Data Management Procedures & Policies
- Section 1: Data sourcing
- Section 1.1: Due diligence on data source
- Section 1.2: Due diligence check list
- Section 1.3: Data validation and re-validation
- Section 2: Data Screening and suppression
- Section 2.1: Data screening procedures
- Section 2.2: Data Suppression files
- Section 3: Data Processing
- Section 3.1: Data Processing: Canvasser level
- Section 3:2: Data Processing: Management level
- Section 4: Data retention and justifiability
- Section 4.1: Data retention policies and procedures
- Section 4.2: Retention Rules
- Section 4.3: Data Deletion Procedure
- Section 4.4: Safeguarding of Data During Retention Period
- Section 4.5: Managing Records Kept Based on This Document
- Section 4.6: Validity and Document Management
- Section 4.7: Data Recycling
- Section 4.8: Justifiability, Fair and Lawful Use
- Section 4.9: Appendices
- Section 5: Subject Access requests and Source feedback mechanism
- Section 5.1: Subject access request procedures
- Section 5.2: Source feedback mechanism
- Section 6: Manual opt-out input and RTFB
- Section 6.1: Opt-out procedure
- Section 6.2: Right to Erasure Procedure
- Section 6.3: Data Deletion Procedure
- Section 7: Data Management training and delivery
- Section 7.1: Data management training content
- Section 7.2: Data management training recipients
- Section 7.3: Delivery and continuity of training
- Section 7.4: Appendices
- Section 8: Complaints
- 8.1: Subject access requests
- 8.2: General complaints
Section 1 – Data Sourcing
Due diligence on data source
It is important that we check all data providers we use are working to the highest standards. We must follow procedures put in place to ensure that our suppliers are following best practice and are compliant. Therefore, we have a checklist in place to ensure that the data we are being provided meets our criteria and our needs for compliance. This will be monitored by the Data Protection Officer.
Due diligence check list
The following checklist is checked against the supplier to ensure they that are compliant, as are we, and that we are hitting the criteria we need for the data e.g. accuracy of area
- Are they ICO registered and if so what is the registration number?
- Are they members of any other professional organisations or associations? If so, can they provide their registration numbers?
- Do they have any outstanding or settled charges against the company including TPS complaints?
- Do they have any outstanding or settled charges against the directors?
- Are they a registered, legitimate company and can their endorsements be checked?
- What methods are used for obtaining consent?
- When was consent obtained from individuals and how regularly is that validated?
- Does the organisation obtain the consent directly or do they broker it from another source? If brokered do they have access to the data capture information?
- What is the customer told in relation to third party marketing at the point of capture?
- Is the data TPS cleansed upon output?
Data Validation and re-validation
All data we purchase will be validated within legal requirements by the supplier. We ensure that this is done and that it will be written into the purchase order as a requirement. We ensure this with our Due Diligence checks as per the list in section 1.2.
Re-validation takes place when the licence on the data comes to an end. We must do one of two things; delete the data in line with the data deletion procedure or re-validate the data.
Section 2 – Data Screening and Suppression
Data screening procedures
To be compliant, we use a live system to screen our calls to ensure we are not calling TPS registered numbers or numbers that we have put on our “Do Not Call” list.
The following the points are what we need to ensure is happening for compliance and correct operation of our current dialler system:
- Ensure in the detailed view campaign screen that the “Campaign Caller ID” is the number that Hostcomm have supplied for TPS screening
- Ensure that the DNC list is up to date, making sure that the canvassers are correctly dispositioning the leads
- Ensure that any changes outside of the Canvasser level process are updated by the add/ delete number on the DNC list
- Any numbers supplied by an individual who has called in to say they do not wish to be contacted by us must be added to the DNC list within 24 hours
Data Suppression files
We keep data suppression files to help us be compliant and to help us be efficient with the use of our data.
The main reasons we keep suppression files is to avoid calling people that have:
- Already had a successful call with ourselves
- Requested not to be called by us again
- Been found to be vulnerable
- To avoid us having duplicate numbers from suppliers in the same licence period
It is important that a suppression file is regularly updated to ensure that only details which need to be on the suppression files are retained. Justifiable reasons for keeping a number in the suppression file past its license expiration is as follows.
- A number is on our DNC list
- An individual has already had a successful call from us
- A number has been flagged as a business number
- The data subject has specifically requested not to receive a call from us again
- To allow us to be compliant and not call data more than we are legally able to
Our Suppression files are split into two categories which are Live and Not Live. The “Live suppression file” is a list of data currently in use, these are in our suppression file in order to ensure that we avoid buying data more than once and to ensure that no number can be duplicated in the system, as this could lead to a possibility wherein a number is called above the permitted amount of times.
