Quattro Group are committed to the effective and complaint management of the personal data we control. This policy details the leadership commitments the directors and senior management team of Quattro Group undertake to ensure the highest level of compliance with:
Our 6 key management system principles for the processing of personal information:
- All personal information shall be processed lawfully, fairly and in a transparent manner
- Shall be collected for specific, explicit and legitimate purposes and only processed in accordance with the purpose(s) it is collected. Only.
- Personal information data shall be limited, relevant and accurate as necessary for the purpose it is collected.
- Personal information shall be kept up-to-date where required
- Personal information shall be stored in a format adequate to readily identify the subject for no longer than necessary
- All personal information shall be processed in a secure manner including unauthorised access controls
To ensure the security of personal data Quattro Group have invested significant resources in information technology systems:
- ISO27001 Compliant Information technology infrastructure
- Cyber Essentials ISO27001 penetration testing of Quattro Group networks
- Citrix Information technology networks and data management
Our Citrix IT systems eliminate the most common forms of data breach ensuring data cannot be copied, removed or held on personal devices or Company laptops etc. Further levels of device password protection and Citrix password protection provide additional advanced security.
To reinforce our information technology infrastructure the Quattro Group Human Resources Team operate a robust management system compliant with the requirements of ISO10012 - Data protection - Specification for personal information management systems PIMS. This management system is regularly audited in conjunction with our British Standards Institute lead auditor and the Human Resources Team.
Where possible Quattro Group eliminate paper records however where required GDPR protected records are stored in secure locked cabinets accessible only by the Human Resources Team.
John Reviewed By: Melanie Webb
Murphy, Date: 30th May 2023
Managing Director Date of Next Review: 30th May 2024