Data Protection Act and how we use Data

At Broadbench we have taken steps to ensure your data is secure at all times. All of your personal information will be stored on our computer systems and in some cases held as manual or paper copies.

For the purposes of the Data Protection Act 1998, the Data Controller in relation to any personal information you supply us with is Broadbench Ltd.

If you supply us with personal information via our website we will keep a record of your name, e-mail address and telephone number in order to make contact with you. In accordance with the Financial Conduct Authority, we are required to make records to evidence the suitability of any recommendation we make. If you are unable to provide is with the necessary information, or give us permission to process your data we will be unable to offer you a recommendation.

Should you require any further information regarding the recording and use of your personal information please do not hesitate to contact us: or call 01202 700053.

Broadbench Security Statement


Data is stored is a SQL database and synchronized with SalesForce using the SalesForce SOAP API.

Data in place

All data for the portal is stored in either a Microsoft SQL server database or PDF files. All client data is encrypted before being stored in the database ("encrypted at rest").

Data in Transit

Offsite backups are transmitted across the internet as a password protected, encrypted zip file.


The system comprises of a web application (VB.NET)

Web Application Security

SSL/ TLS Encryption. All requests to the system will be encrypted between the server and the browser User Authentication: User accounts have unique usernames and passwords that must be entered to gain access to the data. The Portal issues a session cookie only to record encrypted authentication information for the duration of a specific session. The session cookie does not include the password of the user. User Passwords: User application passwords have minimum complexity requirements. Passwords are individually salted and hashed. Client Access: The questionnaire can be accessed by the client only when the 32 bit globally unique identifier is supplied as part of the URL.


Physical Security The servers are hosted at Heart Internet, who take both physical and virtual security very seriously. The data centres have security teams on site 24x7 and are closely monitored using both internal and external CCTV. Data centre access is restricted to a very select number of named staff who are required to have appropriate security clearance and secure fobs to gain access.

Cyber Security

All data is safeguarded behind a multi-layered firewall, backed up regularly and stored offsite.

Power Security and resilience

Each server rack has two independent power feeds, fed from two diverse connections to the national grid. Should one or both of these feeds fail, 4 x 300kVA Riello UPS (N+1) battery backup systems cover immediate power requirements. If mains power is not restored within ten seconds, 3 x N+1 diesel powered generators start providing full continuous power to the data centre.