You can call us on
Data security policy
The Firm carries out a data protection risk assessment to assess the risks posed by its processing activities and implements mitigation strategies to control the risk(s). The Firm’s data protection risk assessment enables it to identify vulnerabilities and ensure that it implements adequate organizational and technical measures to ensure the security of the personal data it processes.
The Firm carries out pre-recruitment vetting on all staff that will handle personal data as part of their role. The Firm’s pre-recruitment checks will confirm the identity of the candidate and ascertain whether the prospective staff is of good character in order to entrust them with the processing activity.
The Firm’s staff are under a duty of confidentiality which forms part of their employment contract with the Firm.
The Firm provides relevant staff with data protection training to ensure adequate awareness of data protection. Data protection staff training is provided upon induction and on a refresher basis. The data protection training covers:
The Firm only gives its staff access to personal data that they require to carry out their job.
Personal data that is kept in a physical form is securely stored away out of plain sight when not in use. Only authorised personnel have access to personal data.
Physical devices such as computers that are used to process personal data are located in secure parts of the Firm’s premises. Access to the physical devices is only permitted to authorised persons.
The Firm endeavors to position computer devices that are used to process personal data with its screens facing away from any windows so that they cannot be viewed by passers-by.
The Firm’s premises is kept secure by only allowing authorised personnel to access the Firm’s office space(s) where personal data is stored. When any third parties such as cleaners access the Firm’s office space the Firm ensures that all physical records containing personal data are securely stored away from sight.
The Firm’s office is locked out of hours and is secure.
The Firm installs a firewall to protect its network and systems from unauthorised access.
Where possible the Firm will install anti-malware software to protect its network from malware, ransomware, and rootkit.
Where possible, the Firm will operate an internet gateway that restricts the websites and online services that staff can access whilst at work.
The Firm installs antivirus software to detect and destroy computer viruses.
The Firm’s operating systems are set up to receive automatic updates which include the latest patches and security updates to cover vulnerabilities.
The Firm will remove any unused software and services from the devices it uses to process personal data. This is to reduce the number of potential vulnerabilities.
The Firm secures any personal data which carries the risk of causing harm to the data subject if they were compromised (e.g. financial data, health data). The Firm considers the following security measures:
The Firm will consider using a secure server that guarantees secure online transactions (i.e. access) to the Firm’s network.
The Firm will consider, based on the content of emails, whether certain emails containing sensitive personal data should be encrypted or password protected.
Access into the Firm’s network and systems is password protected. The Firm encourages staff to use strong passwords which contain a combination of upper and lower case, numbers and special characters. Where possible, the Firm will enforce regular password changes.
Passwords are canceled immediately if staff members leave the Firm or are absent for long periods (e.g. maternity or paternity leave).
Staff is prohibited from sharing passwords that control their personal access into the Firm’s network and/or systems.
Where possible the Firm will make provision for a visitor/guest WiFi to prohibit visitors from using the Firm’s network.
The Firm will limit the number of failed login attempts into its network and systems.
Where the Firm uses third-party processors it will ensure adequate protection of personal data it is responsible for by entering into a written agreement with the processor which includes data protection clauses.
The Firm ensures that it deletes the personal data or destroys the hard drive on any of its computer devices that is used to process personal data before disposing of the device.
Physical records containing personal data are disposed of in the confidential waste bin or shredded.
The Firm regularly backs up the personal data on its computer system(s) and keeps them in a separate place. Where possible, the Firm’s back-ups will be stored so that it is not visible to the rest of the network.
Where possible, the Firm’s servers will be located in a separate room with controlled access. Where possible, at least one of the Firm’s backup servers will be located offsite.
Back-up devices such as CDs and USBs will be locked away when not in use.
Register today for free access to:
Discover whats inside for trade customers...
24/7 Online Ordering
With trade hub you can order any product online 24/7 from any device.
Order & Quote Management
You can also access old quotes and orders.
A wealth of literature is available on request to assist with your sales.