TECHNICAL AND ORGANISATIONAL MEASURES
1. Confidentiality (Article 32 Paragraph 1 Point b GDPR)
1. Physical Access Control:
1. Only authorized personnel have access to offices, data centre facilities etc.
2. Facilities and offices are sufficiently secured (e.g. safety locks, access control system).
3. Workstations and server systems are only accessible by authorized personnel.
2. Electronic Access Control:
1. Access to data is only possible after sufficient authentication (at least username and password).
2. Automatic screen savers with password protection are active.
3. Strong passwords are enforced, preferably by technical controls (e.g. at least 8 characters, 3 character class, password expiration of 180 days or less).
3. Internal Access Control:
1. Access rights of employees are withdrawn upon termination or changing departments.
2. Data access permissions are reviewed regularly.
3. Data access is only granted on the principle of "need to know".
4. Employees are thoroughly instructed and trained upon how to use the Principal's data.
4. Isolation Control:
1. Production and test systems are separated.
2. Productive data is not used in test systems.
5. Pseudonymisation (Article 32 Paragraph 1 Point a GDPR; Article 25 Paragraph 1 GDPR)
1. If possible, data is pseudonymised.
2. Integrity (Article 32 Paragraph 1 Point b GDPR)
1. Data Transfer Control:
1. Data (and copies thereof) are only stored encrypted on non-volatile storage.
2. Data (and copies thereof) are only transferred encrypted in networks.
3. Relevant mobile devices (including laptops and smartphones) are encrypted.
2. Data Entry Control:
1. Access to data (input, modification, removal) is monitored.
3. Availability and Resilience (Article 32 Paragraph 1 Point b GDPR)
1. Availability Control:
1. Virus scanners and malware detection tools are in use to protect data and systems.
2. Data are subject to backup processes to avoid unforeseeable data loss.
3. Relevant systems regularly receive security updates and the systems are not end-of-life.
2. Rapid Recovery (Article 32 Paragraph 1 Point c GDPR) (Article 32 Paragraph 1 Point c GDPR):
1. Processes are in place to ensure that data (and access to it) is rapidly available after physical or technical incidents.
4. Procedures for regular testing, assessment and evaluation (Article 32 Paragraph 1 Point d GDPR; Article 25 Paragraph 1 GDPR)
1. Data Protection Management and Incident Response Management:
1. There are defined responsibilities in the areas of data protection and IT security.
2. There are defined processes to detect and deal with possible risks for data and systems.
2. Order or Contract Control:
1. Subcontractors are only engaged in a written form and in strict accordance with the instructions of the Principal.
3. Data Protection by Design and Default (Article 25 Paragraph 2 GDPR):
1. Measures are in place to ensure data protection by design and default.
2. Personal data is only used for the specified purpose.
We are committed to safeguarding the privacy of our website visitors; this policy sets out how we will treat your personal information.
(1) What information do we collect?
We may collect, store and use the following kinds of personal data:
a.information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type, referral source, length of visit and number of page views);
b.information relating to any transactions carried out between you and us on or in relation to this website, including information relating to any purchases you make of our goods or services;
c.information that you provide to us for the purpose of registering with us;
d.information that you provide to us for the purpose of subscribing to our website services, email notifications and/or newsletters;
e.any other information that you choose to send to us;
A cookie consists of information sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
We may use both “session” cookies and “persistent” cookies on the website. We will use the session cookies to: keep track of you whilst you navigate the website. We will use the persistent cookies to: enable our website to recognise you when you visit.
Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.
Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. For example, in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector. Blocking all cookies will, however, have a negative impact upon the usability of many websites, including this one.
(3) Using your personal data
We may use your personal information to:
a.administer the website;
b.improve your browsing experience by personalising the website;
c.enable your use of the services available on the website;
d.send to you goods purchased via the website, and supply to you services purchased via the website;
e.send statements and invoices to you, and collect payments from you;
f.send you general (non-marketing) commercial communications;
g.send you email notifications which you have specifically requested;
h.send to you our newsletter and other marketing communications relating to our business or the businesses of carefully-selected third parties which we think may be of interest to you by post or, where you have specifically agreed to this, by email or similar technology (you can inform us at any time if you no longer require marketing communications);
i.provide third parties with statistical information about our users – but this information will not be used to identify any individual user;
j.deal with enquiries and complaints made by or about you relating to the website; and
k.we will not without your express consent provide your personal information to any third parties for the purpose of direct marketing.
