Knowledgebase
Trading Software > Help Desk > Knowledgebase

Search help:


General Data Protection Regulation: TSL Policy Document

Solution

GDPR Policy

Organisation

 

Trading Software Limited (TSL)

Reg Co: GB 08934266

 

Scope of policy

 

TSL has no data processors acting in its behalf.

Our policy covers data controlled on our own servers and devices exclusively.

 

Policy operational date

 

1st May 2018

 

Policy prepared by

 

Ben Stevens

 

Date approved by Board/ Management Committee

 

 

 

Policy review date

 

31 March 2021

 

 

 

Introduction

Purpose of policy

 

To:

·         comply with the law

·         protect clients, staff and other individuals

·         protect the TSL

 

Types of data

 

TSL maintains data in the following categories:

 

Customer Specific Data for day to day trading

Customer contact information

Customer specific connectivity credentials

Customer specific trading information

 

Backup copies of customer databases

Including trading data and contact information specific to the ‘controller’ of the database

 

For marketing purposes

Business contact and address information collected manually – ie not purchased from list providers

 

 

 

Policy statement

 

TSL is committed to:

·         complying with both the law and good practice

·         respect individuals’ rights

·         be open and honest with individuals whose data is held

·         provide training and support for staff who handle personal data, so that they can act confidently and consistently

·         Notify the Information Commissioner voluntarily, even if this is not required should a notable event occur

 

Key risks

 

Regarding these 2 key areas:

1) Data getting into the wrong hands.

 All TSL data is held on devices and servers secured with Password Access Control. The TSL network is secured behind standard firewall access control.

  

2) Individuals being harmed through data being inaccurate or insufficient

 TSL assess that this is not a risk inherent in data controlled by the company.

 

 

Responsibilities

The Board / Company Directors

 

Ben Stevens MD

Blue Ramsey Director

 

Data Protection Officer

 

Ben Stevens

 

Specific Department Heads

 

N/A

 

Employees & Volunteers

 

N/A

 

Enforcement

 

N/A

 

 

 

 

Data recording and storage

Accuracy

 

No specific data accuracy checks are explicit in this policy

 

Updating

 

Updates provided by individual customers and other contacts are posted into the TSL controlled dataset

 

Storage

 

TSL maintains no differentiation between types of contact information.

 

Retention periods

 

Backup copies of customer databases are held until the earlier of:

-   The purpose of the data-copy has been fulfilled

-   The controller of the data requests that the copy be deleted

 

Customer specific contact and trading data is retained in accordance with HMRC requirements

 

Marketing contact information is maintained as required with no specific cleansing, archiving or removal policy.

 

Staff and contractor details are maintained in accordance with HMRC requirements

 

Archiving

 

Archive backup copies of TSL specific data are held in accordance with HMRC requirements.

 

 

 

Right of Access

Responsibility

 

TSL will provide an account of all data held against an individual or business within our databases with 28 data of a request being received in writing.

 

Overall responsibility for meeting this obligation fall to:

Ben Stevens

 

Procedure for making request

 

Right of access requests must be in writing.

 

Provision for verifying identity

 

Where an individual requesting information is not known to TSL, proof of eligibility and identity will be required before and data will be released.

 

Examples may be driving licence or passport and/or a verifiable letter of authority provided by the company making the request or about whom the data relates.

 

Charging

 

Data requests are serviced free of charge except where requests are manifestly unfounded or repetitive whereupon an administration fee amounting to £30.00 + VAT will be charged.

 

Procedure for granting access

 

TSL does not currently maintain a ‘self service’ access point for recovering data stored against an individual or organisation.

 

Data provided as part of a data request will be provided in TEXT format, and where appropriate delimited by comma or semicolon.

 

 

 

Transparency

Commitment

 

TSL is committed to ensuring that Data Subjects are aware that their data is being held where the data subject is a customer, employee or contractor.

 

Procedure

 

TSL is a data controller.

Our invoice documents, and terms and conditions maintain references to this document

 

 

Responsibility

 

N/A

 

 

 

Lawful Basis

Underlying principles

 

TSL maintains data in order to trade

 

Opting out

  

N/A

 

Withdrawing consent

 

Consent for TSL to maintain data on a given subject may be withdrawn, but not retrospectively.  There may be occasions where the organisation has no choice but to retain data for a certain length of time, even though consent for using it has been withdrawn

 

 

 

 

Policy review

Responsibility

 

Ben Stevens

 

Procedure

 

N/A

 

 

 

 
Was this article helpful? yes / no
Related articles Data Protection Obligations
Price Lists
Projects Overview
Pricing: Split Pricing Overview
Purchasing: Integration into TSL
Article details
Article ID: 155
Category: TSL Documents
Rating (Votes): Article rated 4.8/5.0 (34)

 
« Go back

 
Powered by Help Desk Software HESK, brought to you by SysAid