Website Security Policy
Read our Security Policy.
Effective Date: January 01st 2025
Website: www.foresightleadershipgroup.co.uk
Hosting Provider: Zoho Sites
Reference: Zoho Security Overview
This Website Security Policy outlines the security principles and safeguards implemented by Foresight Leadership Group to protect visitors and data transmitted through our website. As our website is hosted on Zoho Sites, this policy also reflects Zoho's compliance with international security standards and legal regulations in the United Kingdom (UK) and the United States (US).
United Kingdom
- UK General Data Protection Regulation (UK GDPR)
- Data Protection Act 2018 (DPA 2018)
- Privacy and Electronic Communications Regulations (PECR)
United States
- California Consumer Privacy Act (CCPA) (where applicable)
- Federal Trade Commission Act (FTC Act) Section 5 - Unfair or deceptive practices
- Industry best practices, including NIST Cybersecurity Framework
Our use of Zoho Sites, a global cloud-based service, means data may be stored in the EU, US, or other compliant regions. Zoho provides cross-border data transfer mechanisms such as Standard Contractual Clauses (SCCs) to meet GDPR requirements.
Our website is hosted on Zoho Sites, which provides:
- Secure Data Centres: with physical and operational safeguards including biometric access, surveillance, fire suppression, and disaster recovery.
- Data Encryption: TLS encryption for data in transit, strong encryption at rest across Zoho infrastructure.
- Regular Security Audits: Zoho undergoes independent third-party audits and complies with ISO/IEC 27001, SOC 2 Type II, and GDPR.
- DDoS and Intrusion Protection: Zoho's network is protected against denial-of-service attacks and unauthorised access attempts.
- Backend access to the website is limited to authorised Foresight Leadership Group personnel.
- All users accessing the Zoho admin environment must use Two-Factor Authentication (2FA).
- Role-based permissions are enforced and regularly reviewed.
Foresight Leadership Group collects minimal personal data via its website (e.g. contact form entries, etc.), and only for legitimate business purposes.
- UK Users: Data processing is compliant with UK GDPR and DPA 2018.
- US Visitors: If data is collected from US residents (particularly California), rights under CCPA are acknowledged where applicable.
- UK: Website visitors have the right to access, correct, or request deletion of their personal data.
- US (California residents): You have the right to know, delete, and opt out of the sales of your personal information under CCPA.
You may contact us using the information below to exercise your rights.
In the event of a data breach or suspected security incident:
- Foresight Leadership Group will investigate immediately.
- Where required, we will notify affected users and the UK Information Commissioner's Office (ICO) or US State Attorney Generals (where applicable) within legally required timelines.
- We will cooperate fully with Zoho in case of hosting-level incidents and follow Zoho's internal breach response protocol.
- Website access logs are reviewed periodically.
- Software updates and security patches are handled via Zoho's secure update lifecycle.
- Vulnerability scans are conducted routinely using Zoho's monitoring infrastructure.
Visitors are encouraged to:
- Avoid sharing sensitive data via contact forms unless clearly required.
- Report suspicious activity related to our site immediately.
- Maintain up-to-date antivirus protection on their own devices.
This policy will be reviewed annually or upon any major infrastructure, legal, or operational changes.
If you have questions about this policy or wish to exercise your data rights, please contact us:
Foresight Leadership Group
