All data is transmitted across encrypted channels using 256-bit SSL encryption. The data ClubCollect stores is encrypted at rest. The servers are located in Dublin, Ireland, fully complying with European data protection laws.
Our provider conducts regular security audits and holds the following certifications:
- ISO 27001, Security Management Controls
- ISO 27017, Cloud Specific Controls
- ISO 27018, Personal Data Protection
- SOC2 Type 1, Security, Availability and Confidentiality Reports
All payments processed by ClubCollect will be held in escrow at the trust accounts of the ClubCollect Payments Foundation. ClubCollect operates under the European wide electronic money license of Docomo Digital Payment Services AG.
The online payments are handled by the PSPs (Payment Service Providers) Adyen or Pay, which both hold a PCI-DSS (Payment Card Industry Data Security Standard) certificate.
Using ClubCollect will require KYC (Know Your Customer) background information regarding the legal entity that will use our services. Precautionary steps are taken to comply with the national AML (Anti-Money Laundering) laws.
ClubCollect operates in line with the GDPR (General Data Protection Regulation 2016 / 679) and therefore requires a separately signed Data processing agreement.
We consider the security of our systems a top priority. We strive to resolve all problems as quickly as possible due to our Responsible Disclosure policy.
If you are a Security Researcher and have found a vulnerability in our website or ClubBase itself, we appreciate your help in that matter.