Brickell's Amazon Privacy and Data Handling Policy

Responsibilities:

Everyone who works for or with Brickell Men’s Products has some responsibility for ensuring data is collected, stored and handled appropriately. Each team that handles personal data must ensure that it is handled and processed in line with this policy and data protection principles. However, these people have key areas
of responsibility:

The CEO and COO is ultimately responsible for ensuring that Brickell Men’s Products meets its legal obligations. They are responsible for:

-Keeping the board updated about data protection responsibilities, risks and issues.
-Reviewing all data protection procedures and related policies, in line with an agreed
schedule.
-Arranging data protection training and advice for the people covered by this policy.
-Handling data protection questions from staff and anyone else covered by this policy.
-Checking and approving any contracts or agreements with third parties that may handle the
company’s sensitive data.
-Ensuring all systems, services and equipment used for storing data meet acceptable security
standards.
-Performing regular checks and scans to ensure security hardware and software is
functioning properly.
-Evaluating any third-party services the company is considering using to store or process
data. For instance, cloud computing services.

General staff guidelines:

- The only people able to access data covered by this policy should be those who need it for their
work.
- Data should not be shared informally. When access to confidential information is required,
employees can request it from their line managers.
- Brickell Men’s Productswill provide training to all employees to help them understand their responsibilities when handling data.
- Employees should keep all data secure, by taking sensible precautions and following the
guidelines below.
- In particular, strong passwords must be used and they should never be shared.
- Personal data should not be disclosed to unauthorized people, either within the company or
externally.
- Employees should request help from their line manager or the data protection officer if they are
unsure about any aspect of data protection.

Data storage:

These rules describe how and where data should be safely stored. Questions about storing data safely can be directed to the CEO, Josh Meyer.
- When data is stored on paper, it should be kept in a secure place where unauthorized people
cannot see it.
- These guidelines also apply to data that is usually stored electronically but has been printed out
for some reason:
- When not required, the paper or files should be kept in a locked drawer or filing cabinet.
- Employees should make sure paper and printouts are not left where unauthorized people
could see them, like on a printer.
- Data printouts should be shredded and disposed of securely when no longer required.
- When data is stored electronically, it must be protected from unauthorized access,
accidental deletion and malicious hacking attempts.
- Data should be protected by strong passwords that are changed regularly and never shared
between employees.
- If data is stored on removable media (like a CD or DVD), these should be kept locked away
securely when not being used.
- Data should only be stored on designated drives and servers, and should only be uploaded
to approved cloud computing services.
- Data should be backed up frequently. Those backups should be tested regularly, in line with
the company’s standard backup procedures.
- All servers and computers containing data should be protected by approved security
software and a firewall.

Data use:

Customer data is of no value to Brickell Men’s Products unless the business can make use of it. However, it is when customer data is accessed and used that it can be at the greatest risk of loss, corruption or theft:
- When working with customer data, employees should ensure the screens of their computers are
always locked when left unattended.
- Customer data should not be shared informally. In particular, it should never be sent by email,
as this form of communication is not secure.
- Data must be encrypted before being transferred electronically. The CEO, Josh Meyer, can explain how to send data to
authorized external contacts.
- Employees should not save copies of customer data to their own computers.