Possession and Control
We act as your trusted partner in safeguarding your organisations data and commit to ensuring, as your data processor, that we look after your data in a manner that ensures you are in control, applying the very best industry standards.
The subject of data management is a complex one with lots of detail. This document is intended to cover the key areas that you, as our client, are likely to be interested in. Of course if you need more information, please just get in touch.
We fully support the ‘Possession and Control’ concept. That is to say, if you are not in possession of your data, are you in control? The contract that we commit to provides the legal foundation to ensure that you can answer “Yes” to this question. But you will also need evidence that, not only are we legally committed to protecting your data, but we have the robust infrastructure and processes to support it.
Third-Party Data Processor
We believe there are two major considerations when engaging any third-party data processor:
- That your data is safe from being accessed by anyone who should not have access
- That we only do what you ask us to do with your data
In line with best practice we categorise our data in 3 ways:
In addition to the data categories we also have different levels of employee or contractor
We recognise that your customer database and related sales information is an important asset to you. We also understand that, as a company, we operate across multiple territories that have different state legislation requirements. To help us manage this we categorise all data in our possession into 3 distinct levels.
- Open Data: This data contains no commercially confidential information nor any personal identifiable. For example, this might be a benchmark or data that is aggregated at a geographical level with enough organisations to make your data inseparable from all the other data. Importantly any Open Data can not be reversed engineered
- Safeguarded Data: This data category can contain either confidential information about your organisation that can be attributed to you, data that could potentially reveal the identity of some of your patrons even though this category of data does not allow for explicit personal information (e.g. names, addresses, emails etc). It’s also possible that this data category could contain both.
- Controlled Data: This category of data contains explicit contact details of your patrons. Any data that contains PII (Personally Identifiable Information) will always be categorised as “Controlled Data”.