Policies
PCI, GDPR, Privacy & Information Security Policies
It is the responsibility of all staff at TCS Retail Ltd to observe, maintain and review the company security policies outlined.
Physical Security
The TCS Retail Ltd building on River Street, Truro is equipped with secure locks, alarms, double glazing and full coverage CCTV inside and out.
The alarm system is tamper proof, has a battery backup in case of power cut and is linked to key staff members mobile phones to alert if the alarms is either tripped or disconnected.
The CCTV system is high definition, has a battery backup and uploads both locally and to the cloud.
Only key staff have keys and alarm codes.
Customer equipment or data is not stored offsite or in vehicles at any time except when being transported.
Data security
Only the minimum required information is kept on file for all customers, this is normally limited to name and phone number, where needed for invoicing purposes this would also include email and physical addresses. No passwords are kept on file and where needed these are hand written on the job sheet which is shredded on job completion. Credit card slips are retained for the minimum time required to verify a transaction and then shredded.
All systems, whether mobile or office based, that contain customer data or information are encrypted with FIPS 140-2 validated, 256 bit AES encryption. No customer data is stored on or accessed from non-company equipment. All backups, both onsite and offsite are encrypted.
All customer equipment is kept on a physically separate network to the internal business network and isolated from each other.
All internal systems have appropriate Anti-Virus and Anti-Spyware and scans are conducted on a regular basis. Only key personnel with adequate Internet usage experience, training and knowledge are permitted to use email on the business network. Our Internet usage policy restricts the use of the Internet, email, social media, etc to legitimate business purposes.
Data Handling
All customer data is assumed to be confidential and therefore not accessed unless there is a need to do so to provide a requested service and only with a customer’s permission. A customer’s data is not shared externally with any third party outside the company without the customers express permission (for third party advanced data recovery services for example).
Where backups are required these will be stored on an encrypted drive until the customer has confirmed they are happy for the data to be deleted for a maximum of 28 days.
Equipment disposal.
All equipment left for disposal will have the data drive removed, degaussed if magnetic and crushed to make data irretrievable, the remaining parts are collected by a licensed WEEE disposal service for recycling.
GDPR
All data is stored as above, customer information held is only used to contact customers regarding the services they have engaged, by using our services you are consenting for us to use your information for this purpose unless you inform us otherwise.
We do not directly market to our customer database, your phone, email or address details will never be used for this purpose.
Payment Card Industry Data Security Standard (PCI DSS)
TCS Retail Ltd are PCI compliant for data security and re-certify their compliance with their card provider on an annual basis. Card terminals are connected to their own network and are not accessible from either the business or guest networks.