2018).
Personal data we collect:
The type and frequency of any personal data collected will always depend on how our website and services are used. If you do not wish to provide us with certain categories of personal data, you may not be able to use our services in their entirety.
Personal data provided to us:
We use electronic contact forms and chat facilities across our websites. These forms will prompt users to input basic contact details so we can generate service quotes, provide newsletter updates and respond to enquiries. You may also provide data to us when registering for an event, seminar or vacancy or when corresponding with us by phone, email, letter or social media. It is important that the personal data we hold about you is accurate and current. You should keep us informed if your personal data changes during your relationship with us.
Personal data collected by us:
Where you ask us to provide services, we may be required to process additional categories of personal data relating to you or other parties to ensure the provision of informed legal advice. We may also collect additional data from you as part of our recruitment process, during your employment or when you visit our offices via CCTV. We may also ask to verify your identity in limited circumstances by providing valid photographic identification.
Personal data from other sources:
We may receive information about you and/or your company from specific third parties such as business partners, sub-contractors, advertising networks, analytics providers, hosting providers and search information providers. Spaceship also receives referrals from other clients and purchases marketing lists from external companies.
When you visit our website, a record of your device’s IP address is retained which is used anonymously in order to determine website and page visitors.
Before processing any personal data, we ensure that at least one lawful basis under GDPR is met. We will not disclose personal data for any purpose other than what the data was originally collected for; unless there is an overriding legal basis that enables this processing.
We may collect, hold, use and disclose the information collected to compile statistical data and to maintain our database; to develop or improve our website; respond to any queries; notify you of any upcoming marketing, training or other events that we think may be of interest to you; provide you with publications; manage quality control and compliance issues; manage systems administration; provide you or your organisation with advice; notify you about important changes or developments to our services; contact you for your views on our services or to determine the suitability for employment.
We may also process your personal data in the following circumstances:
|To Perform Our Service Under the Contract:||We process information in order to support and maintain our existing or potential contractual relationships under the lawful basis ‘performance of a contract’. We may process personal data in order to provide various supporting client services, take payments and to make improvements to our website. We record all calls made to our staff members including internal, inbound or outbound calls. The lawful basis which we often rely on to process data for the duration of servicing on your account and for the decision to enter an initial or any subsequent contract is under our ‘legitimate interests’. Ensuring our administrative and IT systems are secure and robust against unauthorised access also falls under this basis.|
|For Fraud Prevention:||Due to the products we offer to companies, we also have a ‘legal obligation’ to validate the status of companies we work with which may involve identifying and verifying individual data subjects as part of our ‘legitimate interests’ to safeguard against criminal or fraudulent activities. We also need to ensure that VAT and premium tax is paid.|
|To Defend Legal Issues:||We have a ‘legitimate interest’ to process data which may assist us in connection with the establishment, exercise or defence of legal claims.|
|To Process Sensitive Data:||In some cases, where the processing is deemed high risk or highly sensitive, we may ask for your ‘consent’ before we undertake the processing. For example, when providing information on reasonable adjustments before an interview. Where consent is used as the lawful basis for the processing, you will be entitled to withdraw that consent at any time as well as exercise your data privacy rights.|
|When you apply for a vacancy:||You provide several pieces of data to us directly during the recruitment exercise. In some cases, and to facilitate our ‘Legitimate Interests’ we will collect data about you from third parties, such as employment agencies and former employers when gathering references or credit reference agencies. Should you be successful in your job application, we will gather further information from you, for example, your bank details and next of kin details, once your employment begins. We have a Legal Obligation to ensure you have a right to work in the EU and make reasonable adjustments for you if you have a disability. The ongoing lawful basis we rely on to process your data will be under our legal obligations or legitimate interests which may include assessments made on salary.|
|For Marketing Purposes:||As part of our business-to-business sales strategy, we may contact companies and individuals about our products and services. To do this, we rely on our shared ‘legitimate interests’ in doing business together. This lawful basis also applies to any purchased data we may use from our various lead sources.|
Your Data Privacy Rights
All data subjects have individual rights. On a case by case basis, you have the following rights in relation to your personal data processed by Spaceship Digital Ltd:
- The right to be informed about how your personal data is collected and used
- The right to request access to a copy of any personal data that we hold about you
- The right to rectify personal data we may hold which is identified as incorrect or misleading
- The right to erasure of any personal data; also known as ‘the right to be forgotten’
- The right to restrict further processing of your personal data
- The right to data portability where technology allows us to send personal data onto a new controller
- The right to object to the processing or certain processing activities
- Rights in relation to automated decision-making including profiling.
As an organisation, we do not operate any automated decision-making systems. Please be aware that the rights listed in this section only apply to individuals and cannot be used to request data relating to business entities. Please be aware that your rights of access do not entitle you to physical or digital copies of any documentation we hold.
Below are GDPR principles in which we operate by:
Accountability: We are committed to the principles of the GDPR by adopting the concept of ‘data privacy by design’ within our operational model. We remain accountable by having detailed policies and systems in place as well as a Data Protection Officer to oversee our overall compliance to data protection regulations including the management of access rights requests. Our policies are regularly reviewed and updated, and our staff are periodically trained on data protection and security throughout the year.
Transparency, Fairness and Lawfulness: We process data with data subjects’ interests in mind and ensure that we approach processing activities with transparency to maintain fairness in what we do. This way we can be sure that we are processing data lawfully. We have a robust process in place to allow us to deal efficiently with any access requests we may receive.
