Data Protection Policy & Procedure



Similar documents
DisplayNote Technologies Limited Data Protection Policy July 2014

Personal Data Security Breach Management Policy

Internet and Policy User s Guide

Plus500CY Ltd. Statement on Privacy and Cookie Policy

WHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy.

Remote Working (Policy & Procedure)

First Global Data Corp.

Key Steps for Organizations in Responding to Privacy Breaches

GUIDANCE FOR BUSINESS ASSOCIATES

In addition to assisting with the disaster planning process, it is hoped this document will also::

Data Protection Act Data security breach management

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

VCU Payment Card Policy

Privacy and Security Training Policy (PS.Pol.051)

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company,

FINANCIAL OPTIONS. 2. For non-insured patients, payment is due on the day of service.

Process for Responding to Privacy Breaches

We will record and prepare documents based off the information presented

How To Ensure Your Health Care Is Safe

UNIVERSAL MUSIC GROUP PRIVACY POLICY. Universal Music AB ("We") are committed to protecting and respecting your privacy.

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM

Corporate Standards for data quality and the collation of data for external presentation

SPENCER STUART CANDIDATE DATA PROTECTION STANDARDS

Privacy Plicy Welcme, Sensati & JHI

Malpractice and Maladministration Policy

HIPAA Notice of Privacy Practices. Central Ohio Surgical Associates, Inc.

TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY

Cloud-based File Sharing: Privacy and Security Tutorial Institutional Compliance Office July 2013

NSW FAIR TRADING. Real Estate Fraud Prevention Guidelines

Accessible Service Policy

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS

Letter of Engagement. as instructed from time to time in respect of your/the company/trusts affairs

Legal Issues Bulletin

Westpac Business Online Terms and Conditions

New York Institute of Technology Faculty and Staff Retention Policy

Odyssey Systems Ltd, 3 Lockheed Court, Preston Farm, Stockton on Tees, TS18 3SH

Information Services Hosting Arrangements

Privacy Breach and Complaint Protocol

Internet and Social Media Solicitations: Wise Giving Tips

RQ10.06 AACo Share Trading Policy

Information Security Policy

Corporations Q&A. Shareholders Edward R. Alexander, Jr.

7 October Re: Themed Inspection into Third Party Personal Injury Claims. Dear

ensure that all users understand how mobile phones supplied by the council should and should not be used.

B Bard Video Games - Cnflict F interest

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer

Cell Phone & Data Access Policy Frequently Asked Questions

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions

Yur Infrmatin technlgy Security Plicy

Project Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES

Consumer Complaint Roadmap

GOVERNORS PHARMACY HIPAA NOTICE OF PRIVACY PRACTICES For Your Protected Health Information

Online Banking Agreement

POLICIES AND PROCEDURES

COMPREHENSIVE SAFETY ASSESSMENT INSTRUCTIONS for STUDY ABROAD PROGRAMS

APPLICATION FORM FOR DIGITAL TACHOGRAPH DRIVER CARD

Christchurch Polytechnic Institute of Technology Access Control Security Standard

Often people have questions about new or enhanced services. This is a list of commonly asked questions and answers regarding our new WebMail format.

Frequently Asked Questions About I-9 Compliance

For students to participate in BYOD please follow these two steps

EA-POL-015 Enterprise Architecture - Encryption Policy

IT Account and Access Procedure

Transcription:

Data Prtectin Plicy & Prcedure Page 1 Prcnnect Marketing Data Prtectin Plicy V1.2

Data prtectin plicy Cntext and verview Key details Plicy prepared by: Adam Haycck Apprved by bard / management n: 01/01/2015 Plicy became peratinal n: 01/01/2015 Next review date: 01/01/2016 Intrductin Prcnnect Marketing needs t gather and use certain infrmatin abut individuals. These can include custmers, suppliers, business cntacts, emplyees and ther peple the rganisatin has a relatinship with r may need t cntact. This plicy describes hw this persnal data must be cllected, handled and stred t meet the cmpany s data prtectin standards and t cmply with the law. Why this plicy exists This data prtectin plicy ensures Prcnnect Marketing: Cmplies with data prtectin law and fllw gd practice Prtects the rights f staff, custmers and partners Is pen abut hw it stres and prcesses individuals data Prtects itself frm the risks f a data breach Data prtectin law The Data Prtectin Act 1998 describes hw rganisatins including Prcnnect Marketing must cllect, handle and stre persnal infrmatin. These rules apply regardless f whether data is stred electrnically, n paper r n ther materials. T cmply with the law, persnal infrmatin must be cllected and used fairly, stred safely and nt disclsed unlawfully. The Data Prtectin Act is underpinned by eight imprtant principles. These say that persnal data must: Page 2 Prcnnect Marketing Data Prtectin Plicy V1.2

