Cyber Security Policy
At Solar4Good, we take the privacy and security of our customers’ information seriously. As part of our commitment to safeguarding the personal data of our customers and partners, we have implemented the following Cyber Security Policy. This policy outlines the measures we take to protect the data we collect, store, and process.
Purpose
This Cyber Security Policy is designed to protect the integrity, confidentiality, and availability of data collected by Solar4Good from potential cyber threats. It applies to all employees, contractors, and partners who have access to our systems.
Data Collection and Storage
- We collect and store customer data, including personal information such as names, addresses, contact details, and energy usage data, as well as any information provided during the lead generation process.
- Customer information is securely stored in our CRM system, which is protected by encryption and multi-factor authentication (MFA).
Access Control
- Only authorized personnel have access to customer data stored in our systems. Access is granted based on role and necessity, following the principle of least privilege.
- All employees must use secure login credentials, and access to sensitive information is restricted and monitored.
- Contractors and third-party service providers are required to follow our strict security protocols when handling customer data.
Data Encryption
- All sensitive data, including customer personal information, is encrypted both in transit and at rest using industry-standard encryption protocols (e.g., SSL/TLS for data transmission and AES-256 for data storage).
- Email communications containing sensitive information are also encrypted to ensure data privacy.
Regular Security Audits
- Solar4Good conducts regular security audits and vulnerability assessments to identify and mitigate potential security risks.
- Any identified security issues are addressed promptly to ensure the ongoing safety of our systems.
Incident Response Plan
- In the event of a data breach or cyber attack, Solar4Good has a comprehensive incident response plan in place to quickly address and mitigate the impact.
- Customers will be notified immediately in the event that their data is compromised, in accordance with applicable data protection laws.
Data Retention and Deletion
- We retain customer data for as long as necessary to fulfill the purposes for which it was collected, or as required by law.
- Upon request, customers may have their personal data permanently deleted from our systems, unless it is required to be retained for legal reasons.
Employee Training
- All Solar4Good employees receive regular training on cyber security best practices, including secure data handling, phishing awareness, and the importance of strong password management.
- We enforce a strict cybersecurity policy to ensure that all employees understand their role in protecting customer data.
Third-Party Security
- Any third-party service providers or contractors who have access to customer data must adhere to the same security standards outlined in this policy.
- We conduct regular assessments of third-party vendors to ensure compliance with our security protocols.
Compliance with Data Protection Laws
- Solar4Good complies with all relevant data protection laws and regulations, including the UK Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR).
- Customers have the right to access, correct, or delete their personal data in accordance with applicable laws.
Continuous Improvement
- Solar4Good is committed to continuously improving our cyber security measures to keep pace with evolving threats and technologies.
- We stay updated on the latest cyber security trends and implement cutting-edge tools and techniques to enhance our protection efforts.
Contact Us
If you have any questions or concerns about our Cyber Security Policy, or if you believe your data may have been compromised, please contact our Data Protection Officer at:
Email: [email protected]
Phone: +44 7441 360234
This Cyber Security Policy was last updated on 15 July 2024.
Email: [email protected]
Phone: +44 7441 360234
This Cyber Security Policy was last updated on 15 July 2024.