Worktop Express
Cart
Price Match Promise Price Match Promise Trustpilot 65,000+ Reviews | 4.8 TrustScore Delivery, Next DayNationwide Next or Named-day Delivery In Home DeliveryWorktop Customisation Service

Website Security Policy

Last updated: May 7th, 2025

1. Introduction

This Website Security Policy outlines the security measures and practices implemented by Worktop Express to protect our website (www.worktop-express.co.uk), our customers’ data, and our business operations from security threats. This policy demonstrates our commitment to maintaining the confidentiality, integrity, and availability of all information and systems. 

2. Purpose

The purpose of this policy is to:
– Protect customer data and privacy
– Ensure secure e-commerce transactions
– Defend against unauthorized access and cyber threats
– Establish procedures for security incident response
– Comply with relevant data protection regulations including GDPR 

3. Scope

– The Worktop Express website (www.worktop-express.co.uk)
– All web applications, databases, and servers associated with the website
– All employees, contractors, and third parties who have access to website systems
– All data collected, processed, and stored through the website 

4. Data Protection

4.1 Customer Data
– Personal data is collected only as necessary for business purposes
– Clear privacy notices are provided at all data collection points
– Data is stored securely and protected with appropriate encryption
– Data retention periods comply with legal requirements and business needs
– We do not sell or share customer data with unauthorized third parties

4.2 Payment Information
– Payment processing complies with PCI DSS requirements
– Credit card details are not stored on our servers
– All payment transactions use secure protocols (TLS/SSL)
– We partner only with reputable payment processors

5. Technical Security Measures

5.1 Access Control
– Role-based access control is implemented for all systems
– Strong password policies are enforced for all accounts
– Multi-factor authentication is required for administrative access
– Regular access reviews are conducted to ensure appropriate permissions

5.2 Network Security
– Firewalls and intrusion detection/prevention systems are deployed
– Regular network security scans are performed
– VPN is required for remote administrative access
– Network traffic is monitored for suspicious activities

5.3 Website Security
– Regular security updates and patches are applied to all systems
– Web application firewalls protect against common attacks
– Input validation is performed on all user-submitted data
– Protection against DDoS attacks is implemented
– Anti-virus and anti-malware solutions are maintained

5.4 Encryption
– TLS/SSL encryption is used for all website communications
– Sensitive data is encrypted at rest and in transit
– Strong encryption algorithms and protocols are used 

6. Security Testing

6.1 Vulnerability Management
– Regular vulnerability scans are conducted
– Annual penetration testing by qualified third parties
– Code reviews for security vulnerabilities
– Timely remediation of identified vulnerabilities

6.2 Monitoring and Logging
– Security events are logged and monitored
– Audit trails for system access and changes are maintained
– Automated alerts for suspicious activities
– Regular review of security logs

7. Incident Response

7.1 Response Process
– Documented incident response procedures are in place
– Designated incident response team with defined roles
– Classification system for security incidents
– Communication protocols for different incident types

7.2 Breach Notification
– Data breach notification procedures comply with GDPR requirements
– Affected customers will be notified without undue delay
– Relevant authorities will be informed as required by law
– Documentation of all breaches and remediation actions

8. Third-Party Security

– Security requirements are included in contracts with third-party vendors
– Regular security assessments of third-party services
– Limited access to data based on business needs
– Compliance with our security standards is required from all partners

8. Security Awareness

– Regular security training for all employees
– Security responsibilities are included in job descriptions
– Updates on new security threats and best practices
– Reporting procedures for potential security issues

10. Compliance

– GDPR compliance for data protection
– PCI DSS compliance for payment processing
– Regular compliance assessments and audits
– Monitoring of changes in relevant regulations

11. Contact Information

For security concerns or to report a security vulnerability:
– Email: [email protected]

12. Policy Review

This security policy is reviewed and updated annually or when significant changes occur in our systems, threats, or regulatory requirements.

*This policy is available to all customers and may be updated from time to time. Please check our website for the most current version.*

Worktop Express - Home

Contact Us