DATA PROTECTION, SECURITY AND RETENTION
All necessary steps are taken to safeguard data – all client data is stored on our CRM platform in individually siloed databases on a per campaign basis with handling/processing of the data being carried out only by authorised staff in accordance with TBG:Engage’s procedures and data policies and follows data privacy and GDPR compliance requirements.
User access is locked down to IP address, password protected and restricted to named users with tiered permission-based access enabling us to restrict actions and only display data on a ‘need to know’ basis for them to be able to carry out their job. As an extra layer of protection Multi-Factor Authentication (MFA) is enabled for user access to further secure user credentials and access to the data and data processing system environment.
All data is secured to a minimum level of TLS1.2 SHA-256 RSA encryption and is stored/hosted on servers that are based within data-centre’s located within the EU and are ISO 27001 certified. Access to the systems is via secure connections only, there is no remote access possible to the databases themselves.
Should it be required team of agents for a specific client or campaign can be based in their own enclosed secure office. We also have the facility internally to fully screen agents to FCA standards including full history referencing, ID checking and Credit Checking.
TBG:Engage periodically audits and reviews its business functions, procedures and policies regarding data security, privacy and compliance; including:
- Staff data protection training and awareness;
- Security of personal data;
- Information sharing;
- Records management
- Data Protection Impact Assessments
All Cloud-based and SaaS providers are audited and assessed before TBG:Engage starts working with them to ensure that they have recognised security standards, operational resilience, defined SLAs/KPIs and that they comply with regulatory and legal requirements.
Client data is only kept for as long as necessary for the purpose for which it is processed and when it is no longer required, it shall be deleted/destroyed from TBG:Engage’s systems. It may be necessary to TBG:Engage to retain/provide access a limited set of historic data which a part of an agreed specific contractual obligation or by regulatory requirement, in this event the data will be secured access provided for the specific agreed purpose and individuals and all people identifiable information will have been removed from the data.
All calls that are handled through TBG:Engage for the purpose of client calling campaigns are recorded and are automatically deleted after a period of 6-months.