Windfall brands needs to gather and use certain information about individuals for the day to day running of the business. This includes customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact.
This policy will describe how this personal data must be collected, handled and stored to meet the company’s data protection standards and to comply with the law.
Why this policy exists
This data protection policy ensures Windfall Brands:
- Complies with data protection law and follows good practice
- Protects the rights of staff, customers and partners
- Is open about how it stores and processes individuals’ data
- Protects itself from the risks of a data breach
Data Protection Law
The Data Protection Act 1998 describes how organisations must collect, handle and store personal information.
These rules apply regardless of whether data is stored electronically, on paper or on other materials.
To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.
This policy applies to:
- All staff and volunteers of Windfall Brands
- All contractors and any other people working on behalf of Windfall Brands
This applies to all data that the company holds relating to individuals. This includes:
- Names of individuals
- Postal addresses
- Email addresses
- Telephone numbers
- And any other information relating to an individual
Data Protection Risks
This policy helps to protect Windfall Brands from some very real data security risks, including:
- Breaches of confidentiality, information being given out inappropriately.
- Failing to offer choice, all individuals should be free to choose how the company uses data relating to them.
- Reputational damage, the company could suffer if hackers successfully gained access to sensitive data.
When data is stored electronically, it must be protected from unauthorised access.
- Data is to be protected by strong passwords.
- Data is to be stored only on designated drives and servers and should only be uploaded to approved cloud computing services. Windfall brands will only store information on Zoho CRM and LiveDrive, both to be secured by employee passwords.
- Data is to be backed up frequently. Those backups should be tested regularly, in line with company’s standard backup procedures.
The law requires Windfall Brands to take reasonable steps to ensure data is kept accurate and up to date.
The more important it is that the personal data is accurate, the greater the effort Windfall Brands should put into ensuring its accuracy.
It is the responsibility of all employees who work with data to take reasonable steps to ensure it is kept as accurate and up to date as possible.
- Data is to be held in as few places as possible. Windfall Brands contacts are held on the CRM data base. Additionally, telephone numbers will be held on the account holders business phone which is locked with a passcode.
- Staff should take every opportunity to ensure data is updated.
- Data is updated as inaccuracies are discovered. For instance, if a customer can no longer be reached on their stored telephone number or email address, it should be removed from the database.
Subject Access Requests
All individuals who are the subject of personal data held by Windfall Brands are entitled to:
- Ask what information the company holds about them and why.
- Be informed how to keep it up to date.
- Be informed how the company is meeting data protection obligations.
Please contact firstname.lastname@example.org with any enquires.