Business practices need to be transparent for a business to maintain trust with a client base. Digitalisation has made sensitive data more attainable to unqualified sources. It is the responsibility of each corporation to protect their sensitive client data, and Keller makes a promise now to ensure that any and all sensitive data will be stored securely and will remain accessible only to those cleared and qualified to access it. Several government agencies are laying down laws regarding data protection policies, and Keller will abide by these in accordance with the countries we operate in.
At Keller, we take data protection seriously and have gone to extreme lengths to ensure that we follow and sometimes exceed local and national data protection regulations. We have made our policies available here.
During the initial contact stages with a client, a general consent form is obtained that includes information for the client related to how their data will be stored and used. Should there be a need to move data or for terms of the consent agreement to change, additional consent will be obtained accordingly. In cases where client organisations refuse consent related to data, there will be limitations on the services that Keller can offer depending on what information the client is willing to provide.
Once a data subject has given consent for the collection and processing of their data they are not bound by that agreement indefinitely. In any country, they are entitled to withdrawal of consent at any point in time as long as it is reasonable (for example, consent cannot be withdrawn after a task is already completed).
When consent has been obtained we can proceed with data collection. Keller remains transparent about data collection and use throughout our services. Collection might differ depending on the kind of service that a company requires. Therefore, specific collection related details are discussed with clients during initial consultation stages.
Collected data needs to be stored securely. Where data is stored, how long it will be stored, and who will have access to it, are discussed with clients during the consent phase. Keller’s data is stored securely and every possible step is taken to minimise the risk of a data breach. However, should a breach occur Keller has measures in place to notify affected parties and manage any consequences of such a breach. Where necessary, a data protection officer is on staff. During storage all clients will have access to their stored data as indicated by law and any further arrangements will be made as needed related to storage renewals, etc.
Secure storage includes minimising the risk of data loss. Steps are taken to avoid data loss due to hardware and software failures. Steps are also taken to protect against unexpected elements like natural disasters.
Data is transferred only when absolutely necessary and should the need arise it is discussed with any affected clients. Any organisation that data is transferred to will be thoroughly screened to ensure that it also meets all security standards that Keller expects for our clients.
As mentioned, all reasonable precautions will be taken to protect against a data breach, however, should it occur there are steps that Keller will take to manage the situation. Part of these steps will include full disclosure with affected clients. In cases where it is required, the necessary authorities will also be notified. Notifications need to be made in written format. The notice usually needs to encompass the following:
Reports should be created when a breach occurs. This report should be made available to authorities and should be kept for future reference. All remedial measures should also be documented and the risk must be addressed as well.
Full policies and procedures related to data processing are easily accessible for all Keller clients. Policies will provide information on the:
Criteria for Data Processing