WorkplaceWellness.London

TERMS AND CONDITIONS
Please make sure you read through and agree to our terms and conditions before proceeding.

1) INTRODUCTION
This is a legally binding agreement between WORKPLACEWELLNESS.LONDON and you. By using this website and/or registering/or receiving full membership services from WorkplaceWellness.London , you verify and warrant that you are 16 in age or older, you agree to provide true and accurate information as required by the registration process on this website and that you agree to the following terms and conditions.

2) PARTIES
You and WorkplaceWellness.London

3) BASIS OF CONTRACT

3.1 You are solely responsible for Your own interactions with your INFORMATION subsequent to report generation.
3.2 You shall be responsible for the accuracy of any information necessary for Us to perform the Service
3.3 We reserve the right to police and remove for any reason any information, photographs and/or other material Posted by You, deemed unacceptable for the site.
3.4 We reserve the right to refuse any application for Assessment for any reason.
3.5 We reserve the right to vary these Terms & Conditions at any time.
3.6 We reserve the right to make changes to the Service as deemed necessary or desirable.
3.7 WorkplaceWellness.London will have the right of termination of this Agreement if You fail to make full payment when due, If the information that You provide is found to be untrue or if You breach the terms of this Agreement.
3.8 WorkplaceWellness.London bears no legal liability for the information and conclusions provided by our reports.
3.9 WorkplaceWellness.London bears no legal liability for the implementation of the recommendations of reports.
4.0 WorkplaceWellness.London will under absolutely no circumstances allow access from a third party to data or grant or sell your data to any third party for commercial and/or non-commercial use.

Cyber security in Workplace Wellness.london
There are many methods used by hackers to perform different types of hack with various motives.

Type of data stored
In the case of Workplace Wellness the type of data stored is totally anonymised.
All data cannot be associated with a particular business will be of zero use to a hacker. Employees details are also anonymised. Their names, email addresses are never stored.

Methods of hacking:
1. Sql injection.
This is when a hacker tries to write sql commands inside a form field e.g. "DROP TABLE tablex;" and "DROP DATABASE databasename;" or the more complex "SELECT surveydate FROM tablex WHERE username='$_SESSION[username]' ORDER BY id DESC LIMIT 1;".
In these examples the form fields will NOT ALLOW any non alphabetic characters e.g ';' thus such an attempt to hack will fail.

2. Brute force attack
This is a cybersecurity hacking method that uses trial-and-error to crack passwords, login credentials, and encryption keys by automatically trying numerous combinations until finding the correct one. They will use a list of perhaps a billion usernames, emails and passwords and fill in these details one by one. Workplace Wellness will pass the hacker back to the account sign up page after two failed attempts and a 5 second delay. This will hamper the hack and ultimately they will give up.

3. Cookies
Workplace Wellness does not use cookies therefore this is not a vulnerability.

4. Accessing via your business itself (local infiltration).
Obviously if your details are leaked then access will be compromised. Therefore keep your login details secret please. Even if that does happen the 'hacker' cannot alter anything.