Data Protection Policy

Home/Data Protection Policy

Introduction

reThinkData LLC does not collect information for individuals for any use other than delivering the data to the intended destination. Once an individual’s data is retrieved, it is delivered, and discarded. Personally identifiable information (PII) is kept for no longer than 60 minutes.

Guidelines

  • The only people able to access data covered by this policy are those who need it for their work.
  • Data is not to be shared informally. When access to confidential information is required, employees can request it from their managers.
  • reThinkData LLC provides training to all employees to help them understand their responsibilities when handling data.
  • A DPO (Data Privacy Officer) role is assigned to a designated reThinkData LLC employee.
  • The state agency designated as a GDPR authority will be contacted, and made aware of reThinkData LLC as a Processor of EU private citizen data.
  • Employees will keep all data secure, by taking sensible precautions and following the guidelines below.
  • In particular, strong passwords must be used and they should never be shared.
  • Personal data is not to be disclosed to unauthorized people, either within the company or externally.
  • Employees are expected to request help from their manager or the data protection officer if they are unsure about any aspect of data protection.

Data storage

These rules describe how and where data is safely stored. Questions about storing data safely can be directed to the IT manager or data controller.

When data is stored electronically, it is protected from unauthorized access, accidental deletion and malicious hacking attempts:

  • Data is protected by strong passwords, private key encryption that are changed regularly and never shared between employees.
  • Temporarily stored private data is encrypted by symmetric key encryption, file-level encryption, and/or application-level encryption.
  • Network transfer channels, and connections are all encrypted using TLS (transport layer security)/SSL (secure sockets layer).
  • Data is only stored on designated drives and servers, and should only be uploaded to approved cloud computing services.
  • Servers containing personal data are sited in a secure location, away from general office space.
  • Data that is backed up contains no personally identifiable information. Those backups are tested regularly, in line with the company’s standard backup procedures.
  • Data is never saved directly to laptops or other mobile devices like tablets or smartphones.
  • All servers and computers containing data are protected by approved security software and a firewall.

Data use

Personal data is of no value to reThinkData LLC. However, it is when personal data is accessed and used that it can be at the greatest risk of loss, corruption or theft, therefore:

  • When working with personal data, employees ensure the screens of their computers are always locked when left unattended.
  • Personal data is not shared informally. In particular, it should never be sent by email, as this form of communication is not secure.
  • Data must be encrypted before being transferred electronically. The IT manager can explain how to send data to authorized external contacts.
  • Employees do not save copies of personal data to their own computers. Always access and update the central copy of any data.
  • Data is held in as few places as necessary. Staff will not create any unnecessary additional data sets.