Tricord Data Policy
Confidentiality is at the heart of Tricord’s ethos and operation.
We offer a number of secure methods for Clients to transfer data to us.
All data is held on our secure servers for the duration of the mailing.
Once the project is complete data is destroyed, returned to the Client or retained for further instruction.
We take a very simple and robust approach to your data:
- Your data is yours
We understand the time and cost that you have invested in building this very valuable asset
- Your data is protected
While with us your data will remain on our secure servers, accessed only by our staff who have been trained and vetted
- Your data is temporary
At the end of any job or project your data can be:
- destroyed by us
- returned to you
- retained securely by us for future work or reference
Tricord Ltd fully complies with the Data Protection Act 1998, the Eight Data Protection Principles of which are:
- Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless (a) at least one of the conditions in Schedule 2 is met, and (b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
- Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
- Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
- Personal data shall be accurate and, where necessary, kept up to date.
- Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- Personal data shall be processed in accordance with the rights of data subjects under this Act.
- Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Tricord are registered with the Information Commissioner as required by the Data Protection Act. We take our responsibility for storing all data (both physical and electronic) seriously with both Directors taking responsibility for these obligations.
When data is received by us for a mailing it is held on our secure password-protected network which is also behind a password-protected firewall. The data is only accessed by authorised users and is not divulged to third parties and only used for the purposes of the job.
In 2011 we were entrusted with the production and distribution of £232,000,000 of cheques which was successfully completed with full audit traceability to within 1 pence and to our client’s complete satisfaction.
Access is restricted to our building and additional areas where information is stored (by means of coded keypad entry during working hours with all doors and windows being protected by locked roller shutters outside office hours).
Our building has a regularly maintained and tested RedCare security alarm as well as a regularly maintained and tested fire alarm.
Electronic information is stored in either database or files on our network. The network is protected by both a hardware firewall and password protection for authorised access. All software is updated as required by our software suppliers and is supported on a maintenance contract by trained hardware and software engineers. We operate and regularly review a Disaster Recovery Plan. Daily backups are taken with one copy being kept offsite.
Physical information is kept in filing cabinets with restricted access during working hours and locked and alarmed access outside office hours.
Staff & Operations.
We have a very low turnover of staff. We have been in business for 16 years and the average length of employment with us is 8 years. Staff are given initial and refresher training on the use and security of data. We understand the necessity of maintaining confidentiality of client data. Unless requested otherwise by clients we normally remove client data 3 months after the completion of a job [this enables delivery or postage queries to be dealt with]. Where a client requests deletion of data within an earlier timescale we explicitly confirm by email when this has been done.
We process thousands of credit card order payments each year. Our systems are fully PCI compliant.