Bottomley and Co - Financial Recovery Bottomley Services
Bottomley and Co - Financial Help

Home Page >> Privacy Policy

Call Us

 

Privacy policy.

A Security Statement has been completed by Paul Rogers as Bottomley & Co's Data Controller as part of notification to the Commissioner of Information in compliance with the 1998 Data Protection Act. Data Protection Registration No. 2954331X.

Data controllers must give a general description of the measures to be taken for the purpose of protecting against unauthorised or unlawful processing of personal data and against accidental loss or destruction of or damage to personal data. This memo summarises these descriptions and the attached Security Statement sets out the measures this firm has in place already and the procedures to be implemented to be fully compliant.

A brief explanation of the key requirements of effective information security management of some of the terms is given in the following paragraphs.

1. A statement of information security policy sets out management commitment to information security within Bottomley & Co to provide clear direction on responsibilities and procedures.

2. Controlling physical security is concerned with restricting access to sites, buildings, computer rooms, offices, desks, storage areas, equipment, and other facilities where unauthorised access by people could compromise security.

3. Controls on access to information include procedures for authorising and authenticating users, as well as software controls for restricting access, and techniques for protecting data such as encryption.

In both cases, controlling includes monitoring and logging access so as to assist in detecting and investigating security breaches or attempted breaches when they occur.

4. A business continuity plan is a contingency plan which identifies the business functions and assets (including personal data) which would need to be maintained in the event of a disaster and sets out the procedures for protecting them and restoring them if necessary.

5. Staff training on security system and procedures. Staff trained to be aware of information security issues, to comply with this requirement.

6. Detecting and investigating breaches of security when they occur. The controls in place which alert to a breach of security and the investigating of breaches of security.

 

This is a statement of data protection policy adopted by Bottomley & Co.

Bottomley & Co needs to collect and use certain types of personal information for administering of the affairs of insolvent companies, partnerships and individuals, and associated others with whom it communicates. In addition, it may occasionally be required by statute to collect and use certain types of information to comply with the requirements of government departments. This personal information must be dealt with properly irrespective of how it is collected, recorded, used and disposed of - whether on paper, in a computer, or recorded on other material - and there are safeguards to ensure this in the Data Protection Act 1998.

We regard the lawful and correct treatment of personal information as critical to successful operations, and to maintaining client and confidence in us. To maintain our reputation and integrity as an open and professional organisation we need to be fully compliant with this legislation. To this end we fully endorse and adhere to the Principles of data protection, as enumerated in the Data Protection Act 1998 and will :-

  • observe fully conditions regarding the fair collection and use of information;
  • meet our legal obligations to specify the purposes for which information is used;
  • collect and process appropriate information only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements;
  • ensure the accuracy of information used;
  • apply strict checks to determine the length of time information is held;
  • ensure that the rights of people about whom information is held can be fully exercised under the Act.
  • take appropriate technical and organisational security measures to safeguard personal information;
  • ensure that personal information is not transferred abroad without suitable safeguards.

In addition, we will ensure that:

  • there is someone with specific responsibility for data protection in the organisation. (Currently, the Nominated Person is Paul Rogers);
  • everyone managing and handling personal information understands that they are responsible for following good data protection practice;
  • everyone managing and handling personal information is appropriately supervised and trained to do so;
  • anybody wanting to make enquiries about handling personal information knows what to do;
  • queries about handling personal information are promptly and courteously dealt with;
  • methods of handling personal information are clearly described;
  • a regular review and audit is made of the way personal information is managed;
  • methods of handling personal information are regularly assessed and evaluated;
  • performance in the handling of personal information is regularly assessed and evaluated.
 

   Valid XHTML 1.0 Transitional Valid CSS!

© Copyright - Bottomley & Co

IVA CVA Liquidation Administration