The “Not Live Suppression file” is a list of data which we do not wish to purchase or call again. This is redacted so that we do not hold any personal data except the number, which is justifiably kept in order to prevent repeated contact.
Section 3 – Data Processing
Data Processing: Canvasser level
At a canvasser level there is a small amount of data processing to be undertaken in the form of dispositioning. The dispositions are the outcome of the calls and are critical to ensure correct data management. The canvassers are monitored by management and subjected to frequent audits.
The dispositions are as follows:
- Answering machine: If you get through to an answering machine
- Business: If it is a registered business address
- Busy: If you get through to someone who is not the customer, and/or the customer is busy, so they are unable to take the call
- Call Back: If you agree to a call back with the customer
- Do not call: This is if the customer asks not to be called again or to be removed from our list or if the customer is vulnerable
- No Pitch, No Price: If you do not get into a pitch with the customer
- Not Homeowner: If the person is not homeowner
- Not Interested: You have got into a pitch, but the customer says no to a service
- Opt In: If the customer agrees to a call in the future but you have not arranged a specific call back
- Out of Criteria: Customer is outside of required criteria to qualify for service.
- Sale Made: Customer has agreed to appointment.
- U45: Customer is between the ages of 40 and 44 (inclusive).
- U40: Customer is below the age of 40
- Wrong number/details: If we have incorrect details for that person and they do not want to update their details
Data Processing: Management level
Data processing on management level can fall under two different categories: customer data processing and Employee data processing. Of the two categories Customer data processing is relevant to the data we use for our marketing needs and Employee data processing is relevant to anything we may hold on an employee.
When we process customer data, we carry out certain tasks to ensure optimisation, efficiency, compliance, and security. This Includes:
- Ensuring the DNC list is up to date and correctly managed
- Ensuring that we are compliant on regulations that the ICO has set out for us to follow
- Ensure that we follow all relevant laws and procedures in order to be compliant with GDPR
- Ensure that we are correctly recording data management and managing it as per our policies
- Ensure that we consistently improve our security, ensuring that it is always as strong as feasibly possible
- Action any compliance requests as soon as feasibly possible
- Check and supervise all data processers on a canvasser level
- Regularly train canvassers in order to ensure continual improvement
When we process employee data, we carry out certain tasks to ensure optimisation, efficiency, compliance, and security. This Includes:
- Ensuring that employees are aware of how we handle their data
- Keep documents for only the amount of time that we need to
- Minimise the data we hold on employees to ensure we only hold what is necessary
- Make sure we follow all relevant laws and procedures in order to be compliant with for GDPR
- Ensure that we are correctly recording data management and managing it as per our policies
- Ensure that we consistently improve and make our security as strong as feasibly possible
Section 4 – Data retention
Data retention policy and procedures
This policy sets out the required retention periods for specified categories of personal data and sets out the minimum standards to be applied when destroying certain information within Cisco Homes Ltd.
This Policy applies to all business units, processes, and systems in all countries in which the Company conducts business and has dealings or other business relationships with third parties.
This Policy applies to all Company officers, directors, employees, agents, affiliates, contractors, consultants, advisors or service providers that may collect, process, or have access to data (including personal data and/or sensitive personal data). It is the responsibility of everyone mentioned above to familiarise themselves with this Policy and ensure adequate compliance with it.
This policy applies to all information used at the Company. Examples of documents include:
- Hard copy documents
- Soft copy documents
- Video and audio
- Data generated by physical access control systems
- Online and offline databases
4.2.1. Retention General Principle
In the event, for any category of documents not specifically defined elsewhere in this Policy (and specifically within the Data Retention Schedule) and unless otherwise mandated differently by applicable law, the required retention period for such document will be deemed to be 3 years from the date of creation of the document.
4.2.2. Retention General Schedule
The Data Protection Officer defines the time scale for which documents and electronic records should be retained through the Data Retention Schedule.
As an exemption, retention periods within the Data Retention Schedule can be prolonged in cases such as:
- Ongoing investigations from Member States authorities, if there is a chance records of personal data are needed by the Company to prove compliance with any legal requirements
- When exercising legal rights in cases of lawsuits or similar court proceedings recognised under local law.
4.2.3. Breach, Enforcement and Compliance
The person appointed responsible for Data Protection, the Data Protection Officer, has the responsibility to ensure that each of the Company’s offices complies with this Policy. It is also the responsibility of the Data Protection Officer to assist any local office with enquiries from any local data protection or governmental authority.