Data Integrity and Confidentiality: We hold data on secure systems. We use Google for email so data servers are based in the EU and fully compliant with GDPR requirements. Our hosting partner uses Google Cloud servers that are also based in the EU and are fully compliant with GDPR requirements.
Information security and integrity is key to our smooth operation. We have an Incident Response Team with our hosting and email server providers on hand to support us in the event data may become compromised.
Data Minimisation and Data Storage: We will not keep data for longer than is necessary and only keep data if there is a lawful basis which allows fair retention. When we do need to remove data from our possession, we do so by using industry-approved standards so the disposal or anonymisation is thoroughly compliant.
Data Accuracy: Keeping data accurate is very important to us and we train our staff to ensure they are maintaining data to a high quality and with all the facts available.
Purpose Limitation: We use the data we attain for a specific purpose. This means that data is not processed for any alternative reasons other than what the data was originally collected for.
The below explains our stance on different operational areas of our business, so that you can easily see the standards we work by.
Software and Applications:
Software applications are managed through standard Agile software development methodology. Once a change is completed, end to end testing is performed to ensure the accuracy of the change and the existing system functionality.
Only approved software is managed and patched centrally and permitted on user machines which is managed through Software Centre.
Software is then packaged and released.
All operating systems in place are fully supported and patched.
We use desktops and laptops which use Windows 10 with window updates being installed automatically..
No sensitive information would be stored on non-compliant systems.
Internal network access is controlled through internal Active Directory security.
Access to software and websites is accessed via https secure internet browser.
Passwords on devices are changed every 90 days and complexity requirements are enforced.
All access is controlled by ADS permissions and limited access.
All remote access via remote working employees is secured by VPN log on technology and you are unable to access the networks unless a secure VPN connection has been established.
All databases, software and hardware/devices are protected with high levels of encryption. Encryption keys are managed with strict policies and procedures. The key is stored in a secure location which is only accessible to database admins.
On our equipment, all patches are governed by the change control process which includes evaluation, testing and deployment.
We update systems when the time is appropriate to ensure we are always using the most advanced technical and organisational tools out there.
Data is backed up daily and a data restore process has been tested.
Measures are in place to ensure that the business can continue to function should a compromise occur.
Data is backed up to physical media stored offsite at our secure data backup facility which is owned by the group and secured with CCTV, physical locks and limited access controls.
The data restore process is tested monthly or as required.
Performance monitoring and file integrity monitoring is in place to ensure our business continuity plan can take full effect.
Monitoring and Testing:
A standard build procedure ensures that all default admin and back door accounts are removed.
Regular Network monitoring identifies any non-compliance to data loss prevention controls.
Penetration testing at application and network level is carried out on a regular basis.
We may use cloud storage facilities for processing and storing data and when we do this, we ensure that the security is maintained and tested regularly.
Our CRM is built on cloud-based infrastructure.
All data resides in the EU or UK area and no data is transferred out of the EEA.
All networks have firewalls, antivirus and malware protection in place which are deployed on all endpoints to detect, alert and neutralise any threats.
Any applications accessible from the internet are constantly safeguarded to prevent the existence and exploitation of web application vulnerabilities such as cross-scripting or SQL injection.
External connections are protected with enterprise, resilient firewalls and dedicated security monitoring ex SIEM, IDS, IDP.
All internet access is controlled by a dedicated web filtering appliance which restricts the types of traffic and URLs.
Firewalls and monitoring control and monitor traffic entering and leaving the organisation.
Security monitoring has also been deployed.
Third Party Security:
All contractual IT security requirements are in place with any third parties we use, which ensures the relationship remains subject to GDPR compliance.
Where necessary, our contract with them includes Data Processing Terms or terms that are built into our products terms and conditions.
We also use alternative data protection safeguard mechanisms where appropriate in the form of standard contractual clauses where required.
Our CRM system is called Monday.com and we can confirm that they also have a dedicated security team which regularly tests and verifies that all controls are operational.
Monday.com is GDPR compliant, you can read more about it here – https://monday.com/l/privacy/monday-com-is-gdpr-ready/
Spaceship’s data is segregated from other Monday.com customers.
All staff and freelancers are screened prior to their engagement and interviews are face to face where possible.
Anyone who works with Spaceship will have statements and qualifications checked for validity before the offer of employment can commence.
We update our staff and freelancers when additions and updates are made to any privacy policies.
A restrictive covenant is signed by staff and freelancers prior to employment and a confidentiality agreement is signed on the first day of employment.
Staff and freelancers are expected to change their passwords regularly and we enforce complex password requirements.
When an employee or freelancer leaves the business, all accounts and access is suspended immediately, blocking all access to our systems.
If working remotely from a shared office space, a clear desk policy is in place across the group and staff know to lock screens when they are away from their desks for any period.
We operate policies for data security for our remote and field workers so that integrity is always maintained.
Staff are not permitted to store any data via removable media (USB’s) or on device hardware.
All data retention is handled in line with our retention policy. We are committed to taking a practical approach in line with legal, contractual and commercial requirements relating to the ownership, retention and disposal of information relating to our business activities within the UK and Ireland.
As a company, we have made a conscious effort to become more digitally focused and we steer away from paper records wherever possible. Confidential waste bins are used when necessary for printed documents, after use.