Data Protection & Information Security
TEPE Holdings Group
In this document TEPE Holdings Group refers to Clarkeprint Limited, Clarkeprint FM Limited and Waveney Publishing Limited (t/a WavePrint), whose registered office address is Waveney House, 45-47 Stour Street, Birmingham, B18 7AJ.
ICO Registration Numbers
Clarkeprint Limited: Z7271951
Clarkeprint FM Limited: ZA320398
Waveney Publishing Limited: ZA320408
Data Protection Policy
A copy of TEPE Holdings Group's complete data protection policy documents are available on request. TEPE Holdings Group companies act under the clients' instructions as a data processor in accordance with the terms laid out under the Data Protection Act and the General Data Protection Regulations.
Confidentiality
Title/ownership of the Data/Information (Confidential Information) supplied by the client to TEPE Holdings Group remains vested in the client.
TEPE Holdings Group shall:
Keep the Confidential Information of the client strictly confidential;
Restrict disclosure of the Confidential Information soley to those employees, officers and subcontractors with a need to know and not disclose it to third parties;
Advise employees, officers and subcontractors who receive the Confidential Information of the obligation of confidentiality, hereunder;
Use its best endeavours to safeguard the Confidential Information from accidental loss, destruction or damage.
Information Security Policy
As a company, TEPE Holdings Group recognises that information is a valuable asset and consequently needs to be appropriately protected to ensure prosperity, continued business performance and customer confidence.
TEPE Holdings Group shall:
Ensure senior management direction and effectiveness throughout the company.
Ensure that controls are based on the business requirements and are balanced against risk assessments, which are regularly reviewed.
Maintain an effective Information Security Management System that helps the company to process data safely, securely and in line with customer requirements.
This is achieved by:
Ensuring that appropriate information is available, accurate and protected.
Ensuring compliance with legislative, regulatory and contractual requirements.
Educating and training employees to handle and process information securely and effectively.
Developing controls as a result of continuous improvement and measure their effectiveness.
Detecting and protecting against viruses, other malicious software and security vulnerabilities.
Protecting critical business and customer processes against major failures and disasters.
Conducting regular security risk assessments and audits.
Information Security Protocol
TEPE Holdings Group is committed to protecting both its customers and its own business information through applying its own Personal Information Management System (PIMS) that sets out the policies, processes and controls by which it manages its information assurance activities.
This PIMS uses a process approach for establishing, implementing, operating, monitoring, reviewing and maintaining measures and controls which includes:
Data Protection Policy (PIMS01)
Training Policy (PIMS02)
Consent Procedure (PIMS03)
Privacy Notice Procedure (PIMS04)
Subject Access Request Procedure (PIMS05)
Retention of Records (PIMS06)
Privacy Impact Assessment Procedure (PIMS07)
Personal Data Breach Notification Procedure (PIMS08)
Transfers of Personal Data to Third Countries (PIMS09)
Withdrawal of Consent Procedure (PIMS10)
Managing Sub-Contracted Processing (PIMS11)
Privacy Notices (PIMS12.xx)
Data Classification Policy (PIMS27)
Acceptable Use Policy
Employee/Sub-Processor/Customer Confidentiality Agreements
Disaster Recovery Procedure
Security Policy
Additional supporting policies, registers and contracts
Security Management
Security, compliance and health and safety are the responsibility of the Board of Directors.
The company’s security and confidentiality policies are presented to every employee and are referred to within the contract of employment and are discussed during new employee induction.