Information Security Policy

At HERI GLOBAL, we are committed to maintaining the highest level of information security and providing reliable service to our customers, employees, and business partners. This policy has been developed to ensure compliance with information security regulations in the United Kingdom, including the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).

Purpose of Our Policy

The purpose of this policy is to protect the confidentiality, integrity, and availability of all information under HERI GLOBAL’s management and to implement effective measures against information security threats. This is critical to the security of both our customers and our company.

Our Information Security Principles

  • Confidentiality: Information should be accessible only to authorized personnel. The privacy of customer and employee information is a priority for us, and all personal information is protected with utmost care.
  • Integrity: Security measures are implemented to protect the accuracy and integrity of information, preventing data loss, corruption, or unauthorized changes. Information is safeguarded against tampering or manipulation.
  • Availability: Information must be accessible to authorized users when needed. This ensures we can provide continuous and uninterrupted service to our customers and business partners.

Information Security Measures

  • Access Control: Access to our information systems is restricted to authorized users only to prevent unauthorized access. All users are required to adhere to security procedures.
  • Data Encryption: All sensitive information, including customer data, is encrypted during transmission and storage, ensuring it is inaccessible to unauthorized parties.
  • Security Updates and Patches: Our information systems and software are regularly updated, and security vulnerabilities are addressed promptly. This protects our systems against current threats.
  • Network Security: Firewalls, intrusion detection systems, and other security technologies are used to secure our networks, protecting against malware, cyberattacks, and other digital threats.
  • Data Backup: Critical data is backed up regularly and securely stored. This allows for quick and effective recovery in case of data loss.
  • User Training: Our employees receive regular training on information security awareness. This is a crucial step to prevent security breaches and data leaks.

Information Security Breach and Incident Management

Information security breaches are addressed promptly. If a breach is detected:

  1. Immediate Response: The threat is isolated immediately, and necessary security measures are taken.
  2. Breach Notification: In the event of a data breach, notifications are made to authorities and affected individuals, as required by law.
  3. Comprehensive Review: The source of the breach is identified, the resulting damage is assessed, and steps are taken to prevent recurrence.

Data Protection and GDPR Compliance

At HERI GLOBAL, we take all necessary technical and administrative measures to protect our customers’ personal data. This includes:

  • Data Processing: Personal data is processed only for specific, lawful purposes.
  • Consent and Approval: We obtain explicit consent from our customers when processing their personal data. Data subjects are informed about how their information is handled and have the right to withdraw their consent at any time.
  • Your Rights: Data subjects have rights to access, correct, delete, and object to the processing of their data. These rights are applied to ensure full transparency for data subjects.

Continuous Improvement and Audits

Our information security practices are continually reviewed and improved. Regular audits are conducted to ensure our systems comply with security standards. Our information security policy is updated to reflect new threats and technological developments.

Contact

If you have any questions or suggestions regarding our information security policy, please feel free to contact us.