Any suspicion of a breach of this Policy must be reported immediately to the Data Protection Officer. All instances of suspected breaches of the Policy shall be investigated and action taken as appropriate.
Failure to comply with this Policy may result in adverse consequences including, but not limited to, loss of customer confidence, litigation and loss of competitive advantage, financial loss and damage to the Company’s reputation, personal injury, harm, or loss. Non-compliance with this Policy by permanent, temporary or contract employees, or any third parties, who have been granted access to Company premises or information, may therefore result in disciplinary proceedings or termination of their employment or contract. Such non-compliance may also lead to legal action against the parties involved in such activities.
Data Deletion Procedure
4.3.1. Routine Disposal Schedule
Records which may be routinely destroyed unless subject to an on-going legal or regulatory inquiry are as follows:
- Announcements and notices of day-to-day meetings and other events including acceptances and apologies
- Requests for ordinary information such as travel directions
- Reservations for internal meetings without charges / external costs
- Transmission documents such as letters, fax cover sheets, e-mail messages, routing slips, compliments slip and similar items that accompany documents but do not add any value
- Message slips
- Superseded address list, distribution lists etc.
- Duplicate documents such as CC and FYI copies, unaltered drafts, snapshot printouts or extracts from databases and day files
- Stock in-house publications which are obsolete or superseded
- Trade magazines, vendor catalogues, flyers and newsletters from vendors or other external organizations.
In all cases, disposal is subject to any disclosure requirements which may exist in the context of litigation.
4.4.2. Destruction Method
Level I documents are those that contain information that is of the highest security and confidentiality and those that include any personal data. These documents shall be disposed of as confidential waste (cross-cut shredded and incinerated) and shall be subject to secure electronic deletion. Disposal of the documents should include proof of destruction.
Level II documents are proprietary documents that contain confidential information such as parties’ names, signatures, and addresses, or which could be used by third parties to commit fraud, but which do not contain any personal data. The documents should be cross-cut shredded and then placed into locked rubbish bins for collection by an approved disposal firm, and electronic documents will be subject to secure electronic deletion.
Level III documents are those that do not contain any confidential information or personal data and are published Company documents. These should be strip-shredded or disposed of through a recycling company and include, among other things, advertisements, catalogues, flyers, and newsletters. These may be disposed of without an audit trail.
4.4.3. Destruction of Data
The Company and its employees should therefore, on a regular basis, review all data, whether held electronically on their device or on physical media, to decide whether to destroy or delete any data once the purpose for which those documents were created is no longer relevant. See section 4.9 for the retention schedule. Overall responsibility for the destruction of data falls to the Data Protection Officer.
Once the decision is made to dispose according to the Retention Schedule, the data should be deleted, shredded, or otherwise destroyed to a degree equivalent to their value to others and their level of confidentiality. The method of disposal varies and is dependent upon the nature of the document. For example, any documents that contain sensitive or confidential information (and particularly sensitive personal data) must be disposed of as confidential waste and be subject to secure electronic deletion; some expired or superseded contracts may only warrant in-house shredding. The Document Disposal Schedule below (section 4.9) defines the mode of disposal.
In this context, the employee shall perform the tasks and assume the responsibilities relevant for the information destruction in an appropriate way. The specific deletion or destruction process may be carried out either by an employee or by an internal or external service provider that the Data Protection Officer subcontracts for this purpose. Any applicable general provisions under relevant data protection laws and the Company’s Personal Data Protection Policy shall be complied with.
Appropriate controls shall be in place that prevents the permanent loss of essential information of the company because of malicious or unintentional destruction of information – these controls are described in the company’s IT Security Policy.
The Data Protection Officer shall fully document and approve the destruction process. The applicable statutory requirements for the destruction of information, particularly requirements under applicable data protection laws, shall be fully observed.
Safeguarding of Data during Retention Period
The possibility that data media used for archiving will wear out shall be considered. If electronic storage media are chosen, any procedures and systems ensuring that the information can be accessed during the retention period (both with respect to the information carrier and the readability of formats) shall also be stored to safeguard the information against loss because of future technological changes. The responsibility for the storage falls to the Data Protection Officer.
Managing Records Kept based on this Document
Record name: Data Retention Schedule
Storage location: Data Protection Officer’s Dropbox
Person responsible for storage: Data Protection Officer
Controls for record protection: Only authorised persons may access this document
Retention time: Permanently
Validity and document management
This document is valid as of September 2020.
