Call us: 01708 769 140
Exel Contracts Ltd

Data Security & GDPR Policy

Exel Contracts Ltd take the privacy of all our staff and customers seriously, we will only use personal information to administer to customer accounts and to provide the products and services our customers have requested directly from us.

We will never knowingly pass on any of our staff or customer details to a third party outside of Exel Contracts Ltd. 

Exel Contracts Ltd Policy Statement:

  • We will comply with both the law and good practice
  • We will respect individuals’ rights and adhere to any policy put into operation
  • We will be open and honest with data held
  • We will provide training and support for staff who handle personal data, so they can act confidently and consistently.
  • We will notify the Information Commissioner voluntarily should the need arise.
  • We will ensure that all computer databases are protected adequately and that sensitive information will be encrypted.
  • We will ensure that sensitive data that has to be sent to another is sent in an encrypted format (For example should a sub-contractor require contact details or floor plans).
  • Where remote access is authorised, this will only be when the security can be managed.
  • We will disable the facility to use external devices in the hard drives of our computers (with the exception of 1 computer that will be in the locked office of the DPO).
  • We will ensure that the router and server has hardware firewall built in.
  • We will ensure that all mobile phones, tablets and emails are password protected (when any member of staff leaves working for Exel Contracts Ltd then all new passwords and settings will be implemented).
  • We will ensure that any personal information such as contact mobile numbers, addresses (if not in the public domain), plans and drawings of floor plans and email addresses are sent in an encrypted format.  Encrypted codes will be sent under separate cover.
  • Any handwritten notes bearing personal information will be shredded.
  • All paper files will be retained as per the legal period of 6/7 years, these will be stored securely in an alarmed premises and inside a locked secure cabinet.  At the end of the 6/7 years all files will be shredded in a secure manner and a certificate of proof for shredding will be obtained.

We have identified two main risk areas:

  • Information about data getting into the wrong hands, through poor security or inappropriate disclosure of information.
  • Individuals being harmed through data being inaccurate or insufficient.

Exel Contracts has appointed a Data Protection Officer (DPO) and their responsibilities include:

  • Briefing the Board on Data Protection responsibilities
  • Reviewing Data Protection and related policies
  • Advising other staff on complex Data Protection issues
  • Ensuring that Data Protection induction and training takes place
  • Notification to the ICO
  • Handling subject access requests
  • Approving unusual or controversial disclosures of personal data
  • Approving contracts with Data Processors

This policy will form part of an ongoing review and will be updated when required. 

The designated DPO is Danniella Wiltshire