The Chain Customer Sensitive Data Usage Policy

The Chain Customer Sensitive Data Usage Policy

Last updated: December 2024

1. Introduction

The Frank Impact Company Ltd trading as The Chain ("we", "us", or "our") is committed to protecting and respecting the information you provide us with. We recognise the importance of protecting the sensitive information shared with us by our customers. This policy outlines our commitment to securing sensitive supply chain information and other business-critical data, ensuring that our customers can trust us with their vital information.

2. Definition of Sensitive Information

For the purposes of this policy, sensitive information includes any non-personal business-critical information shared by our customers. This encompasses but is not limited to:

• ○  Supply chain data, including supplier details, pricing, and production timelines;

• ○  Design and product specifications;

• ○  Marketing strategies and branding materials

• ○  Financial data related to costs, sales, and profitability;

• ○  Trade secrets and proprietary processes.

3. Information Collection and Use

We collect sensitive information solely for the purpose of delivering our services via The Chain App effectively. The information will be used to enhance service delivery, optimise supply chain tracking and management through the App, and improve operational efficiencies. We will not utilise this information for any other purpose without obtaining explicit consent from the customer.

4. Information Security Measures

To ensure the protection of sensitive information, we have established a robust framework of security measures, including:

Data Encryption: All sensitive data is encrypted at rest and during transmission to safeguard against unauthorised access and breaches.

Access Controls: Access to sensitive information is restricted to authorised personnel only. We utilise role-based access controls and maintain a clear audit trail of who accesses information and when.

Network Security: Our systems are protected by firewalls, intrusion detection systems, and anti-virus software, which are regularly updated to guard against cyber threats.

Regular Security Audits: We conduct periodic security audits and risk assessments to identify and address vulnerabilities in our systems and processes.

Incident Response Plan: We have a detailed incident response plan in place to address any data breaches or security incidents effectively.

Training and Awareness: All employees receive comprehensive training on data protection and information security policies to ensure they are equipped to handle sensitive information responsibly.

5. Data Breach Response

In the unlikely event of a data breach involving sensitive information, we will take immediate action to contain the breach, assess its impact, and notify affected customers without undue delay. We will work diligently to remediate any vulnerabilities and will cooperate fully with all relevant authorities as required by law.

6. Personal Information

While this policy focuses on sensitive business information, we recognise that personal information may also be shared in the course of our business interactions. Any personal information we collect will be governed by our Privacy Policy, which outlines our commitment to protecting personal data and the rights of individuals.

7. Third-Party Disclosure

We do not sell or disclose sensitive information to third parties without the explicit consent of the customer, except where required by law or in order to provide our services effectively (e.g., to trusted service providers under strict confidentiality agreements).

8. Review and Updates

This policy will be reviewed at least annually and updated as necessary to reflect changes in our practices, technologies, or relevant laws and regulations. Customers will be notified of any significant changes to this policy.

9. Customer Rights and Responsibilities

Customers have the right to request access to their sensitive information held by us and to request corrections if inaccuracies are identified. Customers are also encouraged to implement their own security measures to protect sensitive information shared with us.

10. Contact Information

For any questions or concerns regarding this policy or the handling of sensitive information, please contact info@the-chain.co.uk.