Weblytica LLC needs to gather and use certain information about individuals.
These can include customers, suppliers, business contacts, employees and other people the organization has a relationship with or may need to contact.
This Data Protection Policy describes how this personal data must be collected, handled and stored to meet the company’s data protection standards.
2. Why This Data Protection Policy Exists
This data protection policy ensures Weblytica LLC:
- Follows good data protection practices
- Protects the rights of staff, customers and partners
- Is open about how it stores and processes individuals’ data, and
- Protects itself from the risks of a data breach
3. Data Protection Policy Scope
This policy applies to:
- All staff and volunteers of Weblytica LLC
- All contractors, suppliers and other people working on behalf of Weblytica LLC
It applies to all data that the company holds relating to identifiable individuals. This can include:
- Names of individuals
- Postal addresses
- Email addresses
- Telephone numbers
- …plus any other information relating to individuals
4. Data Protection Risks
This policy helps to protect Weblytica LLC from some very real data security risks, including:
- Breaches of Confidentiality
- Failing to Offer Choice
- Reputational Damage
Everyone who works for or with Weblytica LLC has some responsibility for ensuring data is collected, stored and handled appropriately.
Each team that handles personal data must ensure that it is handled and processed in line with this policy and data protection principles.
Key areas of responsibility:
- Dealing with requests from individuals to see the data Weblytica LLC holds about them.
- Checking and approving any contracts or agreements with third parties that may handle the company’s sensitive data.
- Ensuring all systems, services and equipment used for storing data meet acceptable security standards.
- Performing regular checks and scans to ensure security hardware and software is functioning properly.
- Evaluating any third‐party services the company is considering using to store or process data.
- Approving any data protection statements attached to communications such as emails and letters.
- Where necessary, to ensure marketing initiatives abide by data protection principles.
6. General Team Guidelines
- Data should not be shared informally; the only people able to access data covered by this policy should be those who need it for their work.
- Weblytica LLC will provide training to all employees to help them understand their responsibilities when handling data.
Employees should keep all data secure, by taking sensible precautions and following the guidelines below.
- Strong passwords must be used and they should never be shared.
- Personal data should not be disclosed to unauthorised people, either within the company or externally.
- Data should be regularly reviewed and updated if it is found to be out of date.
- If data is no longer required, it should be deleted and disposed of.
7. Data Storage
These rules describe how and where data should be safely stored.
- Storing data on paper should be avoided. When data is stored on paper, it should be kept in a secure place where unauthorized people cannot see it.
- When data is stored electronically, it must be protected from unauthorized access, accidental deletion and malicious hacking attempts.
- Data should be protected by strong passwords that are changed regularly and never shared between employees.
- If data is stored on removable media (like a CD or DVD), these should be kept locked away securely when not being used.
- Data should only be stored on designated drives and servers, and should only be uploaded to an approved cloud computing services.
- Hardware containing personal data should be stored in a secure location.
- Hardware containing data should be protected by appropriate measures.
- Data should be backed up frequently. Those backups should be tested regularly.
8. Data Use
Personal data is of no value to Weblytica LLC unless the business can make use of it.
However, it is when personal data is accessed and used that it can be at the greatest risk of loss, corruption or theft:
- When working with personal data, employees should ensure data security.
- Personal data should not be shared informally.
- Data must be transferred electronically in appropriate ways.
9. Data Accuracy
- Weblytica LLC will take reasonable steps to ensure data is kept accurate and up to date.
- Weblytica LLC will take reasonable steps to store data in as few places as necessary.
- Weblytica LLC will make reasonable efforts to ensure data is updated.
- Weblytica LLC will make reasonable efforts to make it it easy for individuals to update the information Weblytica LLC holds about them.
- Weblytica LLC will make reasonable efforts to update data as inaccuracies are discovered.
10. Subject Access Requests
All individuals who are the subject of personal data held by Weblytica LLC are entitled to:
- Ask what information the company holds about them and why.
- Ask how to gain access to it.
- Be informed how to keep it up to date.
- Be informed how the company is meeting its data protection obligations.
- If an individual contacts the company requesting this information, this is called a subject access request.
Subject access requests from individuals should be made by email, addressed to the data controller.
The data controller will aim to provide the relevant data within 30 days.
The data controller will always verify the identity of anyone making a subject access request before providing any information.
11. Disclosing Data For Other Reasons
When required by law or a court order, personal data to be disclosed to law enforcement agencies without the consent of the data subject. Under these circumstances, Weblytica LLC will disclose requested data. However, the data controller will ensure the request is legitimate, seeking assistance from the board and from the company’s legal advisers where necessary.