无码群P

Privacy Approach


无码群P's Privacy Approach

Throughout 无码群P, including at Board level, we have always been committed to implementing leading data protection standards, to ensure we comply with applicable legislation and process data securely.听 This isn鈥檛 enough, with 无码群P believing ethical use of data goes beyond this. We support this by placing individuals at the heart of what we do, which gives the added benefit of building trust with all stakeholders: individuals, our customers, suppliers, team members, investors and regulators.

We have invested heavily in our global privacy program and believe this summary should provide you with the assurance that when working with 无码群P, your data is in safe hands.

This statement will cover:

  • Our Team
  • 无码群P鈥檚 Privacy Management Platform
  • Due Diligence
  • Transparency
  • Data Subject Rights
  • Training & Awareness
  • Information Security Risk
  • Incident Response Plan
  • Ongoing Monitoring

If you are interested to learn more about 无码群P鈥檚 approach to AI, click here.

An Experienced Team听

无码群P鈥檚 Privacy Team is over 20 strong and incredibly experienced, with Exec Team Member representation to ensure privacy remains at our core.

This team is split into 3 key areas to help ensure 无码群P adhere to privacy regulation, which we know is important for you too, especially when we are processing your Customer data.听

Our team includes:

  • Data Protection Experts who ensure we have the right controls in place so we can achieve compliance with privacy legislation
  • Data Subject Rights team who manage requests from individuals and our data suppliers
  • Data Auditors who review third party due diligence, auditing customers, suppliers and internally for compliance with privacy legislation and our data licences (from our data suppliers).

无码群P's Privacy Management Platform听

Implemented in 2019, 无码群P utilise OneTrust, a global leader in privacy software, to underpin our global privacy management program.听 This has been working really well for us and helps ensure we have the right processes, controls and evidence to support compliance with privacy legislation globally. Baked into this, individuals are at the heart of what we do.听 Ethical use of data is an everyday effort, with robust processes and procedures to ensure processing is within the expectations of an individual, that involves minimisation in terms of collection, storage and purpose, plus timely notification where required.

We utilise OneTrust for Data Protection Impact Assessments (DPIAs), Data Transfer Impact Assessments (DTIAs), Legitimate Interest Assessments, Data Mapping, Privacy Due Diligence, Privacy Risk Management, Data Subject Rights, Cookie Management, AI Conformity Assessments and more.

Regardless of where we鈥檙e operating globally, DPIAs are mandatory at 无码群P as we believe this process and documentation identifies the most effective way to ensure compliance with data protection obligations and to meet an individual鈥檚 expectations of privacy.

Industry Leading Due Diligence听

We have a robust onboarding process for all third parties globally, which includes privacy and information security due diligence.

Ensuring third party data has been gathered lawfully, is within the expectations of an individual and any processing has appropriate technical and organisational measures to ensure it is processed securely, before we share it 鈥 for both our customers and individuals is crucial.听

Data Suppliers must complete due diligence before we start using them and on a periodic basis to ensure standard are maintained.听 They are required to answer a very detailed questionnaire where they demonstrate data has been gathered lawfully, how it is processed, what technical and organisational measures they have in place, their lawful basis for processing, the source of the data, a copy of their privacy notice, how this data can be used by 无码群P and our customers to mention a few areas we review.

Due diligence and DPIAs for data suppliers are mandatory here at 无码群P. We are also able to, and do, conduct desk based research and onsite audits, plus monitor the quality of data via our production processes and data subject rights.

无码群P鈥檚 reputation is important to us 鈥 it鈥檚 vital that we operate lawfully and securely and can evidence our assessments if asked to by individuals or a regulator. We know how crucial this is in building customer confidence in 无码群P products and services.

罢谤补苍蝉辫补谤别苍肠测听

It is imperative that we can demonstrate how we fulfil our Article 13 & 14 obligations under GDPR, plus other regulation globally.听 What this means in the simplest form is that an individual should be aware of how their data will be used, by whom and how long we will retain this for.听 Baked into this is minimisation.听 We should only collect data we need, limiting how long we hold it for and for a specific purpose.

