Personal data is of no value to Excelsior Research Pvt Ltd unless the business can make use of it. However, it is when personal data is accessed and used that it can be at the greatest risk of loss, corruption or theft:.
•When working with personal data, employees should ensure the screens of their computers are always locked when left unattended.
•Personal data should not be shared informally. In particular, it should never be sent by email, as this form of communication is not secure.
•Data must be encrypted before being transferred electronically. The IT manager can explain how to send data to authorised external contacts.
•Personal data should never be transferred outside of the European Economic Area.
•Employees should not save copies of personal data to their own computers.
Always access and update the central copy of any data.
The law requires Excelsior Research Pvt Ltd to take reasonable steps to ensure data is kept accurate and up to date.
The more important it is that the personal data is accurate, the greater the effort Excelsior Research Pvt Ltd should put into ensuring its accuracy.
It is the responsibility of all employees who work with data to take reasonable steps to ensure it is kept as accurate and up to date as possible..
•Data will be held in as few places as necessary. Staff should not create any unnecessary additional data sets..
•Staff should take every opportunity to ensure data is updated. For instance, by confirming a customer’s details when they call.
•Excelsior Research Pvt Ltd will make it easy for data subjects to update the information.Excelsior Research Pvt Ltd holds about them. For instance, via the company website.
•Data should be updated as inaccuracies are discovered. For instance, if a customer can no longer be reached on their stored telephone number, it should be removed from the database.
•It is the marketing manager’s responsibility to ensure marketing databases are checked against industry suppression files every six months.
SUBJECT ACCESS REQUEST
All individuals who are the subject of personal data held by Excelsior Research Pvt Ltd are entitled to:
•Ask what information the company holds about them and why.
•Ask how to gain access to it.
•Be informed how to keep it up to date.
•Be informed how the company is meeting its data protection obligations.
If an individual contacts the company requesting this information, this is called a subject access request.
Subject access requests from individuals should be made by email, addressed to the data controller at firstname.lastname@example.org. The data controller can supply a standard request form, although individuals do not have to use this.
The data controller will aim to provide the relevant data within 14 days.
The data controller will always verify the identity of anyone making a subject access request before handing over any information.