The owner of this document is the Data Protection Officer who must check and, if necessary, update the document at least once a year.
Data that we used but were unable to complete the call we can recycle and call again, if we are within the allowances stated in the data’s licence. We have a waiting period of at least 14 days between each contact for compliance.
Justifiability, Fair and lawful use
Our legitimate grounds for using personal data is that the product we market is of benefit to the people we market it to. We do not use the data in an unjustified manner and we abide by the strictest guidelines to ensure that the interest of the people whose personal data we hold is a priority.
We also ensure that we are entirely transparent with people about the use of their data. We tell people what we do with it and how we will help them if they do not want us to use it. This gives us justification to use their data as we will not use it for unlawful or illicit reasons.
We abide by the conditions of processing and do so in a fair manner. We never disclose personal data to any third parties or to anyone else without explicit permission.
Appendix – Data Retention Schedule
|Personal data record category||Mandated retention period||Record owner|
|Payroll records||Seven years after audit||HR|
|Supplier contracts||Seven years after contract is terminated||HR|
|Chart of Accounts||Permanent||HR|
|Fiscal Policies and Procedures||Permanent||HR|
|Investment records (deposits, earnings, withdrawals)||7 years||HR|
|Cancelled checks||7 years||HR|
|Bank deposit slips||7 years||HR|
|Business expenses documents||7 years||HR|
|Check registers/books||7 years||HR|
|Property/asset inventories||7 years||HR|
|Credit card receipts||3 years||HR|
|Petty cash receipts/documents||3 years||HR|
|Disciplinary, grievance proceedings records, oral/verbal, written, final warnings, appeals||As per legal requirement||HR|
|Applications for jobs, interview notes – Recruitment/promotion panel Internal Where the candidate is unsuccessful||Deleted immediately||Recruitment|
|Applications for jobs, interview notes – Recruitment/promotion panel Internal Where the candidate is successful||Duration of employment||HR|
|Payroll input forms, wages/salary records, overtime/bonus payments Payroll sheets, copies||7 years||HR|
|Bank details – current||Duration of employment||HR|
|Payrolls/wages||Duration of employment||HR|
|Job history including staff personal records: contract(s), Ts & Cs; previous service dates; pay and pension history, pension estimates, resignation/termination letters||As per legal requirement||HR|
|Employee address details||Duration of employment||HR|
|Expense claims||As per legal requirement||HR|
|Annual leave records||Duration of employment||HR|
|Accident reports and correspondence||As per legal requirement||HR|
|Certificates and self-certificates unrelated to workplace injury; statutory sick pay forms||As per legal requirement||HR|
|Pregnancy/childbirth certification||As per legal requirement||HR|
|Parental leave||Duration of employment||HR|
|Maternity pay records and calculations||As per legal requirement||HR|
|Redundancy details, payment calculations, refunds, notifications||As per legal requirement||HR|
|Training and development records||Duration of employment||HR|
|Screen recordings from support session||Automatically deleted after 90 days||IT|
|CRM data – inclusive of Name, Email address, mobile number, address, emails, and phone call summaries, DPO information||Retained whilst organisation remains a customer or deleted by user. Once an organisation requests all records to be deleted, data will be removed from the back-ups within agreed timescale||DPO|
|Personal data record category||Mandated retention period||Record owner|
|Call recordings||Automatically deleted after 6 months||Sales|
|Recycle Bins||Cleared monthly||Individual employee|
|Downloads||Cleared monthly||Individual employee|
|Inbox||All emails containing PII attachments deleted after 3 years.||Individual employee|
|Deleted Emails||Cleared monthly||Individual employee|
|Personal Network Drive||Reviewed quarterly, any documents containing PII deleted after 3 years||Individual employee|
|Local Drives & files||Moved to network drive daily, then deleted from local drive||Individual employee|
|Google Drive, Dropbox||Reviewed quarterly, any documents containing PII deleted after 3 years||Individual employee|
|Subject data for telemarketing||Duration of Licence, Redacted copy saved indefinitely if justifiable for compliance||DPO|
Section 5 – Subject Access requests and Source feedback mechanism
Subject access request procedures
Canvassers, when asked for a subject access request, will give the phone over to Adam or James who will then proceed to explain the process to the requestor, giving full details of our address, name of company and person to write to. This is to ensure that the person inquiring is given the full and correct details. Canvassers will not deviate from this to avoid noncompliance.
