This Information Security Policy (“Policy”) is designed to inform interested third parties and customers about the technical and operational measures Liberty has in place to protect Data Subject’s Personal Information and comply with Data Protection Laws.
means such legally enforceable mechanism(s) for transfers of Personal Data as may be permitted under Data Protection Laws from time to time;
“Data Protection Laws”
means any applicable UK or EU law relating to the processing, privacy, and use of Personal Data, as applicable to Liberty and/or the Services including:
- the Data Protection Act 1998;
- the EU Data Protection Directive (95/46/EC) as implemented in each relevant jurisdiction;
- the Privacy and Electronic Communications (EC Directive) Regulations 2003 and the EU Privacy and Electronic Communications Directive 2002/58/EC as implemented in each relevant jurisdiction; and
- the GDPR from the date the GDPR Date;
and any corresponding or equivalent national laws or regulations and any amending, equivalent or successor legislation to any of the above from the date that they come into force and the guidance and codes of practice issued by the Information Commissioner or any other Supervisory Authority in any relevant jurisdiction;
“Data Subject” has the meaning given to that term in the GDPR;
“GDPR” means the General Data Protection Regulation (EU) 2016/679;
“GDPR Date” means from when the GDPR applies on 25 May 2018;
“Personal Data” has the meaning given to that term in the GDPR;
“Services” means the goods or services being provided to the Customer by Liberty under the relevant agreement.
- This Policy applies to all Personal Data collected, generated or otherwise processed by Liberty Express Limited, company number 7115987 with registered address Foxhols Farm, Lyne lane, Lyne, Chertsey, Surrey, Kt16 0AN in the course of performing the Services.
2. People and Operations
- Liberty Express Limited (“Liberty”, “we”, “our”) shall ensure that all staff including sub-contractors that have access to its data processing systems possess a secure authentication with a unique username and strong password. All Liberty computers are automatically locked every half hour if inactive.
- Liberty shall have appropriate data protection and data security training in place for all staff and sub-contractors involved in the processing of Personal Data and ensure that training is carried out at reasonable and regular intervals.
- Liberty shall ensure that any of its staff or sub-contractors have committed themselves contractually to obligations of confidentiality or are under an appropriate statutory obligation of confidentiality.
- Liberty shall monitor its staff and sub-processor’s (if applicable) access to Personal Data. Monitoring shall include and capture, successful and unsuccessful log-in attempts, time, date and username. These logs shall be retained.
3. Policy and Procedures
- Liberty shall have in place a company wide data security policy, endorsed and supported by an executive officer in that party’s senior management team.
4. Physical security
- Liberty shall have the appropriate systems in place to restrict access to its secure premises and sites. Access to secure areas shall be monitored and logged.
- CCTV cameras are in operation throughout the premises and are used to view and record individuals in and around our premises.
- The IT department has overall responsibility for ensuring compliance with relevant legislation and the effective operation of the CCTV cameras and the storage of data.
- Liberty currently uses CCTV around our site as outlined below. We believe that such use is necessary for legitimate business purposes, including:
to prevent crime and protect buildings and assets from damage, disruption, vandalism and other crimes and to act as a deterrent against crime;
for the personal safety of staff, visitors and other members of the public;
to support law enforcement in the prevention, detection and prosecution of crime;
to assist in day-to-day management, including monitoring the health and safety of staff and others, staff training and discipline; and
to monitor traffic in and out of the site.
- Staff using surveillance systems will be given appropriate training to ensure they understand and observe the legal requirements of the processing of relevant data.
- Liberty have security measures in place to restrict access when using devices remotely.
5. Data handling
- Liberty will use widely recognised techniques to ensure any Personal Data, is protected during: (i) transit (data input), (ii) exchange between the parties and with contracted third parties, if applicable (data output); and (iii) storage (at rest). Subject to proper performance of its duties and contractual obligations, where appropriate, Liberty will pseudonymise Personal Data as soon as possible, which means processing the Personal Data in a way that it can no longer be attributed to a specific individual without the use of additional information.
- Liberty shall ensure that no Personal Data will be transferred or copied onto unencrypted portable devices, such as USB sticks or flash drives. Clients should always send personal or sensitive data by way of a secure or encrypted file system. Liberty shall ensure appropriate measures are in place to secure portable devices against loss or theft.
- Where Liberty identifies Personal Data that it determines for certain purposes needs to be transferred to countries outside the European Economic Area (EEA) or to any international organisation(s), Liberty shall first obtain the customer’s consent to such transfer. Liberty shall ensure that all such transfers of Personal Data and any onward transfer shall (to the extent required under Data Protection Laws) be effected by way of Appropriate Safeguards and in accordance with Data Protection Laws.
6. Data Deletion
- Where a customer reasonably requests Liberty to delete Personal Data in accordance with Data Protection, deletion means physical or logical deletion, ensuring that the data cannot be restored. Deletion of Personal Data will extend to all copies held by Liberty and means beyond reasonable recovery using commercially available means. Liberty will provide written confirmation to the data subject that deletion has been completed, including the physical deletion, method used and date of deletion.
7. Contact Us
Questions, comments and requests regarding this Policy are welcomed and should be sent by email firstname.lastname@example.org or by post to Foxhols farm, Lyne lane, Lyne, Chertsey, Surrey, Kt160AN.