Data Management
To run a busy ecommerce site like this takes a surprising number of systems and servers. We have servers in the Microsoft Azure Cloud, and in Amazons AWS Cloud, a number of SaaS services, a significant amount of off the shelf software and custom code.
Underpinning all of this is a need to care about the data we collect, that it is correct, consistent and protected from unwanted access.
We take the data management of our systems very seriously, it’s the lifeblood of our IT systems. This page page briefly describes what type of data we collect and why, and how it is protected.
You can see the majority of the data we hold about your relationship with us, via the “My Account” link at the top of the page.
Where
The majority of data is stored in multiple databases in a Microsoft Data Centre in the UK, you can read more about the physical and data security that Microsoft provide here: https://docs.microsoft.com/en-us/azure/security/fundamentals/physical-security / https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest / https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-overview
What
We store only enough information to provide the shopping service requested, no more. We typically collect the following PII data:
- Email Address
- Shipping & Billing Addresses
- Phone Number
All other data we collect is about products, the size and quantity ordered, price paid, totals and shipping information like tracking numbers, box weights and so on.
For payment information, we use service providers such as Stripe, Paypal and others. We pass the information securely to them and they authorise the transaction via a securely transmitted token. At no point do we ever record any part of the the card information, this is known in the industry as SAQ-EP compliance
Can I see the data stored about me?
If you are logged in to the site, click on the “My Account” link at the top of the page and you will see any orders you have placed, addresses and contact details
Can I edit the details stored?
Yes, go to the “My Account” section and edit your details. You cannot edit orders as they form part of our financial records but your email, name, physical addresses, password and marketing preferences can all be amended there.
Can I delete my account?
Yes, though of course, we’d be sorry to see you go. If you choose to delete your account with us, we will anonymise any previous orders and delete the PII data. To start this process, use the “Contact Us” form (link below) and ask for an account deletion. You will get en email confirmation requesting you confirm the action. It cannot be undone once deleted.
Is the data secure?
We do our very best to ensure that it is, we take a lot of precautions and have automated monitoring and alerting in place. You may be surprised to learn that the founders of RealFoodSource and members of the IT team have worked at high levels in IT for many blue chip finance companies.
We have a number of defence mechanisms deployed such as Encryption at Rest, Encryption in Transit, Multiple Firewalls, Secure By Design architecture and we operate on a Least Privilege Access basis so even many of our staff can’t access the data. We keep the software and servers up to date and regularly review the security along with other aspects of the systems.
I have other questions
Ok, we’re happy to answer questions via the “Contact Us” form (link below). We can only answer in regard to specific queries about your own data and product / orders, we don’t discuss configuration or technical operations.