- Data Protection Policy -

Introduction

R. STANGL Ges.m.b.H. needs to gather and use certain information about individuals. These can include

customers, suppliers, business contacts, employees and other people the organization has a relationship with or

may need to contact. These are the minimum requirements in oder to have a business collaboration.

This policy describes how this personal data must be collected, handled and stored to meet the company's data

protection standards.

Why this policy exists

This data protection policy ensures that R. STANGL Ges.m.b.H.:

>Complies with data protection best practices

>Protects the rights of staff, customers and partners

>Is open about how it stores and processes individual's data

>Protects itself from the risks of data breach

Who it concerns

This policy applies to

>All staff of R. STANGL Ges.m.b.H.

>All contractors, suppliers and other people working on behalf of R. STANGL Ges.m.b.H..

What it concerns

It applies to all data that the company holds relating to identifiable individuals.

This can include:

>Names of individuals

>Postal addresses

>Email addresses

>Telephone numbers

>Any other information relating to individuals

Data protection risks

This policy helps to protect R. STANGL Ges.m.b.H. from some very real data security risks, including:

>Breaches of confidentiality. For instance, information being given out inappropriately.

>Failing to offer choice. For instance, all individuals should be free to choose how the company uses data

relating to them.

>Reputational damage. For instance, the company could suffer if hackers successfully gained access to

sensitive data.

Responsibilities

Everyone who works at or on behalf of R. STANGL Ges.m.b.H., including contractors and suppliers, has some

responsibility for ensuring data is collected, stored and handled appropriately. Each person that handles personal

data must ensure that it is handled and processed in line with this policy and data protection principles.

General staff guidelines

>The only people able to access data covered by this policy should be those who need it for their work.

>Data should not be shared informally. When access to confidential information is required, employees can

request it from their line managers.

>R. STANGL Ges.m.b.H. informs all employees to help them understand their responsibilities when

handling data.

>Employees should keep all data secure, by taking sensible precautions and following the guidelines below. >In

particular, strong passwords must be used and they should never be shared.

>Personal data should not be disclosed to unauthorized people, either within the company or externally.

>Data should be regularly reviewed and updated if it is found to be out of date.

>Employees should request help if they are unsure about any aspect of data protection.

Data storage

These rules describe how and where data should be safely stored. When data is stored on paper it should be kept

in a secure place where unauthorized people cannot see it.

These guidelines also apply to data that is usually stored electronically but has been printed out for some reason:

>When not required, the paper or files should be kept in a locked drawer or filing cabinet.

>Employees should make sure paper and printouts are not left where unauthorized people could see them,

like on a printer.

>Data printouts should be shredded and disposed of securely when no longer required.

When data is stored electronically, it must be protected from unauthorized access, accidental deletion and

malicious hacking attempts:

>Data should be protected by strong passwords that are changed regularly and never shared between

employees.

>If data is stored on removable media (like USB-Stick. CD or DVD), these should be kept locked away

securely when not being used.

>Data should only be stored on designated drives and servers.

>Servers containing personal data should be sited in a secure location, away from general office space.

>Data should be backed up frequently. Those backups should be tested regularly, in line with the company's

standard backup procedures.

>Data should never be saved directly to laptops or other mobile devices like tablets or smart phones.

>All servers and computers containing data should be protected by approved security software and a

firewall.

>Devices storing data should be physically destroyed when no longer in use.

Data access / security

>Upon start-up off the system, the user has to login on the login screen with his user name and password. >The

password is only known to the user and is not to be told the any other user

>A firewall / virus protection program wills automatically start-up in order to protect the system

>Log files of all will automatically record all data transfer

>If the user forgets his password, he must immediately report to the system administrator who will change

the password and communicate a new password to the user

>After login in successfully into the system the user has access to the general and his own directory

>His personal directory can only be accessed by himself or the system administrator

>When leaving his workplace unattended the user must log off to assure data protection

>After 10 minutes without any input to the system, the system will automatically go back to the login screen >The

user now has to type in again his password to login to the system

>This guarantees maximum protection for personal and private data

Data usage and disclosure

Personal data is of no value to R. STANGL Ges.m.b.H. unless the business can make use of it. However, it is

when personal data is accessed and used that it can be at the greatest risk of loss, corruption or theft:

>When working with personal data, employees should ensure the screens of their computers are always

locked when left unattended.

>Personal data should not be shared informally. In particular, personal data should only be sent via email if

the emails are encrypted.

>Employees should not save copies of personal data to their own computers. Always access and update the

central copy of any data.

>Data should only be provided to approve vendors.

Data accuracy

It is the responsibility of all employees who work with data to take reasonable steps to ensure it is kept as accurate

and up to date as possible.

>Data will be held in as few places as necessary. Staff should not create any unnecessary additional data

sets.

>Staff should take every opportunity to ensure data is updated. For instance, by confirming a customer's

detail when they call.

>R. STANGL Ges.m.b.H. will make it easy for data subjects to update the information they holds

about them.

>Data should be updated as inaccuracies are discovered. For instance, if a customer can no longer be

reached on their stored telephone number, it should be removed from the database.

Monitoring and enforcement

>Employees will be provided a copy of this policy as part of their new hire paperwork.

>Periodic reminders of this policy will be provided to all employees.

>The Telecommunications Manager will review the policy as needed and make any revisions necessary. >Upon

revision the policy will be redistributed to all employees, suppliers, and clients.


Agreement with the clients:

The customer agrees that we can use his data in the course of organizing his move in accordance with data protection regulations.

Agreement with the service provider:

By becoming a service provider of R. STANGL Ges.m.b.H. you automatically agree to the regulations stipulated in

our Anti-Bribery & Anti-Corruption Charter (ABC-Charter) as well as our Data Protection Policy (DPP) and our Code

of Conduct. Simultaneously you understand and accept that compliance with the above provisions is a requirement

for cooperation between R. STANGL Ges.m.b.H. and its contractors.

Company name: Printed Name:

Company address: Position:

Date: Signature:


Erstellen Sie Ihre Webseite gratis! Diese Website wurde mit Webnode erstellt. Erstellen Sie Ihre eigene Seite noch heute kostenfrei! Los geht´s