MY NIX CART

Login

PRIVACY & DATA PROTECTION POLICY

  1. 1. AUTHORSHIP

    • Policy Prepared by: Company CIO
    • Approved by Board/Management on: November 2021
    • Policy Operational Starting: December 2021
    • Next Review Date: December 2022

  2. 2. INTRODUCTION

    We at NIX (“We”), are committed to protecting and respecting your online privacy. This policy (and any other documents referenced on it) details the views and considerations involved with all personal data collection and provisions for NIX’s proper processing. Please read below to learn about our personal data management practices and our use of cookies. By visiting https://www.nixs.co.uk, you accept and consent to the practices described in this policy.

    This Data Protection Policy outlines the terms and responsibilities expected of NIX each time data is collected from our members. The Data Protection Act 2018 represents the UK's implementation of the General Data Protection Regulation (GDPR). All individuals responsible for using personal data must adhere to strict rules called 'data protection principles'. As a company, NIX must do everything in its ability to ensure that all information collected is used fairly, lawfully, and transparently.

    This privacy and data protection policy ensure that NIX:

    • Complies with the Data Protection Act 2018 and follows good practice
    • Protects the rights of all staff, members and partners
    • Is transparent with its individual data storage and processing
    • Protects itself from data breach risks

    This policy applies to:

    • The Head Office of NIX
    • All Staff and Volunteers of NIX
    • All Contractors, Suppliers, and Individuals Working on Behalf of NIX

    This applies to all data held by the company relating to identifiable individuals, even if this information may fall outside of the Data Protection Act 2018.

    This can include:

    • Names of Individuals
    • Postal Addresses
    • Email Addresses
    • Telephone Numbers
    • Any Information Relating to Individuals

    For the purpose of General Data Protection Regulation "GDPR" (the Act), the data controller is the NIX Data GDPR Compliance Manager.

  3. 3. Mitigating Data Protection Risks

    This policy helps to protect NIX from data security risks, including:

    • Breaches of Confidentiality. For instance, any sensitive information that is given out without permission or proper consent.
    • Reputational Damage. For instance, any sensitive data that hackers may gain access to which may cause the company to suffer in the public eye.
    • Failure to Offer Choice. For instance, individuals are not given the freedom to exercise their right to choose how the company uses any data relating to them.

  4. 4. NIX Website

    Please note that our website at www.nixs.co.uk is used as a ‘Shop Window’ for all goods which we supply. It is necessary for NIX to gather and use certain information about individuals with whom we transact our business. These include our members, suppliers, business contacts, employees, and other people the NIX has a relationship with or may need to contact.

    This policy describes how this personal data is collected, handled, and stored to meet the company’s data protection standards, in accordance with the law. We do not collect the Names or Addresses of ad-hoc members visiting the site, nor do we use any proprietary tracking tools on our website.

    Website Provider

    Our website provider, xDNA, uses Sendgrid for transactional email Services which are hosted in (worldwide servers). Their data security and general service adhere to the latest Data Protection legislation 2018. Marketing emails will be sent by Mailchimp. xDNA does not use or process any of our client data.

    Visitor IP Addresses

    IP addresses of visitors to our site are automatically logged by our web server. This data is used for no other purpose than to prevent spammers or targeted attacks on our server. Users visiting our site are not personally identifiable through this data.

  5. 5. Cookies

    A cookie is a small file of letters and numbers, containing information, which is stored on your browser and transferred to your computer’s hard drive. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices, and/or browsing sessions. Cookies serve many useful purposes. For example:

    • Cookies can remember your sign-in credentials, so you don’t have to enter those credentials each time you log on to a service.
    • Cookies help us, and third parties understand which parts of our services are the most popular because they help us to see which pages and features visitors are accessing and how much time they are spending on the pages. By studying this kind of information, we are better able to adapt the services and provide you with a better experience.
    • Cookies help us, and third parties understand which ads you have seen so that you do not receive the same ad each time you access a service.
    • Cookies help us, and third parties provide you with relevant content and advertising by collecting information about your use of our services and other websites and apps. When you use a web browser to access the services, you can configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent. Each browser is different, so check the “Help” menu of your browser to learn how to change your cookie preferences. The operating system of your device may contain additional controls for cookies. Please note, however, that some services may be designed to work using cookies and that disabling cookies may affect your ability to use those services, or certain parts of them.

