Data protection policy
Context and overview Key details Policy prepared by: R Software Solution Approved by board / management on: 1st May 2018 Policy became operational on: 1st May 2018 Next review date: 1st May 2019
Introduction R Software SOlution needs to gather and use certain information about individuals. These can include customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact. This policy describes how this personal data must be collected, handled and stored to meet the company’s data protection standards � and to comply with the law.
Why this policy exists
h3> This data protection policy ensures R Software Solution: Complies with data protection law and follow good practice Protects the rights of staff, customers and partners Is open about how it stores and processes individuals’ data Protects itself from the risks of a data breach
These rules describe how and where data should be safely stored. Questions about storing data safely can be directed to the IT manager or data controller. When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it.
These guidelines also apply to data that is usually stored electronically but has been printed out for some reason: When not required, the paper or files should be kept in a locked drawer or filing cabinet. Employees should make sure paper and printouts are not left where unauthorised people could see them, like on a printer. Data printouts should be shredded and disposed of securely when no longer required. When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts:
Data should be protected by strong passwords that are changed regularly and never shared between employees. If data is stored on removable media (like a CD or DVD), these should be kept locked away securely when not being used. Data should only be stored on designated drives and servers, and should only be uploaded to an approved cloud computing services. Servers containing personal data should be sited in a secure location, away from general office space. Data should be backed up frequently. Those backups should be tested regularly, in line with the company’s standard backup procedures. Data should never be saved directly to laptops or other mobile devices like tablets or smart phones. All servers and computers containing data should be protected by approvedsecurity software and a firewall.
Personal data is of no value to R Software Solution unless the business can make use of it. However, it is when personal data is accessed and used that it can be at the greatest risk of loss, corruption or theft: When working with personal data, employees should ensure the screens of their computers are always locked when left unattended. Personal data should not be shared informally. In particular, it should never be sent by email, as this form of communication is not secure. Data must be encrypted before being transferred electronically. The IT manager can explain how to send data to authorised external contacts. Personal data should never be transferred outside of the European Economic Area. Employees should not save copies of personal data to their own computers. Always access and update the central copy of any data.
The personal data we collect from you will be used for the following purposes:
To send marketing emails displaying discounts and offers To process your orders To respond to complaints and enquiries To keep you informed regarding any new products or services that may be of interest to you To record order history to see what you might enjoy in the future This data is held on our Website and in MailcChimp