WHAT INFORMATION DO WE COLLECT?
We collect information from you when at the client onboarding process, order placement and when you sign up to our newsletter.
This information (consumer or business) may include name, address, e-mail address, contact number and transactional history.
WHAT DO WE USE YOUR INFORMATION FOR?
What do we use your information for?
- To process transactions. Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of completing the order or delivery service as requested. Spectrum may pass on delivery information to our partner carriers to enable delivery of our service. This is subject to the carriers Data protection policy, which is available upon request.
- To send periodic emails (the email address you provide may be used to send you information, respond to inquiries, and/or other requests or questions).
HOW DO WE PROTECT YOUR INFORMATION?
In relation to the personal data that Spectrum processes, Spectrum has implemented the below measures (but not be limited to):
- the pseudonymisation and encryption of the Personal Data where appropriate and feasible;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to the Personal Data in a timely manner in the event of a physical or technical incident;
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing;
- the prevention of unauthorised persons’ gaining access to data processing systems (physical access control),
- the prevention of data processing systems being used without authorisation (logical access control),
- ensuring that persons entitled to use a data processing system gain access only to such personal data as they are entitled to access in accordance with their legitimate access rights, and that, in the course of processing or use and after storage, Personal Data cannot be read, copied, modified or deleted without authorisation (data access control),
- ensuring that the personal data cannot be read, copied, modified or deleted without authorisation during electronic transmission, transport or storage on storage media, and that the target entities for any transfer of the personal data by means of data transmission facilities can be established and verified (data transfer control),
- ensuring the establishment of an audit trail to document whether and by whom the personal data have been entered into, modified in, or removed from data processing systems (entry control),
- ensuring that the personal data is processed solely in accordance with the relevant Controller’s instructions (control of instructions),
- ensuring measures to secure and defend Personal Data against "hackers" and others who may seek to modify the Data Processor Services or the data therein without the consent of Processor or Data Controller, and to correct the Data Processor Services to its original form in the event that it is modified without Data Controller consent;
- Spectrum as data processor provides to the data controller (customer) the right to execute an audit of the data processors and sub-processors environment with a scope that includes all contracted Services, data processor sites and any equipment, software, systems, facilities and business processes maintained by or on behalf of data processors and sub-processors to provide the services or to host or store any personal data of data controller;
- Spectrum maintains and enforces at our physical sites safety and physical security procedures that are at least equal to best industry standards and practices for such types of service locations. Specifically:
- Spectrum performs scheduled backups of our services, systems and personal data and ensure availability of data controller data in alignment with the provided data retention and recycle periods.
- We ensure security and audit logs be retained for 360 days and access to security logs are restricted to authorised persons.
- Physical access granted via sign in and accompaniment.
- Physical access will be restricted and recorded, and access allowed based on a need-to-know basis.
- Ensure background check procedure for all data centre personnel.
- Ensure restriction of physical access to the System (including its information systems, equipment and the respective operating environments to authorized employees only; (ii) adequately protect the physical plant and contained supporting infrastructure environment for information systems; (iii) provide supporting utilities for information systems; (iv) protect information systems against environmental hazards; and (v) provide appropriate environmental controls in facilities containing information systems.
- Ensure restriction of physical access to (network and server) equipment and other infrastructural systems and devices used for rendering services to specified employees only and must adequately monitor these restrictions.
- Ensure Physical security controls (e.g. air conditioning, UPS, fire detection, fire prevention, power generators, etc) used by Data Contractor for protection of the equipment in the computer room are adequate, up-to-standard and fit-for-purpose.
DO WE HAVE A DATA RETENTION POLICY?
Yes. Spectrum will hold data for as long as necessary for the purposes for which it was collected, where there is a business need, to provide you with services and to conduct our legitimate business interests or where otherwise required by law.
Once your account is active with the company, we will retain your name, contact details, financial data, transactional history and marketing and communications data. Once your account is no longer in existence, we will retain your name, contact details, financial data and order and transaction history for a period of five years. However, you will not receive any marketing communications from the company.
DO WE HAVE A DATA POLICY FOR OUR EMPLOYEES?
Yes, we have updated our employee handbook to include data we hold on employees, why we hold this data and the scope.
DO WE DISCLOSE ANY INFORMATION TO OUTSIDE PARTIES?
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential.
We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
Spectrum has implemented a breech management plan, which sets out how Spectrum would meet requirements in the unlikely event Spectrum is confronted with a breach of security affecting personal data. All the relevant team members have completed a GDPR training module to understand this new process and are aware of the reporting procedure in such an event. Spectrum commits to notifying clients in such an event within 6 hours of being made aware.