1. Be prcessed fairly and lawfully 2. Be btained nly fr specific, lawful purpses 3. Be adequate, relevant and nt excessive 4. Be accurate and kept up t date 5. Nt be held fr any lnger than necessary 6. Prcessed in accrdance with the rights f data subjects 7. Be prtected in apprpriate ways 8. Nt be transferred utside the Eurpean Ecnmic Area (EEA), unless that cuntry r territry als ensures an adequate level f prtectin Peple, risks and respnsibilities Plicy scpe This plicy applies t: The head ffice f Prcnnect Marketing All branches f Prcnnect Marketing All staff and vlunteers f Prcnnect Marketing All cntractrs, suppliers and ther peple wrking n behalf f Prcnnect Marketing It applies t all data that the cmpany hlds relating t identifiable individuals, even if that infrmatin technically falls utside f the Data Prtectin Act 1998. This can include: Names f individuals Pstal addresses Email addresses Telephne numbers plus any ther infrmatin relating t individuals Data prtectin risks This plicy helps t prtect Prcnnect Marketing frm sme very real data security risks, including: Breaches f cnfidentiality. Fr instance, infrmatin being given ut inapprpriately. Failing t ffer chice. Fr instance, nce, all individuals shuld be free t chse hw the cmpany uses data relating t them. Reputatinal damage. Fr instance, the cmpany culd suffer if hackers successfully gained access t sensitive data. Respnsibilities Page 3 Prcnnect Marketing Data Prtectin Plicy V1.2

Everyne wh wrks fr r with Prcnnect Marketing has sme respnsibility fr ensuring data is cllected, stred and handled apprpriately. Each team that handles persnal data must ensure that it is handled and prcessed in line with this plicy and data prtectin principles. Hwever, these peple have key areas f respnsibility: The bard f directrs is ultimately respnsible fr ensuring that Prcnnect Marketing meets its legal bligatins. The Data Prtectin Officer, Barry Raymnd, is respnsible fr: Keeping the bard updated abut data prtectin respnsibilities, risks and issues. Reviewing all data prtectin prcedures and related plicies, in line with an agreed schedule. Arranging data prtectin training and advice fr the peple cvered by this plicy. Handling data prtectin questins frm staff and anyne else cvered by this plicy. Dealing with requests frm individuals t see the data Prcnnect Marketing hlds abut them (als called subject access requests ). Checking and apprving any cntracts r agreements with third parties that may handle the cmpany s sensitive data. The IT manager, Adam Haycck, is respnsible fr: Ensuring all systems, services and equipment used fr string data meet acceptable security standards. Perfrming regular checks and scans t ensure security hardware and sftware is functining prperly. Evaluating any third-party services the cmpany is cnsidering using t stre r prcess data. Fr instance, clud cmputing services. The Marketing Manager, Adam Haycck, is respnsible fr: Apprving any data prtectin statements attached t cmmunicatins such as emails and letters. Addressing any data prtectin queries frm jurnalists r media utlets like newspapers. Where necessary, wrking with ther staff t ensure marketing initiatives abide by data prtectin principles. General staff guidelines Page 4 Prcnnect Marketing Data Prtectin Plicy V1.2

The nly peple able t access data cvered by this plicy shuld be thse wh need it fr their wrk. Data shuld nt be shared infrmally.. When access t cnfidential infrmatin is required, emplyees can request it frm their line managers. Prcnnect Marketing will prvide training t all emplyees t help them understand their respnsibilities when handling data. Emplyees shuld keep all data secure, by taking sensible precautins and fllwing the guidelines belw. In particular, strng passwrds must be used and they shuld never be shared. Persnal data shuld nt be disclsed t unauthrised peple, either within the cmpany r externally. Data shuld be regularly reviewed and updated if it is fund t be ut f date. If n lnger required, it shuld be deleted and dispsed f. Emplyees shuld request help frm their line manager r the data prtectin fficer if they are unsure abut any aspect f data prtectin. Data strage These rules describe hw and where data shuld be safely stred. Questins abut string data safely can be directed t the IT manager r data cntrller. When data is stred n paper, it shuld be kept in a secure place where unauthrised peple cannt see it. These guidelines als apply t data that is usually stred electrnically but has been printed ut fr sme reasn: When nt required, the paper r files shuld be kept in a lcked drawer r filing cabinet. Emplyees shuld make sure paper and printuts are nt left where unauthrised peple culd see them, like n a printer. Data printuts and paperwrk shuld be shredded and dispsed f securely when n lnger required. When data is stred electrnically, it must be prtected frm unauthrised access, accidental deletin and malicius hacking attempts: Page 5 Prcnnect Marketing Data Prtectin Plicy V1.2

