Security Policy

1. Data Protection and Security Measures

We take data protection and information security seriously and apply appropriate technical and organisational measures to safeguard the integrity, confidentiality, and availability of data handled by the Company.

These measures may include, but are not limited to:

• Encryption: Where implemented and technically available, data transmitted through our website and digital systems is protected using industry-standard encryption methods such as SSL or TLS. This helps protect information submitted through contact forms, enquiry forms, payment-related communications, and other online interactions.
• Access Control: Access to personal data, business records, client briefs, design files, project documentation, invoices, and critical systems is restricted to authorised persons only. Access is granted only where necessary for legitimate business purposes, such as responding to enquiries, delivering services, managing projects, issuing invoices, or maintaining website functionality.
• Confidentiality: Employees, contractors, collaborators, and service providers who may access client or business information are expected to maintain confidentiality and use such information only for authorised purposes.
• Multi-Factor Authentication: Where available and appropriate, multi-factor authentication may be used for accounts and systems that contain sensitive business information, client materials, project files, website administration tools, cloud storage, or payment-related data.
• Data Minimisation: We aim to collect and process only the minimum amount of personal data and project information reasonably necessary to provide our services, manage client relationships, maintain records, comply with legal obligations, and protect our business operations.
• Secure Handling of Project Materials: Client-provided materials, including logos, images, brand references, design briefs, website links, business information, and creative files, are handled securely and used only for the purpose of preparing, delivering, revising, and documenting the relevant service.

2. Infrastructure Security

We use reasonable measures to maintain secure and reliable infrastructure for our website, communications, digital files, and business operations.

These measures may include:

• Firewall Protection: Hosting providers, security tools, and technical systems may use firewalls, filtering technologies, traffic monitoring, and other protective measures to reduce the risk of unauthorised access, malicious traffic, spam, or automated abuse.
• Secure Hosting: Our website and related digital services may be hosted by third-party hosting or cloud service providers that apply security measures designed to protect physical and network infrastructure. These may include access controls, network monitoring, backup systems, server-level security, and data centre safeguards.
• Monitoring and Maintenance: We may monitor our website, systems, and digital tools for technical errors, suspicious activity, unauthorised access attempts, performance issues, or security risks. Monitoring helps us identify and address issues that may affect website reliability or data security.
• Backups: Where appropriate, backups may be used to reduce the risk of data loss and support business continuity. Backup practices may vary depending on the system, provider, and type of data involved.
• Regular Security Reviews: We may review our website settings, service provider arrangements, access permissions, file storage practices, and security controls to identify potential risks and improve protection where necessary.

3. Application and Website Security

We follow reasonable security practices for maintaining our website, digital interfaces, online forms, and any related digital tools used in connection with our services.

These practices may include:

• Website Updates: We aim to keep website components, plugins, software tools, and technical systems reasonably up to date where we control them and where updates are technically available.
• Secure Configuration: Website administration areas, forms, file delivery tools, and digital systems may be configured to reduce the risk of unauthorised access, spam submissions, technical abuse, or data exposure.
• Testing and Review: Where we develop or manufacture website-related materials, interface visuals, digital prototypes, interactive concepts, or software-related creative assets, we may review the relevant work before delivery or publication to identify obvious technical or security issues within the agreed scope.
• Patch Management: We aim to apply relevant security updates and patches to systems under our control within a reasonable timeframe, taking into account the severity of the issue, technical compatibility, and operational requirements.
• Secure Development Practices: Where our services include interactive software-related creative work, website-related design support, digital interface work, or technical recommendations, we seek to follow security-aware practices that reduce unnecessary data exposure and support responsible digital delivery. Unless expressly agreed in writing, our design, branding, illustration, mascot, guidebook, or visual interface services do not constitute a full cybersecurity audit, penetration test, managed security service, or regulatory compliance certification.

4. Data Privacy Compliance

We are committed to complying with applicable data protection laws and requirements, including the UK General Data Protection Regulation and the Data Protection Act 2018, where applicable to our activities.

• We process personal data in a lawful, fair, and transparent manner and apply security measures appropriate to the type of information we handle.
• Data Access and Control: Individuals may have the right to access, correct, delete, restrict, or object to the processing of their personal data, as described in our Privacy Policy.
• Data Retention: We retain personal data and project information only for as long as necessary for the purposes for which it was collected or as required for legal, accounting, tax, contractual, intellectual property, dispute resolution, or legitimate business purposes.
• Data Breach Response: In the event of a personal data breach that is likely to result in a risk to individuals' rights and freedoms, we will take appropriate steps in accordance with applicable data protection requirements. Where required by law, we will notify the relevant supervisory authority and affected individuals within the applicable legal timeframe.

5. Employee, Contractor, and Awareness Measures

We expect all persons who work with or on behalf of the Company to follow appropriate security and confidentiality practices when handling personal data, client information, project files, brand materials, business records, and digital systems.

These measures may include:

• Security Awareness: Employees, contractors, and collaborators may receive guidance on secure handling of client materials, password protection, phishing awareness, confidentiality, safe use of company systems, and responsible data handling.
• Access Limitation: Access to client information, personal data, project files, source files, and business systems is limited to persons who need such access to perform their duties or deliver the relevant service.
• Incident Awareness: Persons working with the Company are expected to report suspected security incidents, unauthorised access, lost files, phishing attempts, suspicious communications, or accidental disclosures as soon as reasonably possible.
• Confidentiality Obligations: Where appropriate, contracts or working arrangements with employees, contractors, collaborators, or service providers may include confidentiality and data protection obligations.

6. Third-Party Service Providers

We may use third-party service providers to assist in operating our website, delivering services, managing files, processing payments, hosting content, communicating with clients, analysing website performance, maintaining security, and managing business records.

Such providers may include hosting providers, email service providers, cloud storage providers, payment processors, analytics providers, security tools, project management tools, accounting or invoicing providers, file transfer providers, design software providers, and IT support providers.

• We seek to use reputable third-party providers that maintain appropriate security and provide safeguards for the services they provide.
• Due Diligence: Where appropriate, we may review third-party providers based on their reliability, security features, privacy commitments, data protection terms, reputation, and suitability for the relevant service.
• Contracts and Agreements: Where required, we may include data protection, confidentiality, and security terms in contracts or service arrangements with third-party providers.
• Provider Responsibility: Third-party providers are responsible for the systems and services they operate. We are not responsible for independent acts, omissions, outages, data incidents, or security failures of third-party providers where those matters are outside our reasonable control.

7. Incident Response and Reporting

In the event of a security incident, we have procedures intended to identify, assess, contain, investigate, and resolve the issue as promptly as reasonably possible.

Our incident response approach may include:

• Detection and Identification: We may monitor systems, communications, and reports for unusual activity that may indicate unauthorised access, data exposure, spam activity, malware, account compromise, or other security concerns.
• Containment: If an incident is detected, we will take reasonable steps to contain the issue and reduce potential impact. This may include restricting access, changing credentials, disabling affected tools, contacting service providers, or suspending affected functions.
• Assessment: We will assess the nature of the incident, the information affected, the systems involved, the cause of the issue, and the potential impact on clients, users, or the Company.
• Resolution and Recovery: We will take corrective actions to resolve the incident, restore normal operations where possible, reduce the risk of recurrence, and document relevant steps.
• Notification: Where required by applicable law or contract, we will notify affected parties, clients, service providers, regulators, or authorities in accordance with applicable requirements.

8. User and Client Responsibilities

While we take reasonable steps to protect data and systems, users and clients also have an important role in maintaining security.

Users and clients should:

• Use strong and unique passwords for any accounts, portals, file-sharing tools, or systems used in connection with our services.
• Keep login credentials confidential and not share them with unauthorised persons.
• Notify us promptly if they suspect unauthorised access, compromised credentials, mistaken disclosure, or suspicious activity.
• Use secure and updated devices, browsers, operating systems, and email accounts when communicating with us or accessing files.
• Avoid sending unnecessary sensitive personal data or confidential information unless required for the service.
• Ensure that materials provided to us are lawful, accurate, properly licensed, and do not infringe third-party rights.
• Use secure file transfer methods when highly confidential project materials are involved.
• Remove or limit our access to their systems, accounts, or files when access is no longer required.

The Company is not responsible for security incidents caused by a client's own systems, devices, email accounts, weak passwords, unauthorised sharing of credentials, compromised third-party accounts, or failure to follow reasonable security practices.

9. Security Updates

We are committed to continuously improving our security measures as our services, website, technology, business operations, and risks evolve. As new threats, vulnerabilities, or operational needs arise, we may update our security practices, service provider arrangements, access controls, website settings, file handling procedures, data retention practices, or internal processes. Where a significant change to our security practices materially affects the way we handle client data, project materials, or website interactions, we may provide appropriate notice through our website, direct communication, or an updated policy.

10. Changes to This Security Policy

We may update this Security Policy periodically to reflect changes in our security practices, technology, services, website functionality, business operations, legal requirements, or third-party service arrangements.

Any updates will be posted on https://fifthcornerltd.com/ with the updated "Effective Date" or "Last Updated" date. We encourage you to review this Security Policy regularly to stay informed about how we protect data, project materials, and digital interactions connected with our services.

11. Contact Information

If you have any questions about this Security Policy or wish to report a security concern, please contact us:

Fifth Corner Ltd

Registered Address: 60 Tottenham Court Road, Fitzrovia Office 401, London, WIT 2EW, United Kingdom

Email: seo@fifthcornerltd.com