top of page
< Back

Confidentiality and Data Security Policy

LYL Inventories Ltd – Confidentiality and Data Security Policy


Last Updated: 12th November 2024


Introduction

LYL Inventories Ltd (“we,” “us,” “our”) is committed to protecting the confidentiality, integrity, and security of personal and business information that we handle. This policy outlines our approach to ensuring that client and employee data is kept confidential, secure, and managed in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.


1. Policy Statement and Commitment

Our commitment is to:

- Protect all confidential information we collect, store, and process.

- Prevent unauthorized access, disclosure, alteration, or destruction of information.

- Comply with applicable data protection legislation and industry best practices.

- Continuously improve our data security practices to mitigate evolving threats.


This policy applies to all employees, contractors, and third-party service providers with whom LYL Inventories Ltd works.


2. Scope

This policy covers:

- Client Data: Information collected and processed in connection with the provision of property inventory services.

- Employee Data: Personal information related to employees, contractors, and job applicants.

- Business Data: Confidential information related to LYL Inventories Ltd’s business operations, strategies, and intellectual property.


3. Definitions

- Confidential Information: Any non-public information about LYL Inventories Ltd, its employees, clients, or partners that is treated as private and is not intended for general disclosure.

- Personal Data: Any information that can identify an individual, including names, addresses, contact information, identification numbers, or other identifiers.

- Data Subject: The individual to whom personal data relates.

- Data Controller: The entity that determines the purposes and means of processing personal data.

- Data Processor: The entity that processes data on behalf of the data controller.


4. Roles and Responsibilities

4.1. Management

Management is responsible for:

- Ensuring that appropriate security policies, procedures, and training are implemented.

- Providing resources for effective data protection and security practices.

- Reviewing and updating this policy annually or as needed.


4.2. Employees and Contractors

All employees and contractors must:

- Adhere to this policy and protect confidential information in their possession.

- Participate in regular data security and confidentiality training.

- Report any suspected data breaches or security risks immediately.


4.3. Data Protection Officer (DPO)

The DPO is responsible for:

- Overseeing compliance with data protection regulations.

- Conducting audits to ensure data protection practices are in place.

- Acting as the point of contact for data subjects regarding data protection queries.


5. Data Collection and Processing

5.1. Purpose Limitation

We collect personal data for specific, legitimate purposes directly related to our business operations, such as delivering inventory reports, managing client relationships, and complying with legal obligations.


5.2. Data Minimization

We only collect and process data that is necessary for the intended purpose. Excessive or unnecessary data collection is avoided to minimize risks.


5.3. Lawfulness, Fairness, and Transparency

We ensure that data collection is fair, transparent, and compliant with legal requirements. Our Privacy Policy is publicly available on our website and details the types of data we collect, purposes for collection, and individual rights.


6. Data Security Measures

6.1. Physical Security

- Restricted Access: Only authorized personnel can access physical spaces where confidential information is stored.

- Secure Disposal: Physical documents containing sensitive information are shredded or securely destroyed when no longer needed.


6.2. Digital Security

- Encryption: Sensitive data stored digitally is encrypted both in transit and at rest to prevent unauthorized access.

- Password Protection: All devices and systems used to store or access confidential information are secured with strong, unique passwords.

- Two-Factor Authentication (2FA): Access to sensitive systems requires two-factor authentication to enhance security.

- Access Controls: Access to data is restricted based on role, ensuring that employees only access information necessary for their duties.


6.3. Data Backups

Regular backups of critical data are performed to protect against data loss. Backups are stored securely and tested periodically to ensure data integrity and recoverability.


6.4. Network Security

We implement firewalls, antivirus software, and intrusion detection systems to monitor and protect our network against unauthorized access, malware, and other threats.


6.5. Remote Access

Employees accessing confidential data remotely must do so through a secure connection (VPN) and only on authorized devices.


7. Confidentiality and Information Handling

7.1. Confidentiality Agreements

All employees, contractors, and third-party service providers are required to sign confidentiality agreements before handling any confidential or sensitive information.


7.2. Client Confidentiality

Client information is kept strictly confidential and is only accessible to employees or contractors involved in delivering services. Information is shared with third parties only when necessary and with client consent or as required by law.


7.3. Third-Party Confidentiality and Data Sharing

We may engage third-party service providers to assist with business operations. Third parties must:

- Demonstrate compliance with data protection and security standards.

- Sign a data processing agreement outlining their confidentiality and security obligations.

- Ensure that data is handled in accordance with our data protection standards.


8. Data Retention and Disposal

8.1. Data Retention

We retain data only as long as necessary to fulfill our legal and business obligations. Personal data related to clients and employees is retained in compliance with applicable legal requirements.


8.2. Data Disposal

Once data is no longer required, it is securely deleted or destroyed. Physical documents are shredded, and digital data is permanently deleted in a manner that prevents reconstruction.


9. Data Subject Rights

Under the UK GDPR, data subjects have the following rights, which LYL Inventories Ltd respects and upholds:

   - Right to Access: Individuals can request access to their personal data.

   - Right to Rectification: Individuals can request corrections to inaccurate or incomplete data.

   - Right to Erasure: Individuals can request deletion of their data under certain conditions.

   - Right to Restrict Processing: Individuals can request the restriction of data processing in specific circumstances.

   - Right to Data Portability: Individuals can request a copy of their data in a structured, commonly used format.

   - Right to Object: Individuals can object to data processing, particularly for direct marketing.


All requests to exercise these rights should be directed to our DPO, who will respond within one month in accordance with legal requirements.


10. Incident Reporting and Breach Management

10.1. Data Breach Definition

A data breach is any security incident that results in unauthorised access, disclosure, alteration, or loss of personal data.


10.2. Reporting Process

Any employee or contractor who becomes aware of a potential data breach must report it immediately to the DPO. Early reporting is essential for effective response and mitigation.


10.3. Breach Investigation and Response

Upon notification, the DPO will:

- Investigate the breach to determine its cause and scope.

- Implement corrective actions to contain the breach.

- Notify affected individuals and the Information Commissioner’s Office (ICO) within 72 hours if required by law.


11. Training and Awareness

To ensure effective data protection:

- Mandatory Training: All employees and contractors undergo mandatory data protection and confidentiality training upon joining the company and receive regular refresher sessions.

- Continuous Learning: We stay updated on changes in data protection laws and security best practices, integrating these into ongoing training programs.


12. Review and Continuous Improvement

This Confidentiality and Data Security Policy is reviewed annually to ensure it remains effective, comprehensive, and compliant with legal requirements. We continuously monitor security practices and update procedures in response to new risks and technological advancements.


13. Contact Information

For questions or concerns regarding this policy, or to report a security incident, please contact our Data Protection Officer:


Data Protection Officer

LYL Inventories Ltd

Email: info@lylinventories.com  

Address: 86-90 Paul Street, London, EC2A 4NE


LYL Inventories Ltd is committed to safeguarding the confidentiality and security of all information entrusted to us. We encourage all employees, contractors, and clients to support us in upholding the highest standards of data protection.

bottom of page