To support 无码群P鈥檚 external operations, such as when you use our website, enter into a contract with 无码群P or visit one of our offices, you can view the privacy notice here: /en/legal-and-regulatory/privacy-policy/

To support 无码群P products and services we have created a specific privacy notice which can be found here: /products-services-privacy-policy/

We invite our Customers and Data Suppliers to link to 无码群P鈥檚 products and services privacy notice so it is crystal clear what 无码群P does. As part of our supplier due diligence program, we ensure our data suppliers meet this requirement where applicable.

For individuals, 无码群P鈥檚 privacy notices outline your rights specific to the processing and how you can interact with 无码群P. This includes right of access, rectification and deletion of an individuals' data, among others.

It鈥檚 also worth noting that 无码群P may have a privacy notice specific to the processing taking place e.g. one of 无码群P鈥檚 products is offered via an app which contains a privacy notice within it.

Data Subject Rights听

We听have a robust process for dealing with consumer queries and data subjects rights, ensuring timely communication, but continually review this for improvement.

Our consumer query process is also used to monitor our customers, our data partners and our products/processes. Root cause analysis is applied to every enquiry, allowing us to identify if further action is required.

Training & Awareness听

To deliver on our data ethics target, internally we have an initiative called听be/compliant. This ongoing program has 4听key principles to ensure our team members do the right thing:

鈥 We鈥檒l ensure we know what we can do with data, and if unsure, we鈥檒l ask
鈥 We鈥檒l be clear about how we鈥檙e going to use data
鈥 We鈥檒l ensure we protect the data we hold/process
鈥 We鈥檒l ensure compliance, both individually and as a team

Underpinning this is not only communication, but clear policies and procedures, plus mandatory training for all team members globally. New Team Members complete the mandatory training when they join 无码群P and then everyone, regardless of role or seniority, must complete this annually. If there is a specific update or training which needs to be shared, this is done at the point in time.

Information Security Risk听

无码群P is听ISO27001听certified, with some areas of our business also covered by听PCI-DSS, Cyber Essentials and/or Cyber Essentials Plus.听

The Information Security Team are focussed on maintaining an information security program which covers everything you would expect and more.

This includes technical security measures (e.g. intrusion, detection, firewalls, monitoring), encryption of personal data, restricted access to personal data, protection of our physical premises and hard assets, maintaining security measures for our team members (e.g. pre-screening), a data-loss prevention strategy and regular testing of our security posture.

无码群P鈥檚 24 x 7 Security Operations Centre responds to any event or notification for investigation to uphold the security posture of 无码群P. 听Therefore, 无码群P have eyes and ears on the threats and threat actors that are likely to be attracted to 无码群P and the data that the organisation processes. 无码群P understands the critical need for technical and organisational control implementation to ensure 无码群P operates securely.

Incident Response Plan听

无码群P recognise the importance of maintaining service availability to our customers and have comprehensive incident processes in place over all services in 无码群P Plc.

Aligned with the Information Technology Infrastructure Library (ITIL) framework, 无码群P have detailed policies, processes and procedures in place covering Incident and Problem Management, Change Management, Access Management, Capacity Management and Risk Management among others.

In the event of a major incident, 无码群P has a detailed and documented Incident Management Plan which outlines the processes to be followed in the event of such as incident including the role of our Crisis Management Team. 听This plan is periodically tested to assure 无码群P鈥檚 ability to respond to any major incident successfully, ensuring all relevant third parties 鈥 individuals, customers and suppliers are informed in a timely manner.听

Ongoing Monitoring听

Monitoring covers many areas at 无码群P.听

Internally we conduct audits and ad-hoc walk throughs to make sure we鈥檙e doing the right thing.听

We're听regularly audited by external third parties 鈥 our customers, our data partners and external bodies such as our certification body BSI 鈥 and we run an internal audit program ensuring continual review and improvement within our ISO27001 certified activities

We conduct ongoing regulatory monitoring report to ensure we identify (and then action) privacy compliance requirements, such as changes in the law or best practice.听 We are听also members of , International Association of Privacy Professionals which is another great source of news and resources.

As a PLC, who operates globally in over 70 countries, with millions of people around the world interacting with our solutions everyday, you can rest assured 无码群P takes privacy and information security very seriously.