This document is only applicable to employees of Blue Ring Digital Services Limited.
"We", "Us", "Our", "Blue Ring Digital Services Limited" refers to Blue Ring Digital Services Limited.
As per ISO 27002 the purpose of information classification is to ensure that information/ data receives an appropriate level of protection. This Data Management Policy requires Data Owners to classify their data according to this Data Management Policy, which sets out how each item of data must be classified.
We will try to keep everything in this document as straightforward as possible, but if there’s anything You don’t understand, please get in touch with Us.
The headings in this Data Management Policy are for convenience only and shall not affect their interpretation.
The masculine shall include the feminine and the neuter and the singular the plural and vice versa.
If any provision or part of any provision of this Data Management Policy is found by a court or other competent authority to be void or unenforceable, such provision or part of a provision shall be deleted from this Data Management Policy and the remaining provisions or parts of the provision shall continue to be in full force and effect.
|Public||All business data that’s freely available to the public and that can’t be leveraged to cause any financial loss, brand damage, or market share loss or jeopardize your clients, partners, or employees.|
|Internal||Information that can be circulated only internally. Unauthorised disclosure of such information can lead to embarrassment and loss of competitive advantage.|
|Confidential||Sensitive business data that if disclosed to unauthorised persons can harm a company, its customers, partners, or employees. Loss of confidential information may also lead to regulatory backlashes.|
|Restricted||Highly confidential information that can cause permanent damage to a company and its customers.|
Public data is information that may be open to the general public. It is defined as information with no existing local, national or international legal restrictions on access or usage. Public data can be made available to all members of the Blue Ring Digital Services Limited and to all individuals and entities external to Blue Ring Digital Services Limited.
Internal data is confidential information that must be protected due to proprietary, ethical, or privacy considerations, and must be protected from unauthorised access, modification, transmission, storage or other use. Internal data is information that is restricted to members of the Blue Ring Digital Services Limited community who have a legitimate purpose for accessing such data. Internal data must be protected to prevent loss, theft, unauthorised access and/ or unauthorised disclosure.
Confidential data is information or data protected by statutes, regulations or contractual obligation. Confidential data may be disclosed to authorised individuals on a need-to-know basis only.
Confidential data, when stored in an electronic format, must be protected with strong passwords and stored on servers that have appropriate access control measures in order to protect against loss, theft, unauthorised access and/ or unauthorised disclosure.
Confidential data must not be disclosed to parties without explicit management authorisation from the data owner. Confidential data must only be used for the purpose for which it was originally gathered. If, for legitimate reason the data is used for a purpose other than that of which it was originally gathered the data must be anonymised.
Restricted data is information or data protected by statutes, regulations or contractual obligation or by Blue Ring Digital Services Limited policies. Restricted data must not be disclosed to anyone and can only be used by authorised individuals. Restricted data, when stored in an electronic format, must be protected with strong passwords and stored on servers that have appropriate access control measures in order to protect against loss, theft, unauthorised access and/ or unauthorised disclosure.
Data retention and destruction
Our Data Retention and Destruction Policy sets the required retention periods for specified categories of personal data and sets out the minimum standards to be applied when destroying certain information within Blue Ring Digital Services Limited.
Classification of data
|Data category||Classification||Data Owner|
|Payroll records||Confidential||Finance Team|
|Supplier contracts||Confidential||Finance Team|
|Chart of accounts||Confidential||Finance Team|
|Fiscal policies and procedures||Internal||Finance Team|
|Permanent audits||Confidential||Finance Team|
|Financial statements||Confidential||Finance Team|
|Investment records (deposits, earnings, withdrawals)||Confidential||Finance Team|
|Cancelled checks||Confidential||Finance Team|
|Bank deposit slips||Confidential||Finance Team|
|Business expenses documents||Confidential||Finance Team|
|Check registers/ books||Confidential||Finance Team|
|Property/ asset inventories||Confidential||Finance Team|
|Credit card receipts||Confidential||Finance Team|
|Petty cash receipts/ documents||Confidential||Finance Team|
|Article of Incorporation to apply for corporate status||Confidential||Finance Team|
|Board policies||Internal||Finance Team|
|Board meeting minutes||Restricted||Finance Team|
|Tax or employee identification number designation||Confidential||Finance Team|
|Office and team meeting minutes||Confidential||Finance Team|
|Annual corporate filings||Public||Finance Team|
|Disciplinary, grievance proceedings records, oral/verbal, written, final warnings, appeals||Confidential||HR Team|
|Applications for jobs and interview notes||Confidential||HR Team|
|Payroll input forms, wages/ salary records, overtime/ bonus payments Payroll sheets, copies||Confidential||HR Team|
|Bank details – current||Confidential||HR Team|
|Payrolls/ wages||Confidential||HR Team|
Job history including staff personal records:-
|Employee address details||Confidential||HR Team|
|Expense claims||Confidential||HR Team|
|Annual leave records||Internal||HR Team|
|Accident books including accident reports and correspondence||Confidential||HR Team|
|Certificates and self-certificates unrelated to workplace injury; statutory sick pay forms||Confidential||HR Team|
|Pregnancy/ childbirth certification||Confidential||HR Team|
|Parental leave||Confidential||HR Team|
|Maternity pay records and calculations||Confidential||HR Team|
|Redundancy details, payment calculations, refunds, notifications||Confidential||HR Team|
|Training and development records||Confidential||HR Team|
|All other contracts|
|Contract amendments||Confidential||Finance Team|
|Successful tender documents||Confidential||Finance Team|
|Unsuccessful tenders’ documents||Confidential||Finance Team|
|Tender – user requirements, specification, evaluation criteria, invitation||Confidential||Finance Team|
|Contractors’ reports||Confidential||Finance Team|
|Operation and monitoring, eg complaints||Internal||Finance Team|
|Confidential||Customer Service Team|
|Reviews, Feedback and comments||Public||Customer Service Team|
|Live chat history||Confidential||Customer Service Team|
|Platform data – information entered by the customer during the use of the platform (excluding information aleady detailed above)||Confidential||Customer|
|Metrics data||Confidential||Development Team|
|Flyers & Newsletters|
|Name and email address||Internal||Marketing & Sales Team|
|Call recordings||Internal||Marketing & Sales Team|
|Proof of destruction/ destruction certificate||Internal||Data Protection Officer|
|Files on local storage drives||Confidential||Individual employee|
|Local storage recycle bins||Confidential||Individual employee|
|Group/ personal network drive||Confidential||Individual employee|
|E-mail (inbox, sent items and sub folders)||Confidential||Individual employee|
|E-mail (deleted items)||Confidential||Individual employee|
|Webserver backups||Restricted||Development Team|
Changes to Our Data Management policy
This Data Management Policy replace all previous versions. We reserve the right to change this Data Management Policy at any time.