    Our website uses cookies which helps us distinguish you from our other website users. Using cookies enables us to collect information to improve our site and provide you with a smoother experience with each visit. By continuing to browse our site, you agree to our use of cookies.

    We use the following cookies:

    • Strictly Necessary Cookies: These cookies are required for the basic operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart, or make use of e-billing services.
    • Analytical/Performance Cookies: These give us the ability to recognise and count website visitors and to see how visitors navigate through and behave on our website. Collecting such information helps us to improve the user experience of our website, for example, by ensuring that you are able to find the information or access the functionality you seek with ease.
    • Functionality Cookies: These are used to recognise each user uniquely each time you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences such as your choice of language or region.
    • Targeting Cookies: These cookies record your website visits, the pages you have visited, and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
    • Affiliate Tracking Cookies: These cookies record your visit to our website and any subsequent purchases. These do not identify any individual. This information will be shared only with our affiliate platform providers.

    Please note that third parties including advertising networks and providers of external services such as web traffic analysis services may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

    You may opt to block cookies on your browser by activating a setting that allows you to refuse all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of our site. All cookies except essential cookies will expire after 180 days.

  6. 6. Google Analytics

    We use a standard implementation of Google Analytics. Google collects data from each visit/visitor to our website but does not store any personally identifiable information. Explicit consent is not needed for non-privacy intrusive cookies such as Google Analytics. Cookies set by a visited website with the basic function of counting its visitors do not require consent.

  7. 7. Personal Data Collection

    According to the ICO, personal data is any information related to a person, that can be used to directly or indirectly identify that person.

    Details considered as personal data have been extended to include online identities, such as:

    • Work Email Address
    • Personal Email Address
    • Phone Numbers
    • Online Identities/Usernames
    • Proper Names
    • Cookies
    • IP Address
    • Health Records
    • Biometric Data
    • Bank Details

    8. Gathering Personal Data

    We are a retail operation that gathers and uses the personal data of our members to be able to manage their membership and benefits, process orders, and keep records of their purchases and preferences. This data is gathered via our website which is effectively our ‘Shop Window’.

    We will collect and process the following data about you:

    Information You Give Us

    This information is given to us when you fill in forms on our site and correspond with us by phone, e-mail, etc. This includes information you provide when you register to use our site, subscribe to our service, and when you report a problem with our site. The information you give us may include your name, address, e-mail address and phone number, financial and credit card information.

    Data collected will comprise members’ membership details including the member’s name and delivery address. NIX does not hold payment details. The website will also use Google Analytics to assess the path that potential members have taken to the website, and at which point members leave the website.

    This data is inputted directly by members and as such, signifies actively consenting to its use on our systems. This can be rescinded at any point by emailing us at customer-service@nixs.co.uk. A request to delete all personal data will be taken as a request to leave the club and at that point, we will ensure that the member no longer has any outstanding membership or credit commitments. In some cases, it may be necessary to retain member data for any previously agreed commitments until its expiry date.

    You have the right to ask us not to process your personal data for marketing purposes. Before collecting your data, we will usually inform you if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You may exercise your right to prevent such processing at any time by contacting us by email at customer-service@nixs.co.uk.

    Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies. NIX does not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

    Information We Collect

    During each of your visits to our site, we will automatically collect the following information:

    • Technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type, browser version, time zone setting, browser plug-in types and versions, operating system and platform;
    • Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page.

    Data Collection via Website Form

    We have a form which allows members to submit queries to us and this form will include email address details and the details of the member query. This query is encrypted and then sent to our admin staff for handling. When a member requests information from NIX we register the customer’s name, address, and details of the products they are interested in. We also ask for a telephone number and email address so that we may follow up on the request. All of this is optional. We do not send unsolicited marketing material to members who contact us in this way unless they explicitly choose to ‘opt-in’.

    Data Storage in Electronic Records

    The data that we collect from you will be transferred to, and stored at Digital Ocean. A full list of their compliance can be found at https://www.digitalocean.com/legal/

    This includes staff engaged in, among other things, the fulfilment of your order, the processing of your payment details, and the provision of support services. By submitting your personal data, you agree to this transfer, storing, or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

    All the information you provide to us is stored on our secure servers. Any direct payment transactions will be encrypted using SSL technology. You are responsible for keeping all passwords confidential, especially in instances wherein we have given you a password or you have chosen a password which enables you to access certain parts of our site. We ask you not to share a password with anyone.

    Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features in our best capacity to prevent unauthorised access. Electronic data will be protected from unauthorised access, accidental deletion, and malicious hacking attempts:

    • Data will be protected by strong passwords which are changed regularly and never shared between employees.
    • Data will only be stored on designated drives and servers at Digital ocean, and will only be uploaded to approved cloud computing services.
    • Servers containing personal data will be sited in a secure location away from general office space.
    • Data will be backed up on an agreed regular frequency. Each back-up will be tested regularly, in line with the company’s standard backup procedures.
    • Data will never be saved directly to laptops or other mobile devices.
    • All servers and computers containing data will be protected by approved security software and firewall as described earlier in this document. Security patches are routinely reviewed and updated weekly or as soon as a server security patch becomes available.
    • Databases are not publicly accessible via the internet.

    Staff Access to Data

    NIX has a member service team and staff assigned to manage orders. These individuals are authorised to view member details on the orders page. This data is not printable or exportable.

    Certain members of the member service staff require such access in order to manage members/memberships. This is managed by access roles set-up by the Systems Administrator.

    Employees will keep all data secure, by taking sensible precautions and following the guidelines below:

    • The only staff able to access data covered by this policy are those authorised to access it for their work.
    • When working with personal data, employees must ensure the screens of their computers are always locked when left unattended.
    • Data must be encrypted before being transferred electronically.
    • Employees must never save copies of personal data on their own computers.
    • Data will never be shared informally. When access to confidential information is required, employees must request it from their line managers.
    • NIX will provide strict training to all employees to instil discipline in their data handling responsibilities.
    • Strong passwords are enforced and never shared.
    • Personal data must never be disclosed to unauthorised people, whether within the company or externally.
    • Data will be regularly reviewed and updated if it is found to be out of date. If no longer required, it will be deleted and disposed of.
    • Employees must request help from their line manager if they are unsure about any aspect of data protection.

    Staff who do not fully comply with these guidelines will be subject to disciplinary action and may be dismissed.

    The NIX system also provides an enquiries function for both members and non-members to log a message to which the admin will respond. This is a general facility restricted to admin staff and does not include access to a member’s account. If access to a member’s account is required, this will be escalated to a manager.

    Our member data is securely stored in UK data centres on Digital Ocean. Access to the original data is only obtainable via the admin/reporting screens. This is controlled by access granted to approved staff by the Systems Administrator.

    Specific data will be replicated to partners in order to create/manage orders, this is done via SFTP or APIs. All data is encrypted during transit. Members may change their marketing options via an unsubscribe/opt-out option.

    If you have any questions about our privacy policy or would like any further information, please email us at admin@nixs.co.uk

    Data Usage

    Once received, this data will be used to respond to our members and the details are stored in a database for record purposes.

    We use the information you give us and the information we collect about you for the following purposes:

    • To carry out our obligations arising from any contracts entered into between you and us, and to provide you with the information and services that you request from us;
    • To provide you with information about other services we offer that are similar to those that you have already purchased or enquired about;
    • To provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer (member), we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please contact us.
    • To allow you to participate in interactive features of our service when you choose to do so;
    • To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising;
    • To notify you about changes to our service;
    • To administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
    • To improve our site to ensure that content is presented most effectively for you and your computer;
    • As part of our efforts to keep our site safe and secure.

    We will combine the information we receive from other sources with the information you give to us and the information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).

    Member Data Sharing

    We hold personal data for our member records. These are provided by members for us to be able to fulfil placed orders.

    As a member, you agree that we have the right to share your personal information with:

    • Any member of our group, which means our subsidiaries, our ultimate holding company, and its subsidiaries.
    • Selected third parties including:
      • Business partners, suppliers, and sub-contractors for the performance of any contract we enter into with them or you, including any third-party payment providers;
      • Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We do not disclose information about identifiable individuals to our advertisers, but we will provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in SW1). We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience;
      • Analytics and search engine providers that assist us in the improvement and optimisation of our site.

    We will disclose your personal information to third parties only in the event that:

    • We sell or buy any business or assets. We will be required to disclose your personal data to the prospective seller or buyer of such business or assets.
    • We or substantially all of our assets are acquired by a third party. Personal data held about its customers will be one of the transferred assets.
    • We are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions of supply and other agreements or to protect the rights, property, or safety of the company, our customers, or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction.

