STAFFORDS DATA PROTECTION POLICY
APPLICABLE TO CUSTOMER DATA
Staffords are contacted directly by customers in order to register a service request for the repair of a product or for technical helpline assistance.
The information captured by Staffords is limited to contact details and information relating to the equipment the customer is seeking to have repaired or is requiring technical assistance.
The customer data we hold can include the following details:
Name, address, telephone number, email address, reason for call, call resolution and if appropriate credit card details.
Only customer data which is necessary to perform our contractual obligation is held.
HOW IS THE DATA OBTAINED
The data is obtained directly from the customer either by email or phone call.
THE PURPOSE(S) FOR WHICH THE DATA IS OBTAINED
The primary purpose the data is obtained from the customer is in order to register the customer`s call, process the repair of the customer`s product and or to provide technical telephone support.
Data may also be taken to facilitate payment by the customer for any services provided.
A secondary reason is to advise the customer of marketing promotions relating to the services they have previously been supplied by Staffords.
WHO RECORDS THE DATA
Customer phone calls and emails are received and information recorded by technical helpline or helpdesk operators within the Staffords call centre.
HOW IS THE DATA STORED
The customer data is stored electronically on the internal call management system.
WHO HAS ACCESS TO THE DATA
Call centre operators, workshop engineers, accounts administrators, warehouse staff.
Data controllers, third party couriers, IT consultants and IT support companies with whom we are formally contracted.
CHECKS ON THIRD PARTY SUPPLIERS WITH ACCESS TO CUSTOMER DATA
Staffords have completed checks to verify that any third parties with access to customer data comply with the Regulations
HOW IS THIRD PARTY ACCESS TO THE DATA OBTAINED
Staffords contracted IT consultants have direct access into our systems for the sole purpose of maintaining/upgrading software, IT maintenance and support.
Third party couriers are provided with individual customer details including name and address, contact phone number and email address, electronically and delivery address label.
HOW IS THE DATA PROTECTED FROM UNAUTHORIZED ACCESS
The call centre screens are password protected
There are firewalls in place which are regularly updated to protect against unauthorized external access to the data.
Clean desk policy. The call centre operatives are provided with dry wipe boards in the event that they are required to write down any customer details. The wipe boards are removed from desks outside office hours or when desks are left unattended.
No mobile devices are permitted to be used by call centre staff at their work station unless authorized by a senior manager or director.
All USB ports on call centre, workshop and warehouse PCs are disabled.
It is a condition of employment that no employee may use their computer to share information about our customers and any breach of this condition may be construed as gross misconduct.
Training. All call centre staff have received training/ instructions or briefings in the processing and protection of customer data.
DO WE NEED TO MAKE ANY TECHNICAL OR ORGANISATIONAL CHANGES IN ORDER TO LIMIT OR RESTRICT ACCESS TO CUSTOMER DATA.
The senior management have reviewed all the processes in relation to the capture, processing and erasure of customer data.
The management consider that the existing measures in place afford adequate levels of control in terms of the handling of customer data and the protection of customer data from unauthorized access.
HOW LONG SHOULD WE KEEP DATA
We need to keep customer data in relation to the technical helpline for 3 years from the last date of contact with the customer or for the duration of any warranty period if appropriate.
In respect of product repairs we are required to keep data for a minimum of 2 years from the last date of the completed repair to cover any possible liability claim or for the duration of any product warranty period whichever is greater.
HOW OFTEN SHOULD WE AUDIT THE DATA
The data should be audited every 6 months.
WHO IS RESPONSIBLE FOR AUDITING THE DATA
The call centre manager in conjunction with a director.
HOW DO WE ERASE THE DATA
The call management system which holds the data will automatically purge the customer data at the point when the retention period expires.
HOW DO WE RECORD THAT WE HAVE AUDITED THE DATA
Every 6 months we will audit the customer data and keep an electronic log confirming that the customer data has been successfully erased or otherwise.
If for any reason the data has not been properly erased as per the automated process prompt action will be taken to correct the process.
WHEN SHOULD WE REVIEW THE PROCESS
In the event that there is a change in the call management system we will review the process and otherwise carry out a review every 12 months. We will keep an electronic log of the review and any changes deemed necessary.
TRAINING OF STAFF ON GDPR.
All existing staff and new staff will have training and or a briefing(s) on data protection as it applies to customer data.