In addition, we may disclose information about you:
a.to the extent that we are required to do so by law;
b.in connection with any legal proceedings or prospective legal proceedings;
c.in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk); and
d.to the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling.
(5) International data transfers
Information which you provide may be transferred to countries which do not have data protection laws equivalent to those in force in the European Economic Areas (EEA).
(6) Security of your personal data
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
We will store all the personal information you provide on our secure (password- and firewall- protected) servers.
(7) Policy amendments
(8) Your rights
You may instruct us to provide you with any personal information we hold about you. Provision of such information may be subject to the payment of a fee.
You may instruct us not to process your personal data for marketing purposes by email at any time. (In practice, you will usually either expressly agree in advance to our use of your personal data for marketing purposes, or we will provide you with an opportunity to opt-out of the use of your personal data for marketing purposes.)
(9) Third party websites
The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.
(10) Updating information
Please let us know if the personal information which we hold about you needs to be corrected or updated.
This disclaimer governs your use of our website; by using our website, you accept this disclaimer in full. If you disagree with any part of this disclaimer, you must not use our website.
(2) Intellectual property rights
Unless otherwise stated, we or our licensors own the intellectual property rights in the website and material on the website. Subject to the licence below, all these intellectual property rights are reserved.
(3) Licence to use website
You may view, download for caching purposes only, and print pages from the website for your own personal use, subject to the restrictions below.
You must not:
.republish material from this website (including republication on another website) without permission;
.sell, rent or otherwise sub-license material from the website;
.show any material from the website in public;
.reproduce, duplicate, copy or otherwise exploit material on our website for a commercial purpose;
.edit or otherwise modify any material on the website; or
.redistribute material from this website, except for content specifically and expressly made available for redistribution.
(4) Limitations of warranties and liability
Whilst we endeavour to ensure that the information on this website is correct, we do not warrant its completeness or accuracy; nor do we commit to ensuring that the website remains available or that the material on the website is kept up-to-date.
To the maximum extent permitted by applicable law we exclude all representations, warranties and conditions relating to this website and the use of this website (including, without limitation, any warranties implied by law of satisfactory quality, fitness for purpose and/or the use of reasonable care and skill).
Nothing in this disclaimer (or elsewhere on our website) will exclude or limit our liability for fraud, for death or personal injury caused by our negligence, or for any other liability which cannot be excluded or limited under applicable law.
Subject to this, our liability to you in relation to the use of our website or under or in connection with this disclaimer, whether in contract, tort (including negligence) or otherwise, will be limited as follows:
.to the extent that the website and the information and services on the website are provided free-of-charge, we will not be liable for any loss or damage of any nature;
.we will not be liable for any consequential, indirect or special loss or damage;
.we will not be liable for any loss of profit, income, revenue, anticipated savings, contracts, business, goodwill, reputation, data, or information.
We may revise this disclaimer from time-to-time. The revised disclaimer will apply to the use of our website from the date of the publication of the revised disclaimer on our website. Please check this page regularly to ensure you are familiar with the current version.
(6) Entire agreement
(7) Law and jurisdiction
This disclaimer will be governed by and construed in accordance with English law, and any disputes relating to this disclaimer will be subject to the non-exclusive jurisdiction of the courts of England and Wales.
(8) Registrations and authorisations
We are registered with Companies House. You can find the online version of the register at www.companieshouse.gov.uk. Our registration number is 05830398.
Our VAT number is 912292639.
(9) Our details
The full name of our company is Branch Network Limited.
We are registered in England & Wales under registration number 05830398.
Our registered address is c/o The Waterfront Solicitors LLP, 14 Weller Street, London, SE1 1QU No. 05830398.