    Subject Access Requests

    The Data Protection Act 2018 gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. All of our members are entitled to:

    Data Management

    Personal data details from our members are stored securely on our own databases and held separately from login details. Addresses and other important data are normalised and separated accordingly. Please let us know if you do not wish to be contacted at all, or the terms on which you should be contacted (i.e. email only) and we will update your record accordingly.

  8. 8. Data Security

    Data Storage in Paper Records

    We try as much as possible to hold only electronic records. When data is stored on paper, it will be kept in secure locked cabinets where unauthorised persons will be unable to access it.

    • Employees will ensure these papers and printouts are not within the visibility of unauthorised persons.
    • Paper records will be shredded and disposed of securely when no longer required.

    Data Storage in Electronic Records

    The data that we collect from you will be transferred to, and stored at Digital Ocean. A full list of their compliance can be found at https://www.digitalocean.com/legal/

    This includes staff engaged in, among other things, the fulfilment of your order, the processing of your payment details, and the provision of support services. By submitting your personal data, you agree to this transfer, storing, or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

    All the information you provide to us is stored on our secure servers. Any direct payment transactions will be encrypted using SSL technology. You are responsible for keeping all passwords confidential, especially in instances wherein we have given you a password or you have chosen a password which enables you to access certain parts of our site. We ask you not to share a password with anyone.

    Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features in our best capacity to prevent unauthorised access. Electronic data will be protected from unauthorised access, accidental deletion, and malicious hacking attempts:

    • Data will be protected by strong passwords which are changed regularly and never shared between employees.
    • Data will only be stored on designated drives and servers at Digital ocean, and will only be uploaded to approved cloud computing services.
    • Servers containing personal data will be sited in a secure location away from general office space.
    • Data will be backed up on an agreed regular frequency. Each back-up will be tested regularly, in line with the company’s standard backup procedures.
    • Data will never be saved directly to laptops or other mobile devices.
    • All servers and computers containing data will be protected by approved security software and firewall as described earlier in this document. Security patches are routinely reviewed and updated weekly or as soon as a server security patch becomes available.
    • Databases are not publicly accessible via the internet.

    Staff Access to Data

    NIX has a member service team and staff assigned to manage orders. These individuals are authorised to view member details on the orders page. This data is not printable or exportable.

    Certain members of the member service staff require such access in order to manage members/memberships. This is managed by access roles set-up by the Systems Administrator.

    Employees will keep all data secure, by taking sensible precautions and following the guidelines below:

    • The only staff able to access data covered by this policy are those authorised to access it for their work.
    • When working with personal data, employees must ensure the screens of their computers are always locked when left unattended.
    • Data must be encrypted before being transferred electronically.
    • Employees must never save copies of personal data on their own computers.
    • Data will never be shared informally. When access to confidential information is required, employees must request it from their line managers.
    • NIX will provide strict training to all employees to instil discipline in their data handling responsibilities.
    • Strong passwords are enforced and never shared.
    • Personal data must never be disclosed to unauthorised people, whether within the company or externally.
    • Data will be regularly reviewed and updated if it is found to be out of date. If no longer required, it will be deleted and disposed of.
    • Employees must request help from their line manager if they are unsure about any aspect of data protection.

    Staff who do not fully comply with these guidelines will be subject to disciplinary action and may be dismissed.

    The NIX system also provides an enquiries function for both members and non-members to log a message to which the admin will respond. This is a general facility restricted to admin staff and does not include access to a member’s account. If access to a member’s account is required, this will be escalated to a manager.

    Our member data is securely stored in UK data centres on Digital Ocean. Access to the original data is only obtainable via the admin/reporting screens. This is controlled by access granted to approved staff by the Systems Administrator.

    Specific data will be replicated to partners in order to create/manage orders, this is done via SFTP or APIs. All data is encrypted during transit. Members may change their marketing options via an unsubscribe/opt-out option.

    If you have any questions about our privacy policy or would like any further information, please email us at admin@nixs.co.uk

    Data Usage

    Once received, this data will be used to respond to our members and the details are stored in a database for record purposes.