Upon receipt of a subject access request we action it at the soonest available time and aim to respond within one week but no longer than one month. We disclose all information we hold on that person, including but not limited to their:
- Contact Numbers
- Call History
- Source of their Data
We send it via 1st class recorded post and we keep a copy of the original letter from the inquiring party along with our response and receipt of posting with tracking information. We keep this on our records for one year to show we are being compliant and then we destroy it in a safe and secure manner.
Employees who submit a Subject access request will receive the same response time, with the only difference being that Emily, our HR Manager, will submit their personal employee file as well.
We do not charge for a subject access request unless it is an unreasonable or repetitive request.
Source feedback mechanism
The source feedback mechanism we have in place is to allow us to make sure that inaccuracies and problems arising from the data files we source are correctly dealt with. Any data files showing a 10% or greater inaccuracy, we give feedback to the source as to what the inaccuracies are and for them to action any remedial solutions.
First, download a disposition report of the list from the dialler. Each list is labelled with date of purchase, provider, and batch number. This report shows the canvasser level data processing and all the inaccuracies we have found in the time we have dialled it.
At this point send this report to the source for verification as to the reasons for the inaccuracies and for them to manage.
Section 6 – Manual opt-out input and Right to be forgotten
Should a customer request to be removed from our dialling list, the canvassers process said request there and then, dispositioning it as “DNC”
If the customer requests to be removed from all sources list including third party sources, the canvasser will give the phone to Adam or James who will take all the details required. They will then email the source detailing the number requesting to opt out of marketing calls.
We will keep a redacted copy (Name and Number) of their details to ensure we are compliant and put them into our suppression list. This is exercised under the “Right to Erasure” policy set out by the ICO
Right to be Forgotten Procedure
With the right to be forgotten procedure we advise the subject on all the data we have on them and delete all data with the below procedure. If we need to ensure that we do not call that person again as per their request, we will keep a redacted copy (Name and Number) to ensure we are compliant. This is exercised under the “Right to Erasure” policy set out by the ICO
Section 7 – Data Management training and delivery
Data management training content
We provide data management training for all employees to help us to be entirely efficient and compliant with its use. We outsource training on some accounts to ensure that we have the correct procedures and information in place in order to carry out our data management.
We also provide in-house training for employees. This is provided as part of the new starter training package that is given to all new starters. This includes our policies on data management and protection. During this we cover:
- GDPR laws and principles and application in our work
- Data protection dos and don’ts
- TPS, what it is and how it applies to us
- Dispositioning, correct use and why we do it
Please look at section 7.4 for training content on data management.
Data management training recipients
Every employee at Cisco Homes Ltd. receives training in data management. This is so we can ensure that all are aware of the implications of our actions when it comes to data.
Canvasser level training is included in their new starter package with refresher training every 6 months. This is carried out in house as their level of data management is minimal and does not require in depth data training.
Management level training is mainly outsourced to ensure we are qualified to undertake decisions on data management. We make sure that the training is fully certified and that it is relevant to what we need. It is also dependent on involvement in the use of data. If at management level their exposure to data management is minimal, they will have the same training as the canvasser level.
Delivery and continuity of training
All employees receive training upon joining the company and prior to making any calls. This means that everyone is aware of the requirements for data protection from the start with regards to data management and protection. For this reason, we also strive to continually improve everyone and keep the data management and protection training fresh in the memory as it is key to our work. Once the initial training is received, we then continue with refresher training sessions every 6 months.
Section 8 – Complaints
Subject access requests
Under GDRP it is a right of a data subject to be able to access what information a company holds on them; this is called the right of access. Information is usually requested through a subject access request either verbally or in writing and will provide:
- what personal information an organisation holds about you
- how they are using it?
- who they are sharing it with?
- where they got your data from?
We accept subject access requests both verbally and in writing and take no longer than the 28 days legally required to send the aforementioned information to the data subject via post or email, depending on the preferred means of contact.
We have created a SAR (subject access request) template which can be located in the shared company dropbox for use by the data protection officer and data manager when required. A copy of the SAR is saved and retained for no longer than 3 years as per the legal requirement.
Complaints of any other nature are dealt with as and when they are received, by a member of management of the related department. A complaints form should be filled out, dated, and filed away in the appropriate place. When completing a complaint form as much information as possible should be included so it can later be called upon if needed. A solution proposed by the member of management dealing with the complaint should be included and finally, once the complaint has been addressed, the outcome should be included for future reference. Depending on the nature of the complaint, additional training to any employee involved should be considered in order to minimise the chance of repeat issues.
Any data subject that requests their data be removed from the Cisco Homes database should have their details forwarded to the data manager so that said contact number can be added to the system’s Do Not Call list.