New Forest Growers Ltd
For our own accounting and member contact purposes we hold data in electronic and paper format. This information is limited to what is required to maintain our accounting records for the prescribed period required by law, which is seven years. The data comprises company name and address, contact names, telephone numbers and email addresses, and records of financial transactions. We use this information to send accounting documents such as invoices and statements to our members by post or email, and occasional newsletters and promotions if express consent has been given for this.
None of the data mentioned above will ever be intentionally or unintentionally disclosed to any third party unless we are required to do so by a legal request from Her Majesty’s Revenue and Customs or law enforcement agencies with a legal warrant.
Access to the above data is restricted to the Directors and designated staff of New Forest Growers Ltd. Physical data is held in locked filing cabinets. Once stored paper records are no longer required to be held, they are securely shredded and disposed of by an accredited third party who gives appropriate guarantees and certificates of secure disposal.
We take the security and confidentiality of our own and our member’s data very seriously. Data held electronically in computer storage and retrieval systems are protected in several ways to prevent data breaches occurring.
All computers and servers on our premises are secured from physical access from any unauthorised persons. Offices are locked and only accessible to directors and staff.
All computers and servers are running supported versions of Windows operating systems, are fully patched up to date against security vulnerabilities and have industry standard anti-virus and anti-malware software installed and updated as often as required. Access to computers is by way of secure logins and passwords which are changed on a regular basis.
Computer software used to store our own and member’s data is regularly updated as advised by the software vendors. Access to accounts and payroll software is protected by a further level of username and password requirement.
To prevent accidental loss of data, there are two separate data backup processes in place. One backs up all the data on our servers daily to a local backup device which is stored in a secured cabinet. A second process backs up critical data to a secure, encrypted, off-site backup service. This is also done daily.
Wi-Fi access to the company network is restricted to staff members who have password access. Wi-Fi passwords are changed on a regular basis, and management of this is restricted to one designated staff member, a manager.
Our company website does not contain any member’s data.
Our email server uses the highest level of security, utilising SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail) to authenticate our outgoing mail to third-party email servers. This helps to prevent spoofing of our email addresses and their use for phishing attacks. Our staff are trained to detect and delete phishing emails from malicious third parties attempting to obtain confidential company information. We have an efficient paid-for anti-spam service that blocks a large proportion of unwanted or malicious mail.
If portable devices such as mobile phones, laptops and tablets are used, usually no confidential data is stored on the device, they are used to remotely access company data on our servers, and are subject to the same access restrictions as the local login would be. If, in the case of remote workers, copies of confidential company data is stored, it is protected by the use of corporate logons and passwords as though the device was in the office.
We take great care to protect confidential third-party data using the measures above, and continually review our systems to ensure the highest standards of data security.
New Forest Growers Limited, Pitmore Lane, Sway, Lymington, Hampshire. SO41 6BX
Dated: 17th May 2018