“You are expected to put into place comprehensive but proportionate governance measures,” says the UK’s ICO. “Ultimately, these measures should minimise the risk of breaches and uphold the protection of personal data. Practically, this is likely to mean more policies and procedures for organisations, although many organisations will already have good governance measures in place.”
We all value privacy.
We appreciate plain and simple use of language with as little ambiguity as possible.
As Geeks and IT Professionals, we are trusted, implicitly with a lot of sensitive data. Whether that be backups of your client data, contact information, passwords or family photos.
We respect & cherish that trust.
We will ask you to confirm you are happy for us to work like this together. If you have any questions, feelings or concerns, we are always happy to discuss further.
Sharing of Data
We all hate spam, unsolicited information and data mining.
We are not involved in it and do not condone it.
Any information you choose to give to us is held and used by us only. It is secured to that same standards that we keep our most valued possessions.
We do not pass your details onto Third parties without direct contact & consent from you.
Password & Security
As an organisation based in the IT sector, it is important to us that we role model excellent security practices that are both secure AND workable in anyone’s day to day business.
No system is 100% secure and often systems are out of our control (eg. cloud based storage). However, we use all our expertise to make informed decisions about the systems we use.
- We use the strong passwords
- A minimum 8 characters (often 20 digit+)
- Each and every system has a unique password
- Randomly generated using a 3rd party app
- Wherever & whenever possible we enable 2 Factor Authentication
- If encryption is available & workable, it is used. eg. Firevault on laptops
These password are stored in , what we believe to be, an industry leading password solution that we have been trusting since our inception.
We believe this is the best workable solution but are always monitoring for changes in best practice.
Storing of Data
As part of our day to day work, we end up storing information about you. It is an important part of any process. Our customers expect us to “know them” and often that complexity needs to be recorded.
We have a number of data flow points in the organisation
- Messaging
- Paper based notes
- Data & Files
- Usernames & Passwords
Here is a little more detail on each system
Every business’s communication tool of choice.
Unfortunately, it is also a dustbin of information and the inbound flow of that information is often out of our hands (You can’t stop people from choosing to send you their information).
We will not email sensitive information without your consent.
Our provider is Fastmail.com and our systems are secured to our highest levels
We delete email communication over 6 years old, inline with keeping company records.
Mailchimp
Sending large volume emails via your email account is tricky in a world of spammers. As a consequence, we role model best practice by using Mailchimp for “All client communications”.
By being an active customer with us, your name & email address is added to this list.
The information sent is business communications and not marketing.
You can opt out of this at any stage via the links in the email.
Messaging
In a new digital age, email is moving to the side and messaging is paving a new path.
You can send text, photos, videos and even money via messaging now.
Our systems included:
- Text Messaging
- iMessages (Apple)
- Slack
- Skype
- TeamViewer
Paper notes
Gotta love a good pen and paper – right?
Don’t forget this is also a security risk (what if you leave it on a train)
We love pen & paper but never use it to store/collect personal information.
It is simply used for notes and generic actions.
These notebooks are securely disposed of.
Data & Files
Your data is your data and where ever possible, we do not store your data.
If we do store your data, it is with written consent and stored for a predetermined period of time by you.
If we do store data, it is usually as part of an additional back up procedure that we have discussed, identified a need and you have given permission.
If we store your data, it could be on one or more of the following systems:
- Dropbox
- iCloud
- Office Server (Synology NAS)
- Backblaze (Cloud based backup)
- Hard drives
These systems are only accessible by employees of FreelanceGeek Ltd and adhere to our highest security policy.
Usernames & Passwords
As part of working with you, it is almost a given that we will create a username & password on your behalf.
If we do, these are only stored our password management system.
Communication of these is by written consent from you and via a method your designate.
If you do not want us to store these, we will not. Don’t forget, you can always reset the password!
Financial Systems
All companies have a finance system, our system of choice is Xero.
We store your company details, bank details and invoice history.
Our accountants also have access to this system (Proactive: http://www.proactive.uk.net)
Right to be forgotten
- If you do not want information store
- If you wish to see the information
- If you would like to have data delete
Please email us at gdpr@freelancegeek.co.uk and we will action your request within 30 days.
Breach Notification
If the confidentiality of customer data is breached, we recognize our responsibility to our customers and to the public to disclose the nature of the risk and provide a transparent account of the events without undue delay. At a bare minimum, we must inform the applicable supervisory authorities as required by law and regulation.