Security

1. Our Commitment to Security

At AEJ Travels, the security of your personal and business data is a top priority. We implement industry-standard security measures to protect your information from unauthorised access, disclosure, alteration, or destruction.

2. Data Encryption

All data transmitted between your browser and our servers is encrypted using Secure Sockets Layer (SSL) / Transport Layer Security (TLS) protocols. This ensures that sensitive information, including personal details and payment data, is protected during transmission.

3. Access Controls

We implement strict access controls to ensure that only authorised personnel can access client data. Our security measures include:

• Role-based access controls limiting data access to employees on a need-to-know basis
• Multi-factor authentication for internal systems
• Regular password policy enforcement and rotation
• Secure offboarding procedures for departing employees

4. Server and Network Security

Our hosting infrastructure is maintained with the following security protocols:

• Firewalls and intrusion detection/prevention systems
• Regular security patching and system updates
• Continuous monitoring for suspicious activity
• Automated backups with encrypted storage
• DDoS protection measures

5. Payment Security

Payment processing is handled through PCI DSS-compliant third-party payment providers. We do not store full credit card details on our servers. All payment transactions are encrypted and processed securely in accordance with industry standards.

6. Vulnerability Management

We conduct regular security assessments, including vulnerability scans and penetration testing, to identify and address potential weaknesses. Any identified vulnerabilities are prioritised and remediated according to their severity.

7. Employee Security Training

All employees receive regular training on data protection, security best practices, and incident response procedures. Staff are required to follow strict confidentiality agreements and security policies as part of their employment terms.

8. Third-Party Security

We carefully vet our third-party vendors and partners to ensure they meet appropriate security standards. All service providers who handle client data are bound by data processing agreements that include security requirements and audit rights.

9. Incident Response

In the event of a security incident or data breach, we have an established incident response plan that includes:

• Immediate containment and investigation of the incident
• Notification to affected individuals and relevant authorities as required by law
• Remediation steps to prevent recurrence
• Post-incident review and policy updates

10. Responsible Disclosure

If you discover a security vulnerability on our website or systems, we encourage you to report it responsibly. Please contact us at info@aejtravels.co.uk with details of the vulnerability. We will investigate all legitimate reports and take appropriate action.

11. Your Role in Security

We recommend the following security practices when using our services:

• Use strong, unique passwords for your accounts
• Enable two-factor authentication where available
• Do not share your login credentials with others
• Ensure your devices have up-to-date antivirus and security software
• Be cautious of phishing emails claiming to be from AEJ Travels
• Report any suspicious activity to us immediately

12. Contact Us

If you have any questions or concerns about our security practices, please contact us: