Compliance & Regulatory Information

1. Overview

Signed & Sold is committed to maintaining the highest standards of legal and regulatory compliance. This page outlines our compliance framework, regulatory adherence, and the standards we follow to protect our users and ensure service integrity.

2. Data Protection Compliance

2.1 UK GDPR Compliance

We fully comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018:

• Lawful basis for processing personal data
• Data minimization and purpose limitation
• Individual rights including access, rectification, and erasure
• Data breach notification procedures
• Privacy by design and default

2.2 Data Processing Records

We maintain comprehensive records of our data processing activities, including purposes of processing, categories of data subjects, and data retention periods.

2.3 International Data Transfers

Any international data transfers are conducted in accordance with UK GDPR requirements, utilizing appropriate safeguards such as adequacy decisions or standard contractual clauses.

3. Security Standards

3.1 ISO 27001 Framework

Our security practices align with ISO 27001 standards, including:

• Information Security Management System (ISMS)
• Risk assessment and treatment procedures
• Access control and authentication measures
• Incident response and business continuity planning
• Regular security audits and assessments

3.2 Encryption Standards

All data is encrypted using industry-standard encryption protocols:

• AES-256 encryption for data at rest
• TLS 1.3 for data in transit
• End-to-end encryption for sensitive communications

4. Financial Services Compliance

4.1 Payment Card Industry (PCI DSS)

Our payment processing complies with PCI DSS Level 1 standards through our certified payment processor, Stripe. We do not store payment card information on our systems.

4.2 Anti-Money Laundering (AML)

We implement appropriate AML measures including:

• Customer due diligence procedures
• Transaction monitoring and reporting
• Suspicious activity detection and reporting

5. Accessibility Compliance

5.1 Web Content Accessibility Guidelines (WCAG)

Our platform is designed to meet WCAG 2.1 Level AA standards:

• Perceivable content with alternative text and proper contrast
• Operable interface with keyboard navigation support
• Understandable content with clear language and navigation
• Robust code that works with assistive technologies

5.2 Equality Act 2010

We are committed to providing equal access to our services in accordance with the Equality Act 2010 and make reasonable adjustments to ensure accessibility for all users.

6. Legal Document Standards

6.1 Legal Template Compliance

Our legal document templates are:

• Reviewed by qualified legal professionals
• Compliant with current UK and relevant international law
• Regularly updated to reflect legal changes
• Tested for enforceability and clarity

6.2 Consumer Protection

Our templates include appropriate consumer protection clauses and comply with the Consumer Rights Act 2015 and related legislation.

7. Environmental Compliance

7.1 Carbon Neutral Operations

We are committed to carbon-neutral operations through:

• Use of renewable energy sources for our digital infrastructure
• Efficient cloud computing practices
• Digital-first approach reducing paper consumption
• Carbon offset programs for unavoidable emissions

7.2 WEEE Compliance

We comply with Waste Electrical and Electronic Equipment (WEEE) regulations for any hardware components of our service delivery.

8. Third-Party Compliance

8.1 Vendor Management

All third-party vendors and service providers are subject to:

• Compliance due diligence assessments
• Contractual compliance obligations
• Regular compliance monitoring and audits
• Data protection impact assessments where applicable

8.2 Cloud Service Providers

Our cloud infrastructure partners maintain industry-leading security certifications including SOC 2 Type II, ISO 27001, and relevant compliance frameworks.

9. Compliance Monitoring & Reporting

9.1 Internal Audits

We conduct regular internal compliance audits to ensure ongoing adherence to all applicable regulations and standards. These audits are documented and any identified issues are promptly addressed.

9.2 External Assessments

Independent third-party assessments are conducted annually to validate our compliance framework and identify areas for improvement.

9.3 Incident Reporting

We maintain robust incident reporting procedures to ensure prompt notification to relevant authorities and stakeholders in the event of any compliance-related incidents.

10. Regulatory Updates

10.1 Change Management

We actively monitor regulatory changes and implement necessary updates to our policies, procedures, and systems to maintain compliance. This includes regular legal and regulatory training for all staff.

10.2 Future Regulations

We proactively prepare for upcoming regulatory changes, including the EU's Digital Services Act and other emerging digital governance frameworks that may impact our operations.

11. Contact Information

12. Document History