Firstly, we try to ensure that any data required for the participant record excludes personally identifiable information. For example, we don't ask for full date of birth.
The only personally identifiable data that we ask for is an email address, which is immediately encoded and stored in a separate repository to the participant record. Therefore, the participant record never has any personally identifiable data attributed to it directly.
When Associates join we do need to obtain a delivery address for their ID Cards and this information is again stored in its own repository.
All data transfer is completed using HTTPS protocol, ensuring it is protected while in transit and the data is always stored in an encrypted state. Further double encryption is used for passwords.
All membership IDs are generated randomly using very large numbers so as to avoid sequentially numbered participants, which again helps protect our data.
Furthermore, layers of protection are employed across our platform to protect our service from denial of service and hacking attempts.
The data is owned and managed by The Control Group Cooperative Ltd, a legal entity registered and protected by UK law, which is owned by its members. The cooperative business structure ensures that there are no shareholders, only stakeholders. With no shares to sell and no public record of who the stakeholders are, we can provide protection against acquisition from any large corporations who might otherwise seek to take possession of our data.