We work to streamline VAT processes while mitigating risk and enhancing data protection
Taxback International are ISO27001 certified. It ensures that we handle customer data securely, and in compliance with applicable regulations. These include GDPR and other data protection laws.
We regularly review and update security policies, provide security training to staff, perform security testing, monitor compliance with security policies and conduct internal and external risk assessments.
ISO 27001 is the international standard which is recognized globally for managing risks to the security of information held. This certification shows our clear commitment to data management and protection.
By design, our architecture is multi-tenant. Data filters are applied ensuring that access to data is restricted based on job role and associated access privileges.
Data in transit is encrypted using SSL certificates (TLS 1.2). This means that unauthorized individuals will not be able to decipher your confidential information.
Taxback International use data hosting providers Interxion and AWS.
Interxion data centre facilities are ISO27001, ISO22301 certified and maintain a SOC 2 report. AWS data centre facilities are ISO27001 and maintain a SOC 2 report.
Our Security Operations Centre provides 24 x 7 system monitoring.
Taxback International has a documented and established incident management procedure with incident severity and points of escalation defined.
Under regulatory and legislative requirements, we only retain data for as long as is required. Data retention timelines are defined and procedures are in place to delete data when no longer required.
We are headquartered and registered in Ireland. We are subject to the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). Technical and organisational controls are implemented and maintained as per industry best practice. These controls are externally audited on a bi-annual basis by our ISO27001 auditor.
Taxback International takes the privacy of our clients seriously and complies with all local data protection laws in the jurisdictions we operate in. The Data Protection Officer sends regular awareness communications to staff reminding them of their data protection obligations . Computer based training and testing of understanding is mandatory and completed by all staff on an annual basis.