We work to streamline VAT processes while mitigating risk and enhancing data protection
Taxback International are ISO27001 certified. It ensures that we handle customer data securely, and in compliance with applicable regulations. These include GDPR and other data protection laws.
We regularly review and update security policies, provide security training to staff, perform security testing, monitor compliance with security policies and conduct internal and external risk assessments.
ISO 27001 is the international standard which is recognized globally for managing risks to the security of information held. This certification shows our clear commitment to data management and protection.
Our architecture is multi-tenant by design, data filters are applied ensuring that access to data is restricted based on job role and associated access privileges.
Data in transit is encrypted using SSL certificates (TLS 1.2) meaning that unauthorized individuals will not be able to decipher your confidential information.
Taxback International use data hosting providers Interxion and AWS.
Interxion data centre facilities are ISO27001, ISO22301 certified and maintain a SOC 2 report. AWS data centre facilities are ISO27001 and maintain a SOC 2 report.
24 x 7 system monitoring is undertaken by our Security Operations Centre provider.
Taxback International has a documented and established incident management procedure with incident severity and points of escalation defined.
We only retain data for as long as is required under regulatory and legislative requirements. Data retention timelines are defined and procedures are in place to delete data when no longer required.
We are headquartered and registered in Ireland and subject to the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). Technical and organisational controls are implemented and maintained as per industry best practice, these controls are externally audited on a bi-annual basis by our ISO27001 auditor.
Taxback International takes the privacy of our clients seriously and complies with all local data protection laws in the jurisdictions we operate in. Staff are reminded of their data protection obligations through regular awareness communications from the Data Protection Officer. Computer based training and testing of understanding is mandatory and completed by all staff on an annual basis.