GENERAL

This document is only applicable to employees of Blue Ring Digital Services Limited.

"Cookie Policy" refers to this Cookie Policy.

"We", "Us", "Our", "Blue Ring Digital Services Limited" refers to Blue Ring Digital Services Limited.

As per ISO 27002 the purpose of information classification is to ensure that information/ data receives an appropriate level of protection.This Data Management Policy requires Data Owners to classify their data according to this Data Management Policy, which sets out how each item of data must be classified.

We will try to keep everything in this document as straightforward as possible, but if there’s anything You don’t understand, please get in touch with Us.

The headings in this Data Management Policy are for convenience only and shall not affect their interpretation.

The masculine shall include the feminine and the neuter and the singular the plural and vice versa.

If any provision or part of any provision of this Data Management Policy is found by a court or other competent authority to be void or unenforceable, such provision or part of a provision shall be deleted from this Data Management Policy and the remaining provisions or parts of the provision shall continue to be in full force and effect.

Data classifications

Classification Description
Public All business data that’s freely available to the public and that can’t be leveraged to cause any financial loss, brand damage, or market share loss or jeopardize your clients, partners, or employees.
Internal Information that can be circulated only internally. Unauthorised disclosure of such information can lead to embarrassment and loss of competitive advantage.
Confidential Sensitive business data that if disclosed to unauthorised persons can harm a company, its customers, partners, or employees. Loss of confidential information may also lead to regulatory backlashes.
Restricted Highly confidential information that can cause permanent damage to a company and its customers.

Public data

Public data is information that may be open to the general public. It is defined as information with no existing local, national or international legal restrictions on access or usage. Public data can be made available to all members of the Blue Ring Digital Services Limited and to all individuals and entities external to Blue Ring Digital Services Limited.

Internal data

Internal data is confidential information that must be protected due to proprietary, ethical, or privacy considerations, and must be protected from unauthorised access, modification, transmission, storage or other use. Internal data is information that is restricted to members of the Blue Ring Digital Services Limited community who have a legitimate purpose for accessing such data. Internal data must be protected to prevent loss, theft, unauthorised access and/ or unauthorised disclosure.

Confidential data

Confidential data is information or data protected by statutes, regulations or contractual obligation. Confidential data may be disclosed to authorised individuals on a need-to-know basis only.

Confidential data, when stored in an electronic format, must be protected with strong passwords and stored on servers that have appropriate access control measures in order to protect against loss, theft, unauthorised access and/ or unauthorised disclosure.

Confidential data must not be disclosed to parties without explicit management authorisation from the data owner. Confidential data must only be used for the purpose for which it was originally gathered. If, for legitimate reason the data is used for a purpose other than that of which it was originally gathered the data must be anonymised.

Restricted

Restricted data is information or data protected by statutes, regulations or contractual obligation or by Blue Ring Digital Services Limited policies. Restricted data must not be disclosed to anyone and can only be used by authorised individuals. Restricted data, when stored in an electronic format, must be protected with strong passwords and stored on servers that have appropriate access control measures in order to protect against loss, theft, unauthorised access and/ or unauthorised disclosure.

Data retention and destruction

Our sets the required retention periods for specified categories of personal data and sets out the minimum standards to be applied when destroying certain information within Blue Ring Digital Services Limited.

Classification of data

Data category Classification Data Owner
Financial records
Payroll records Confidential Finance Team
Supplier contracts Confidential Finance Team
Chart of accounts Confidential Finance Team
Fiscal policies and procedures Internal Finance Team
Permanent audits Confidential Finance Team
Financial statements Confidential Finance Team
Ledger's Confidential Finance Team
Investment records (deposits, earnings, withdrawals) Confidential Finance Team
Invoices Confidential Finance Team
Cancelled checks Confidential Finance Team
Bank deposit slips Confidential Finance Team
Business expenses documents Confidential Finance Team
Check registers/ books Confidential Finance Team
Property/ asset inventories Confidential Finance Team
Credit card receipts Confidential Finance Team
Petty cash receipts/ documents Confidential Finance Team
Business records
Article of Incorporation to apply for corporate status Confidential Finance Team
Board policies Internal Finance Team
Board meeting minutes Restricted Finance Team
Tax or employee identification number designation Confidential Finance Team
Office and team meeting minutes Confidential Finance Team
Annual corporate filings Public Finance Team
Employee records
Disciplinary, grievance proceedings records, oral/verbal, written, final warnings, appeals Confidential HR Team
Applications for jobs and interview notes Confidential HR Team
Payroll input forms, wages/ salary records, overtime/ bonus payments Payroll sheets, copies Confidential HR Team
Bank details – current Confidential HR Team
Payrolls/ wages Confidential HR Team

Job history including staff personal records:-

  • Contract(s);
  • Terms & Conditions;
  • Previous service dates;
  • Pay and pension history,
  • Pension estimates, resignation/ termination letters
Confidential HR Team
Employee address details Confidential HR Team
Expense claims Confidential HR Team
Annual leave records Internal HR Team
Accident books including accident reports and correspondence Confidential HR Team
Certificates and self-certificates unrelated to workplace injury; statutory sick pay forms Confidential HR Team
Pregnancy/ childbirth certification Confidential HR Team
Parental leave Confidential HR Team
Maternity pay records and calculations Confidential HR Team
Redundancy details, payment calculations, refunds, notifications Confidential HR Team
Training and development records Confidential HR Team
All other contracts
Signed Confidential Finance Team
Contract amendments Confidential Finance Team
Successful tender documents Confidential Finance Team
Unsuccessful tenders’ documents Confidential Finance Team
Tender – user requirements, specification, evaluation criteria, invitation Confidential Finance Team
Contractors’ reports Confidential Finance Team
Operation and monitoring, eg complaints Internal Finance Team
Customer data

CRM data:-

  • Name;
  • Address;
  • Telephone number;
  • E-mail address;
  • Date of birth;
  • Communications.
Confidential Customer Service Team
Reviews, Feedback and comments Public Customer Service Team
Live chat history Confidential Customer Service Team
Platform data – information entered by the customer during the use of the platform (excluding information aleady detailed above) Confidential Customer
Metrics data Confidential Development Team
Flyers & Newsletters
Name and email address Internal Marketing & Sales Team
Other data
Call recordings Internal Marketing & Sales Team
Proof of destruction/ destruction certificate Internal Data Protection Officer
Information Technology
Files on local storage drives Confidential Individual employee
Local storage recycle bins Confidential Individual employee
Group/ personal network drive Confidential Individual employee
E-mail (inbox, sent items and sub folders) Confidential Individual employee
E-mail (deleted items) Confidential Individual employee
Webserver backups Restricted Development Team

Changes to Our Data Management policy

This Data Management Policy replace all previous versions. We reserve the right to change this Data Management Policy at any time.