Privacy Policy

Introduction

KELTNERLTD STORE (or ‘The Company’) collects, holds, processes and shares personal data, a valuable asset that needs to be suitably protected.

Every care is taken to protect personal data from incidents (either accidentally or deliberately) to avoid a data protection breach that could compromise security.

Compromise of information, confidentiality, integrity, or availability may result in harm to individual(s), reputational damage, detrimental effect on service provision, legislative noncompliance, and/or financial costs.

Purpose and Scope

KELTNERLTD STORE is obliged under Data Protection legislation to have in place an institutional framework designed to ensure the security of all personal data during its lifecycle, including clear lines of responsibility.

This policy sets out the procedure to be followed to ensure a consistent and effective approach is in place for managing data breach and information security incidents across the company.

This policy relates to all personal and special categories (sensitive) data held by the company regardless of format.

This policy applies to all staff at the company. This includes temporary, casual or agency staff and contractors, consultants, suppliers and data processors working for, or on behalf of the company.

Definitions / Types of Breach

For the purpose of this policy, data security breaches include both confirmed and suspected incidents.

An incident in the context of this policy is an event or action which may compromise the confidentiality, integrity or availability of systems or data, either accidentally or deliberately, and has caused or has the potential to cause damage to the Company’s information assets and / or reputation.

• Loss or theft of confidential or sensitive data or equipment on which such data is stored (e.g. loss of laptop, USB stick, iPad / tablet device, or paper record);
• Equipment theft or failure;
• System failure;
• Unauthorised use of, access to or modification of data or information systems;
• Attempts (failed or successful) to gain unauthorised access to information or IT system(s);
• Unauthorised disclosure of sensitive / confidential data;
• Website defacement;
• Hacking attack;
• Unforeseen circumstances such as a fire or flood;
• Human error;
• ‘Blagging’ offences where information is obtained by deceiving the organisation who holds it.

Reporting an Incident

Any individual who accesses, uses or manages the Company’s information is responsible for reporting data breach and information security incidents immediately to the Data Protection Officer (at contact@nitilda.com).

If the breach occurs or is discovered outside normal working hours, it must be reported as soon as is practicable.

The report must include full and accurate details of the incident, when the breach occurred (dates and times), who is reporting it, if the data relates to people, the nature of the information, and how many individuals are involved.