Data shuld be prtected by strng passwrds that are changed regularly and never shared between emplyees. If data is stred n remvable media (like a CD r DVD), these shuld be kept lcked away securely when nt being used. Data shuld nly be stred n designated drives and servers,, and shuld nly be upladed t an apprved clud cmputing services. Servers cntaining persnal data shuld be sited in a secure lcatin, away frm general ffice space. Data shuld be backed up frequently.. Thse backups shuld be tested regularly, in line with the cmpany s standard backup prcedures. Data shuld never be saved directly t laptps r ther mbile devices like tablets r smart phnes. All servers and cmputers cntaining data shuld be prtected by apprved security sftware and a firewall. Data use Persnal data is f n value t Prcnnect Marketing unless the business can make use f it. Hwever, it is when persnal data is accessed and used that it can be at the greatest risk f lss, crruptin r theft: When wrking with persnal data, emplyees shuld ensure the screens f their cmputers are always lcked when left unattended. Persnal data shuld nt be shared infrmally. In particular, it shuld never be sent by email, as this frm f cmmunicatin is nt secure. Data must be encrypted befre being transferred electrnically.. The IT manager can explain hw t send data t authrised external cntacts. Persnal data shuld never be transferred utside f the Eurpean Ecnmic Area. Emplyees shuld nt save cpies f persnal data t their wn cmputers. Always access and update the central cpy f any data. Data accuracy The law requires Prcnnect Marketing t take reasnable steps t ensure data is kept accurate and up t date. Page 6 Prcnnect Marketing Data Prtectin Plicy V1.2

The mre imprtant it is that the persnal data is accurate, the greater the effrt Prcnnect Marketing shuld put int ensuring its accuracy. It is the respnsibility f all emplyees wh wrk with data t take reasnable steps t ensure it is kept as accurate and up t date as pssible. Data will be held in as few places as necessary.. Staff shuld nt create any unnecessary additinal data sets. Staff shuld take every pprtunity t ensure data is updated. Fr instance, by cnfirming a custmer s details when they call. Prcnnect Marketing will make it easy fr data subjects t update the infrmatin Prcnnect Marketing hlds abut them. Fr instance, via the cmpany website. Data shuld be updated as inaccuracies are discvered.. Fr instance, if a custmer can n lnger be reached n their stred telephne number, it shuld be remved frm the database. It is the marketing manager s respnsibility t ensure marketing databases are checked against industry suppressin files every 28 days. Subject access requests All individuals wh are the subject f persnal data held by Prcnnect Marketing are entitled t: Ask what infrmatin the cmpany hlds abut them and why. Ask hw t gain access t it. Be infrmed hw t keep it up t date. Be infrmed hw the cmpany is meeting its data prtectin bligatins. If an individual cntacts the cmpany requesting this infrmatin, this is called a subject access request. Subject access requests frm individuals duals shuld be made by email, addressed t the data cntrller at inf@prcnnectmarketing.c.uk.. The data cntrller can supply a standard request frm, althugh individuals d nt have t use this. Individuals will be charged 10 per subject access request. est. The data cntrller will aim t prvide the relevant data within 14 days. The data cntrller will always verify the identity f anyne making a subject access request befre handing ver any infrmatin. Page 7 Prcnnect Marketing Data Prtectin Plicy V1.2

Disclsing data fr ther reasns In certain circumstances, the Data Prtectin Act allws persnal data t be disclsed t law enfrcement agencies withut the cnsent f the data subject. Under these circumstances, Prcnnect Marketing will disclse requested data. Hwever, the data cntrller will l ensure the request is legitimate, seeking assistance frm the bard and frm the cmpany s legal advisers where necessary. Prviding infrmatin Prcnnect Marketing aims t ensure that individuals are aware that their data is being prcessed, and that they understand: Hw the data is being used Hw t exercise their rights T these ends, the cmpany has a privacy statement, setting ut hw data relating t individuals is used by the cmpany. Page 8 Prcnnect Marketing Data Prtectin Plicy V1.2

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information