    We use the information you give us and the information we collect about you for the following purposes:

    • To carry out our obligations arising from any contracts entered into between you and us, and to provide you with the information and services that you request from us;
    • To provide you with information about other services we offer that are similar to those that you have already purchased or enquired about;
    • To provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer (member), we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please contact us.
    • To allow you to participate in interactive features of our service when you choose to do so;
    • To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising;
    • To notify you about changes to our service;
    • To administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
    • To improve our site to ensure that content is presented most effectively for you and your computer;
    • As part of our efforts to keep our site safe and secure.

    We will combine the information we receive from other sources with the information you give to us and the information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).

    Member Data Sharing

    We hold personal data for our member records. These are provided by members for us to be able to fulfil placed orders.

    As a member, you agree that we have the right to share your personal information with:

    • Any member of our group, which means our subsidiaries, our ultimate holding company, and its subsidiaries.
    • Selected third parties including:
      • Business partners, suppliers, and sub-contractors for the performance of any contract we enter into with them or you, including any third-party payment providers;
      • Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We do not disclose information about identifiable individuals to our advertisers, but we will provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in SW1). We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience;
      • Analytics and search engine providers that assist us in the improvement and optimisation of our site.

    We will disclose your personal information to third parties only in the event that:

    • We sell or buy any business or assets. We will be required to disclose your personal data to the prospective seller or buyer of such business or assets.
    • We or substantially all of our assets are acquired by a third party. Personal data held about its customers will be one of the transferred assets.
    • We are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions of supply and other agreements or to protect the rights, property, or safety of the company, our customers, or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction.

    Subject Access Requests

    The Data Protection Act 2018 gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. All of our members are entitled to:

    • Ask what information NIX holds of theirs and why.
    • Ask how to gain access to it.
    • Be informed on how to keep it up to date.
    • Be informed of how NIX is meeting its data protection obligations.

    A data information request (known as subject access requests) from individuals should be made by email to admin@nixs.co.uk. Members will be charged £10 per subject access request. NIX aims to provide the relevant data within 14 days.

    Deleting Data

    We periodically purge and delete redundant data and records. Alternatively, if you wish us to update your data or remove any data relating to you, simply email us on admin@nixs.co.uk and we’ll take the necessary action to remove your data from our live and current databases and email you to confirm that this has been done.

  9. 9. Changes to the Policy

    Any changes we make to our privacy and cookies policy in the future will be posted on this page.

  10. 10. Contact Us

    You can contact us to update your preferences, correct your information, submit a request, or ask us questions.

    The easiest way is through the Contact Us section of https://www.nixs.co.uk/

    You can also contact us at:

    Customer-service@nixs.co.uk and mark the email ‘For the Attention of NIX Data Controller.

  11. 11. Complaints and Feedback

    We always welcome feedback from Our customers and, whilst We always use all reasonable endeavours to ensure that your experience as a customer of Ours is a positive one, We nevertheless want to hear from you if you have any cause for complaint.

    All complaints are handled in accordance with Our complaints handling policy and procedure.

    If you wish to complain about any aspect of your dealings with Us, please contact Us In writing, by email, addressed to customer-services@nixs.co.uk.



Appendix 1

Data Protection and Privacy Responsibilities at NIX

Every person who works for or with NIX takes responsibility to ensure that all data is collected, stored, and handled appropriately. Each team assigned to handle personal data must ensure that it is handled and processed in line with this policy and data protection principles.

However, these people maintain key areas of responsibility:

  • The Board of Directors is ultimately responsible for ensuring that NIX meets its legal obligations.
  • The Data Compliance Manager is responsible for:
    • Keeping the board updated about data protection responsibilities, risks, and issues.
    • Reviewing all data protection procedures and related policies, in line with an agreed schedule.
    • Arranging data protection training and advice for the people covered by this policy.
    • Handling data protection questions from staff and anyone else covered by this policy.
    • Dealing with requests from individuals to see the data NIX holds about them (also called ‘subject access requests’).
    • Checking and approving any contracts or agreements with third parties that may handle the company’s sensitive data.
  • The IT Manager is responsible for:
    • Ensuring all systems, services, and equipment used for storing data meet acceptable security standards.
    • Performing regular checks and scans to ensure security hardware and software are functioning properly.
    • Evaluating any third-party services the company is considering using to store or process data. For instance, cloud computing services.
  • The Marketing Manager is responsible for:
    • Approving any data protection statements attached to communications, such as emails and letters.
    • Addressing any data protection queries from journalists or media outlets, such as newspapers.
    • Where necessary, working with other staff to ensure marketing initiatives abide by data protection principles.