Data Protection Policy
JKR Services Limited t/a Soundcraft needs to gather and use certain information about customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact.
This data protection policy ensures Soundcraft shall comply with data protection law and follow good practice to Protects the rights of staff, customers and partners. We shall be open about how we store and process individuals’ data and protect ourselves from the risks of a data breach.
This policy applies to all staff and contractors, suppliers and other people working on behalf of Soundcraft.
It applies to all data that the company holds relating to identifiable individuals. Everyone who works for Soundcraft has some responsibility for ensuring data is collected, stored and handled appropriately.
The only people able to access data covered by this policy should be those who require it for their work, Soundcraft will provide training to all employees to help them understand their responsibilities when handling data including disclosure, protection, storage and disposal.
Personal data should not be disclosed to unauthorised people, either within the company or externally.
Data should be regularly reviewed and updated if it is found to be out of date. If no longer required, it should be deleted and disposed of.
Data printouts should be shredded and disposed of securely when no longer required.
When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts:
Data should be protected by strong passwords that are changed regularly and never shared between employees.
Data should be backed up frequently and all servers and computers containing data should be protected by approved security software and a firewall.
When working with personal data, employees should ensure the screens of their computers are always locked when left unattended. Personal data should not be shared informally in any circumstance.
All individuals who are the subject of personal data held by Soundcraft are entitled to:
Ask what information the company holds about them and why.
Ask how to gain access to it and be informed how to keep it up to date and that the company is meeting its data protection obligations.
Soundcraft will always verify the identity of anyone making a subject access request before handing over any information.