PCVdigital Limited (“PCVdigital”) strives to protect the data we hold from unauthorised or unlawful processing.

User access to our platform

Any user of the platform must be authenticated with two-factor authentication to be granted access to the system. This includes a time-limited verification code sent by SMS.
For staff, log in to PCVdigital uses an account that is subject to strict security controls, including robust requirements around password complexity and dual-factor authentication. Only staff that strictly need access are granted it, and only at the minimum level required.

Data protection

Our service requires that we gather, process and store personal data from end users, in line with the relevant data protection legislation, including the Data Protection Act 2018, and the UK GDPR. Personally Identifiable Information and how we process that information is described in our Privacy Policy.

Storing and encrypting Data

PCV services are hosted on a Microsoft Azure Platform. Information on Azure compliance can be found here https://learn.microsoft.com/en-gb/azure/compliance/
We do not store data on local machines.
Data in transit is encrypted using at least TLS 1.2. 
In line with accepted best practice in our sector, data is encrypted at rest following industry best practices and leveraging ciphers that guarantee a level of protection equivalent to AES-256 or stronger.
We provide secure back-ups of our data to ensure information is always available.

Transfer of Data outside of UK

PCVdigital uses some Third Parties whose services may outside of the UK and European Union. In the case of Lexis Nexis, we operate under a strict contract with them to help ensure UK GDPR mechanisms (Consumer and Data Access Policies).

Security testing

We perform regular penetration tests and undertake vulnerability scanning as part of our commitment to maintaining security of our platform.

Request for deletion of data

To process a data deletion request, you must write to us at data@pcvdigital.com
If an end-user requests a deletion of their Personal information, we may need permission from the Client with whom the original request for processing your data originated, if the data forms part of a record of anti-money laundering compliance.
If a request is approved, we will remove your personal data from our platform within 30 days.

© 2025 PCVdigital Limited.