Security Policy

Last updated: February 2026

Japan Food Express is committed to protecting its systems, website, and business information from unauthorised access, misuse, loss, or disruption.

This Security Policy explains how security is managed within the Japan Food Express group, including:

  • Japan Food Express Ltd (UK)

  • Japan Food Express GmbH (Germany)

1. Scope

This policy applies to:

  • Website operations

  • Customer and supplier data

  • Internal business systems

  • Communication systems

  • Operational logistics data

Security controls are proportionate to the size, nature, and risk profile of our business activities.

2. Website Security

  • Our website is hosted on Squarespace.

  • SSL encryption protects data transmitted between users and our servers.

  • Access to the Squarespace CMS is restricted to authorised personnel only.

  • Secure authentication methods and strong password practices are enforced.

  • Platform security updates are maintained through the hosting provider.

We do not use behavioural tracking or analytics tools that collect profiling data.

3. Data Access Control

  • Access to personal and commercial data is limited strictly to authorised personnel.

  • Access is granted based on operational necessity.

  • Devices used for business purposes are password protected.

  • Data is stored in access-controlled systems.

4. Payment Security

Where payment processing is required:

  • Transactions are handled by PCI-DSS compliant payment providers.

  • We do not store full payment card details.

  • Payment data is processed through secure third-party gateways.

5. Cross-Border Operations (UK–Germany)

Operational data may be accessed by authorised personnel in the UK or Germany where necessary for legitimate business purposes.

Such access is managed in accordance with applicable UK GDPR or EU GDPR requirements.

No uncontrolled international data transfers are conducted.

6. Email and Communication Security

  • Business email accounts are protected by secure authentication.

  • Sensitive information is not requested via unsecured channels.

  • We will not request passwords or full payment details via email.

  • Suspicious communications should be reported to: info@japanfoodexpress.co.uk

7. Physical and Operational Security

  • Warehousing and operational facilities apply appropriate access controls.

  • Inventory handling procedures are designed to minimise loss or contamination risks.

  • Business devices are secured against unauthorised access.

8. Backup and Continuity

  • Operational data is backed up via secure hosting environments.

  • Systems are monitored for stability and integrity.

  • Business continuity measures are proportionate to operational scale.

9. Incident Management

Any suspected data breach or security incident is investigated promptly.

Where legally required:

  • UK incidents are reported to the Information Commissioner’s Office (ICO).

  • German incidents are reported to the relevant supervisory authority.

Affected individuals will be notified where required by law.

10. Third-Party Providers

We carefully select service providers (hosting, IT, logistics, payment processing) that maintain appropriate security standards.

Third-party relationships are reviewed to ensure reasonable safeguards are in place.

11. Continuous Improvement

Security measures are periodically reviewed and updated to reflect:

  • Emerging cyber risks

  • Operational changes

  • Regulatory developments

12. Contact

For security-related enquiries:

info@japanfoodexpress.co.uk