Your Security - Our Business

Creating a secure site for you to visit is expensive in time, money and effort. Maybe that is why so many people simply ignore it and yet still expect you to spend your money with them!

We have a secure site - and we want to tell you why, so that you can be assured that we are doing everything that we can to ensure that your visit with us is as safe as it can be.

First of all - we have a policy on what we do with your data. And we publish that policy. And you can read it by clicking the image at the right of this page (opens in a new window).

Read our privacy policy here

How many times have you looked for organic meat online, only to find that the company wont even tell you what they will do with your data? If your supplier does not have a privacy policy they can do whatever they like with your data, and it is only if they break the law that you can do anything about it. Ask them to publish one or change to a supplier who already does.

The privacy policy is essential for you to be able to understand what the company needs your information for. What they will do with it once they do have it, and possibly more importantly it will give you a very good idea of what sort of understanding the company you are dealing with has of the risks that they can place on you if they do not have the correct policies in place.

Next up is the very serious matter of SSL security on checkout. SSL is defined as:

Secure Sockets Layer (SSL) - is a commonly-used protocol for managing the security of a message transmission on the Internet. SSL uses a public-and-private key encryption system, which also includes the use of a digital certificate.

which is great - but hardly clear if you don’t speak geek! Basically, an SSL certificate on a site comes in two ‘flavours’. Shared and unique. The shared certificate is most common simply because it is the cheapest! It is also not as secure for you the customer.

We have a unique SSL certificate for this site. That means that the organisation (in this case GoDaddy - but it could easily have been RSA or Thawte), checks that we are not only who we say that we are as an organisation, but also that we are in control of the server that we wish the certificate to be installed on.

Read more about SSL hereThey can be sure then that we really are who we claim to be.

This SSL certificate then encrypts the data transmitted from your PC to our server. It uses a 256bit algorithm.

So what does that mean? Well, if you take the average credit card number (including spaces every four characters) it has 20 characters. Using encryption at 256bits it is calculated that it would take about 10, 000 years for a computer to guess the credit card number correctly.

Click the credit cards above to download a (fairly large) PDF explaining it all in much more detail.

Finally, the only bit we cannot tell you much about our is server setup (that wouldn’t be sensible here for anyone to read). Server and database security is absolutely integral to your security as our customer. There is a lot of nonsense about shared servers being less secure etc, but in all honesty the actual servers themselves are as secure as you would hope.

Some people use IIS from Microsoft, but we prefer Apache for its raw speed and features such as built in security (it is part of the architecture of the operating software) rather than it being added as a module.

It is when people put websites onto servers that they stop being secure. Bad practice leads to security gaps that leads to breaches in customer security.

The great news is that most security lapses by people setting up servers to run websites result in spam and phishing sites, (click on either term for more info). It is VERY rare for an exploit from the outside to compromise the security of a server so badly that the hackers can access the data such as credit card details. But why would you take the risk with a company that doesn’t know that?

We have used a large amount of our resources to not only make sure that you will see:

Secure site in FireFox

in FireFox or:

Secure site in Internet Explorer

in Internet Explorer when you are checking out and giving us your details, but also so that we know our backend functions leave you, our customer secure.

Click on the button above the checkout button and you will see this certificate that is supplied from the GoDaddy verification servers:

Copy of SSL certificate

© Welsh Farm Organics | Powered by MyBranding | Privacy Policy | Security | Sitemap

True Taste of Wales Award We only use organic herbs Organic Growers and Farmers The Organic Co-Operative Renaissance of Atlantic Food Authenticity and Economic Links Welsh Farm Organics on QVC Welsh Assembly Government