Data Protection Policy
Cauliflower Catds Ltd
Compliance with the Data Protection Act 1998
Principle 1: Processing personal data fairly and lawfully
• Cauliflower Cards will only use the data provided by the customer in a way that they would reasonably expect to produce their order.
• No personal data is passed on to third party companies.
Principle 2: Processing personal data for specified purposes
Cauliflower Cards will only obtain customer’s personal data for the purpose of their order and that data shall not be further processed in any manner incompatible with that purpose.
Principle 3: Holding personal data that is adequate, relevant and not excessive
Cauliflower Cards will only hold personal data about an individual that is sufficient to produce their order and future reorders.
Principle 4: Personal data shall be accurate and, where necessary, kept up to date Cauliflower Cards update their customer database continuously - contact details are removed, updated and/or replaced.
Principle 5: Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes
Cauliflower Cards only hold a modest amount of personal data. They conduct an annual audit on each registration renewal to check through the records they hold to make sure they are not holding onto personal data for longer than is required.
Users of Cauliflower Cards Online Book Creator System can at any point permanently delete all data they have entered in the system themselves.
Cauliflower Cards will delete all date on any inactive accounts after a period of 24 months.
Principle 6: Personal data shall be processed in accordance with the rights of data subjects under this Act
Cauliflower Cards include a tick box on Pupil Orders Forms where a customer can request the submitted artwork is not used for future samples. Any referral to a customer is deleted from any images used for promotional or advertising purposes.
Cauliflower Cards only contact individuals by email when their details have been obtained in the course of a sale and only contacts them about similar products and services they provide. The individual is given the opportunity to opt out of receiving further marketing messages.
Principle 7: We must have appropriate security to prevent the personal data held being accidentally or deliberately compromised.
Cauliflower Cards has secure alarmed premises attached to a Red Care Monitoring station.
Third Party Enquiries
• All staff are trained in the company security measures i.e. • To be wary of people who may trick them into giving out personal details. • Not to send offensive emails about other people, their private lives or anything else that could bring the Company into disrepute. • Not to believe emails which appear to come from the bank asking for credit cards details or a password. • Not to open spam. • Reorders of Yearbooks will only be processed when placed through the child’s school. • Reorder of Cards can only be made using the child's unique code.
• Have Microsoft Security Essential virus checking software loaded, and are set up to receive the latest patches and security updates.
• Incoming emails are scanned by Net Intelligence.
• Computers are scheduled to connect to the internet during office hours only and time out after a 20min period.
• Staff only have access to the information they need to do their job and do not share passwords.
• Regular backups are taken so information is not lost.
• All personal information is removed before disposing of old computers.
Web hosting and Book Creator Hosting:
This is outsourced to a large well established company: Iomart:
Physical security/ data safety spec:.
• 24 x 7 x 365 Manned Security & Monitoring
• Smart Card access policies
• Internal and External CCTV systems
• Security breach alarms
• Stable Environmental Conditions
• 24 x 7 environmental monitoring systems
• Constant evaluation and testing of all systems
• N+1 redundant Heating Ventilation Air Conditioning (HVAC) system
• Fully redundant air handling units provide constant fresh airflow
• Raychem Fluid Detection
• FM200 fire suppression equipment
• Dual independent power feeds, backed up by dual battery string Uninterrupted Power Supplies (UPS) systems (deployed as standard)
• 2 Megawatt diesel generators - protect services from any single power failure
• Each online user must register their details to receive a unique password.
• Passwords are set to different security levels which allow for a range of access to data - this is control by the organiser of an online project.
• Time settings can be controlled by a project organiser to allow younger users who have passwords limited access to Cauliflower Cards book Creator site. (ie school hours only)
• All confidential paper is archived on site for a period of 12 months.
• The company then shred all sensitive material including order forms, cards and yearbooks before disposing of materials.
• These are made directly through HSBC system.
• We do not record or store any bank card details.
Principle 8: We must adequately protect personal data being transferred to countries outside the EEA
Cauliflower Cards is aware they are responsible for the protecting the personal information transferred to their Outsourced Data Entry Supplier. This applies to both the method used to transfer the information and the work itself. Cauliflower Cards has a legal agreement with their data entry/conversion service supplier covering the data transfer assurances of security of CLIENT’s files and to Confidentiality Specific Data dealt within ‘Section 5’ of this agreement.