Our Approach to Data Protection and Information Management
This policy sets out Call Me Sunday’s data protection and information management approach, including how we manage confidential information and the precautions we take to keep information secure. The person responsible for this policy is Mary Donné.
Protection and Security of Confidential Information
Confidential information will not be passed to anyone outside the company save with the consent of the client (where appropriate) or where client confidentiality does not apply when that is reasonably necessary for normal business purposes.
All client identification information in publications and publicity material will be removed unless clients have consented.
Retention and Disposal of Information
We retain information for periods that reflect our data protection obligation not to keep personal data for longer than is necessary, and also our statutory, regulatory and business needs to keep records. Thereafter information is disposed of securely, by shredding, electronic deletion, or otherwise as appropriate.
Procedures to Manage User Accounts
User accounts are managed by Mary Donné. User accounts can be disabled at any time, for example on discovering a breach of security. Staff responsible for the management of payments are only recruited or assigned to that function after passing suitable background checks, including taking references and the verification of claimed qualifications.
Procedures to Detect and Remove Malicious Software
If, despite the precautions described elsewhere malicious software (malware) is present on the system this should be detected by the company's anti-virus software. It is then the responsibility of the company's IT contractors to remove the malware, according to the nature of the threat and industry standard procedures at the relevant time.
Register of Software Used by the Company
The company currently uses the following software:
Visio Studio Code
Updating and Monitoring of Software
All software used by the company is supported by external software suppliers who issue routine updates from time to time. The Director must decide whether and when updated versions are to be installed or new or better software should be obtained.