Our Policy

Security is at the core of everything we do

/Our Policy
Our Policy2018-11-14T15:25:05+00:00

Taxback International is ISO 9001 and ISO 27001 Certified

Taxback International have invested extensively in protecting your data, including Personally Identifiable Data (PII) from data in motion, data at rest to data in use with the best architectural and processes in line with the strictest industry standards (ISO 27001 and GDPR compliance).


(Data in Motion)

  • Transport Layer Security (TLS 1.2) encryption for all users TLS 1.2 encryption on all external communication channels and all data is classified from the 1st connection
  • All internal communication channels are secured via IPsec VPN site-to-site tunnel
  • As easy to opt-in as it is to opt out


(Data at Rest)

  • Standard 256bit encryption for file storage
  • Encryption at rest: Full archive area with secure deletion process and database encryption
  • Sensitive vs Non Sensitive: All Data is classified and encrypted at each level of communication.
  • No personal/sensitive information stored in public-facing services


(Data in Use)

  • Data protection by default and by design: no access principles across technology
  • Segregated three-tier secure architecture
  • Segregated application architecture –Operations systems are LAN accessible only
  • Firewall segregated LAN, WAN and DMZ


(Security by Design)

  • Software automated data retention policy and secure deletion
  • ISO 27001 Certified (accredited through Certification Europe)
  • Data Protection Officer and IS Champions embedded within Taxback International
  • 24/7 data breach notification policy and escalation procedures built into standard operating procedures

Security at the Core of Technology and Practices


"Our standards are on par with Banking standards"

  • Only the best in market proven data encryption certified processes
  • All data is classified and coded from the 1st connection which is important to protect data particularly sensitive PII data
  • Each packet of data received is separately encrypted during a communication session as it is moved from public to private domains


"Defense in Depth Strategy
is our policy"

  • Application of multiple security measures at database & field level
  • Proactive encryption added to data at rest and inbuilt deletion protection area
  • Our data is never stored in cloud based/public domain locations.


"3 Tiered Architecture designed to control access/risks"

  • Segregation of applications and systems with Firewall protection enhances our security
  • Employee access aligned to role and controlled by design & structure
  • Segregated application architecture –Operations systems are LAN accessible only


everyday 24/7"

  • Security at core of Technology, People & Processes
  • Retention of data only as per VAT/Tax Scope with clear deletion policy for other
  • Active practice of ISO 27001 policies and principles every day

Looking for more information on our policy?

Get in touch