Last updated: 14th July 2016

Data Protection

Capture Education is registered with the Data Protection Act (registration number: ZA173866) and nursery data is not shared with any other organisation. Only nurseries can access their own data.

Data Access

The Capture Education system is updated using HTTPS. This is a certified secure connection. The encryption level used is SSL 3.0, RC4 with 128 bit encryption (High), RSA with 1024 bit exchange.

No other organisation has access to your nursery’s data.

Location of Data and Servers

User identifiable data is held on our servers located in the UK at a SAS 70 type 2 certified site. Non-identifiable binary data is held on our servers located in Ireland at a SAS 70 type 2 certified site.

Data Centres

Our data centres are based in the UK and Ireland at independent locations and use the following security measures:

Physical Security

Data centre access is limited to data centre technicians
Biometric scanning for controlled data centre access
Security camera monitoring at all data centre locations
24×7 onsite staff provide additional protection against unauthorised entry
Unmarked facilities help maintain low profile
Physical security is audited by an independent firm

System Security

System installation using hardened, patched OS
System patching is configured to provide ongoing protection from exploits
Dedicated firewall and VPN services to help block unauthorised system access
Data protection with managed backup solutions

Operational Security – Infrastructure

ISO17799 based policies and procedures, regularly reviewed as part of our SAS70 Type II audit process
All employees trained and documented information security and privacy procedures
Access to confidential information restricted to authorised personnel only, according to documented processes
Systems access logged and tracked for auditing purposes
Secure document-destruction policies for all sensitive information
Fully documented change-management procedures
Independently audited disaster recovery and business continuity plans in place for headquarters and support services

Operational Security – Application Environment

Best practises used in the random generation of initial passwords
All passwords are encrypted during transmission and while in storage
Secure media handling and destruction procedures for all customer data

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Data Security