To set forth requirements regarding information entrusted to the Company by the clients and their users base and contractors.
Applies to:
All units in their handling of data, information and records in any form (paper, digital text, images, audio, video, microfilm, etc.) created, collected, accessed, used, handled, stored, managed or disposed of during the course of conducting Company business (administrative, financial, design, development, research or service).
Policy statement
Two Associates LTD is committed to safeguarding all Private Information entrusted to the Company by their clients and their users base and contractors. This notice describes the Company’s general privacy policy as it relates to the collection, protection and disclosure of such information. (Note: see the “Definitions” section below for the definition of “Private Information.”)
Information may be collected in a variety of ways, paper or electronic, including but not limited to, websites, surveys, email, information requests, databases, etc., as required to support Company and their client’s activities.
Information collected, regardless of the method of collection or format, may be used only to carry out the authorised business of the Company and their client’s. The Company shall make reasonable efforts to limit the Private Information it collects to only that information strictly relevant to accomplish a clearly defined institutional purpose.
Every unit is responsible for maintaining the necessary confidentiality, integrity and availability of the information it handles. Every unit is responsible for granting to assigned individuals within the unit the reasonable, minimum access to Private Information needed to accomplish the necessary institutional purposes. All Company employees are required to abide by UK national laws and Company policies, procedures and guidelines regarding the handling and protection of Private Information.
Employees who become aware of a breach of the privacy or security of Private Information must report such breach immediately to the CTO or CEO. The CTO office will notify the client or any involved party as needed.
Additional Company policies, procedures and guidelines apply to specific types of information. All relevant policies, procedures and guidelines apply to any given piece of information.
Private Information may be disclosed only to the extent that is permitted or required by law. Disclosure must comply with applicable requirements regarding consent or authorisation for disclosure.
The Company may be required to release information, including Private Information, where required by UK national laws or upon receipt of a subpoena, search warrant or other royal court order.
The Company supports a climate of trust and respect. The Company does not ordinarily read, monitor or screen employees’ routine use of information resources, except as necessary to maintain quality of service, to investigate a breach of security or misuse of Company and their client’s information resources or where required by law.
Exceptions to this policy and associated standards shall be allowed only if previously approved by the Two Information and security Review Committee and such approval documented and verified by the Chief Technology Officer.
Violations of this policy may result in disciplinary action, up to and including dismissal of employees. Employment actions will be conducted under the advice and guidance of Human Resources.
External contractors who violate this Company policy may be subject to proceedings for a contract cancelation and be subject to the discontinuance of specified information technology services based on the policy violation.
Management Team
Warren.smith@two-uk.com
Simon.causer@two-uk.com
+44 (0)203 597 5000
3rd Floor, Manor House
1 The Crescent
Leatherhead
Surrey
KT22 8DY
Approved by: Management team
Approved on: 1 November 2017
Last updated: 28 Apr 2024
Review cycle: Annual
Private Information: includes all information protected by UK national laws or that the Company is contractually obligated to protect. Private Information also includes information designated by the Company as private (confidential or sensitive) through the creation of standards, procedures and guidelines. Access to these data must be tightly monitored.
Examples of Private Information include, but are not limited to the following:
Financial records
Individually identifiable personnel records.
Personal information utilised to verify identity, including but not limited to National Insurance Number (NIN)
Passwords and PINS
Digital signatures
Individually identifiable health information protected by UK national laws (including but not limited to “protected health information” as defined by the Health Insurance Portability and Accountability Act (HIPAA)
Individually identifiable information created and collected by company projects
Credit card numbers and financial transactions covered by the Payment Card Industry (PCI) Standard
Information resources with access to confidential or sensitive data