Security Statement

Velocity Worldwide employs a public cloud deployment model using both physical and virtualized resources for its software-as-a-service (“SaaS”) shopper engagement platform (Darius™ for Retail). Velocity Worldwide SaaS solutions are multi-tenant and logical access controls using authentication and roles ensure the necessary separation between data from different clients.

All infrastructure responsibilities lay within Velocity Worldwide, and clients are provided with functionality to manage their own users and roles at the application level. All software maintenance and configuration activities are conducted by Velocity Worldwide employees, primarily, remotely from our corporate office.

Protection of Customer Information is vital to the sucess and integrity of our Business. Velocity Worldwide are committed to protecting the confidentiality of our Customer Information. To achieve this goal, the company has implemented an Information Security Management System in accordance with ISO/IEC 27001:2013 and Data Protection Acts 1998 and 2003.

1. What are Velocity Worldwide Objectives of the ISMS?

   The ISMS is designed to reflect our key business objectives. This includes:

   1. To demonstrate to customers that Velocity Worldwide is committed to, and has applied best-practice security when managing customer data.
   2. To provide customer confidence that all customer data in whatever form the information takes, or means by which it is shared or stored, it is always appropriately protected.
   3. To provide customer confidence that all information created by Velocity Worldwide is handled in a confidential manner and disclosed only to authorized persons.
   4. To ensure compliance with all relevant laws & regulations.
2. What is required of the ISMS?

   We will ensure adherence by creating and maintaining an Information Security Management System (ISMS) appropriate to our business. The ISMS includes the requirements to:

   1. Conduct ongoing risk assessments to identify key areas of risk to customer data and the controls required to mitigate these risks to acceptable levels.
   2. Provide a Data Classifications and Handling Policy.
   3. Implement and take part in an Information Security Forum to take ownership and provide leadership.
   4. Create and assign a set of roles and responsibilities for Information Security, including Data Owners.
3. Who is responsible for Information Security?

   Information Security is the responsibility of all Velocity Worldwide employees and contractors with access to customer information. We are obliged to take breaches of policy seriously and it is incumbent upon all of us to read and understand the security policies that apply to us in performing our duties. Violation of the policies may result in disciplinary action for employees and, in the case of others engaged in Velocity Worldwide, may result in legal redress.

ISO-27001 ISMS Scope

Protection of Shopper Information is vital to the success and integrity of our Business. Velocity Worldwide are committed to protecting the confidentiality of our Client and Shopper Information. To achieve this goal, the company have committed to the implementation of an Information Security Management System in accordance with ISO/IEC 27001:2013 and relevant legislation.

The company’s ISMS is applicable to the collection, processing, use of, and disclosure of all shopper related information, for example:

* Personal data, profiles, location data or any other information provided during a shopper engagement.

* Shopper reports, profiles, insights or other information created by Velocity Worldwide as part of a client engagement.

This includes:

* All storage and processing of shopper information held for Velocity Worldwide by its cloud service provider.

* Any information which is entered into the Software by virtue of the End User’s proper use of the Software.

* All information received, processed or created by our consultants during client engagements.

Gareth Waller CTO