Energy Audits acknowledges its responsibility in respect of the security and confidentiality of information. The company will comply with the associated legislation to ensure the security of information in particular the 8 principles of good practice identified within the Data Protection Act 1998.
The 8 principles are listed below:-
- First principle: Personnel data must be processed fairly and legally.
- Second principle: Personnel data must only be obtained for specified or legal purposes, and must only be processed in a way that is consistent with the specified purpose.
- Third principle: Personnel data must be adequate, relevant and not excessive for the purpose it was processed for.
- Fourth principle: Personnel data must be accurate and where necessary kept up to date.
- Fifth principle: Personnel data processed for any purpose must not be kept longer than is necessary to fulfill that purpose.
- Sixth principle: Personnel data must be processed in line with the customers rights.
- Seventh principle: Appropriate security measures must be taken to protect against unauthorised or illegal data processing.
- Eighth principle: Transferring personnel data outside the European Economic Area is restricted unless the rights and freedom of customers are protected.
Confidential information about individuals such as names, addresses, telephone numbers and their personnel privacy is constantly at risk from loss or damage. Therefore practices are adopted to maintain the security of this information. These practices and principles will apply to all parties involved with the assessment process such as sellers and lessors. Only information that the parties are entitled to received as part of the assessment or testing process will be divulged and only information that is relevent to the assessment or testing process will be collated and recorded accurately.
Any customer data that is considered to have fulfilled its purpose will be carefully disposed of after shredding in an environmentally friendly manner.
Energy Audits staff are trained and familiar with the contents of the Data Protection Act, the contents of this policy statement and other forms of national guidelines and legislation. Our staff receive specific training on the security of information when in the work place.
Our staff will not disclose any client information to outside bodies other than those authorised by the client, nor will they discuss or offer any opinion on this same data.
Computers are all secured and a user ID is required to access the data stored upon them. All files on the computer which are deemed to have fulfilled their purpose, after 6 years, will be deleted. Similary the office is equiped with a security alarm as a deterrent against intruders.
During our office monthly meetings, which all responsible persons attend, confidentiality, security and data protection are items on the agenda for discussion. The aim is to share suggestions and improve security where possible.
Upon request and in writing clients reserve the right to access any data relevant to them which is held by the company. Two forms of identification are required.