top of page
rtetr.png

Data Security Policies

GROWTHAWK takes data security extremely seriously, and we place the rights of the individual and regulatory adherence at the heart of everything we do as a company. In light of our commitments, it is mandatory all staff members must observe and adhere to the following data security policies:

Data Storage Policy

  • All information or data that is collected and processed is subject to all of the applicable requirements as outlined and documented within this policy. This includes information collected electronically, by paper, telephone or data collected through any other means.

  • All data must be collected, stored and protected in a secure location appointed by GROWTHAWK, for a retention period as predefined by corresponding legislature or company policy.

  • Staff members are strictly forbidden to retain confidential information or personal data not relating to themselves on their personal devices. Exceptions to this policy include information that is needed for a purpose that is work-related, temporary and specified and approved by a relevant manager.

  • Staff members should avoid downloading sensitive files or confidential information to local devices wherever possible. Information being necessarily processed for work purposes may be exempt from this policy.

  • Employees must install and use software and systems that have been licensed and approved by the company on devices while carrying out the duties of their role. Downloading or using any software, app or system that is not preapproved by the company will require prior approval from the company’s IT Manager.

  • All mobile and portable devices used by staff members should be approved by the company’s IT Manager and secured to prevent unauthorised access or breach. Personal devices could include a laptop, smartphone, tablet or any other handheld computing devices. This policy also applies to any shared cloud storage spaces.

  • All internet access and online operations carried out by employees could be subject to monitoring and filtering in accordance with relevant legislation and company policy. This monitoring should be carried out only by the IT Manager or an authorised member of staff.

  • Employees must adhere to all applicable elements of this policy when using personal devices to access company resources. Similarly, employees must observe and adhere to all applicable elements of this data security policy when using equipment provided by GROWTHAWK to access information externally.

  • Employees are forbidden from using public access devices. This practice is allowed in some circumstances; however, prior and explicit approval from a line manager for regular public access must be obtained and recorded.

  • Employees must use access tools provided to them by a client or partner of GROWTHAWK if access is granted to any third-party storage system or data storage facility.

  • It is forbidden to send, forward or submit any of the information or data referred to within this data security policy to a third-party unless deemed essential to complete approved processes.

  • If an employee needs to carry out an approved submission of data to any relevant third-party, that data must be made secure in accordance with company policy and any relevant third-party data protection protocols.

Please note that GROWTHAWK will carry out regular system audits to monitor and ensure ongoing compliance with this data security policy and all regulatory requirements as outlined under GDPR.

Data Retention Policy

While GROWTHAWK must routinely collect and store data, we are committed to the rights of individuals. That’s why we retain all information and personal data for no longer than we need to. The necessary length of retention will often be decided on a case-for-case basis, bearing in mind the rationale and original purpose surrounding data collection and retention. Decisions of this nature must be made in a way that is compatible with our existing data retention guidelines under GDPR. For additional guidance, consult the following corresponding documents:

  • Data retention and erasure policy document

International Data Transfer Policy

Employees must observe a series of restrictions that apply towards the international transfer of data or personal information. Employees are not permitted to transfer personal information or data outside of the United Kingdom without having obtained explicit permission in the first instance from the company’s Data Protection Officer.

Data Encryption and Anonymisation Policy

GROWTHAWK deploys encryption to secure and protect data that is stored on devices from unlawful processing or unauthorised access. Encryption is also used to protect information that is in transit. We also use the anonymisation of personal data wherever deemed prudent to ensure the rights of the individual are fully protected and observed. In line with these principles, we are committed to the use both encryption and anonymisation as a risk management tool alongside existing systems, to protect the company from accidental loss, as well as from the damage or destruction of data or personal information.

bottom of page