Keymate, and Keymate Plus Privacy and Security Policy
Customer Data Security and Dissemination Guidelines, including Privacy and Security.
Keymate Customer Data security is the responsibility of all employees, and business partners, that create, use or disseminate personal or identifiable customer information. Any data held or owned by Keymate or its business partners must be preserved and only used for the purpose it was required.
Keymate has legal, ethical and financial obligations that must be adhered to, ensuring customer and business partner and reseller data is never compromised.
Types of Data held or known or created by Keymate
- Billing Data - Physical or Postal Address, type of customer (residential / commercial). Subscription status (current, or suspended status)
- Account Authority - The named individual with rights to manage an account.
- Personally identifiable data - Name, age, location, phone and email details
- Access and Security - Usernames,Passwords and secret Question
- Demographic information - Age, Income, general demographic grouping
- Equipment and unique equipment codes - equipment and related equipment codes used or in-use by Keymate customers
Opt-in status - customer and employees of Keymate can make changes to a customers account to enable or disable marketing to a customer or group of customers.
- Flags for customer to avoid direct marketing will be placed on the customers account to ensure they are not included in campaigns when not eligible or have decided to opt-out.
Customer banking details - banking details will never be released and should never be emailed or held in any plain text format.
Customer banking details including credit card details should not be held by Keymate, but may be held by its E-banking partner.
Electronic backups - all backups will be encrypted to standard exceeding minimum industry standards.
Requests for data - all requests for customer data must be logged and details of why customer data is required and for what purpose will be logged and evaluated.
Destruction of customer data - any customer data must be destroyed when no longer required. Written proof of destruction will be required if personally identifiable data is requested.
Call centre - only authorised members of the call-centre, with a relevant login to the Keymate customer CMS will be allowed to update a customer record.
Logging - all changes to a customers account must be logged and recorded in an electronic log. The log may not be altered, and all changes will be captured. All logging will be AEST time format.
Phone logging - all calls to and from the call centre will be recorded and can be consulted if required for the purpose of forensics or auditing
Timeouts - all logins will be recorded against a customer’s username and operator username and relevant electronic IP address/s used to access relevant records.
All email communication is logged - a copy of all email communication will be recorded within the electronic email systems of the organisation and relevant authorised Keymate user, or 3rd. Party Training to all call centre staff regarding best practices upon employment commencing with the organisation - this will include...
Training to be provided to all call centre staff to ensure that customer data must:
- Only be used for the purpose for which it was required
- Only be made available for the duration or period that it was required
- Be stored securely and only transmitted securely in an encrypted manner
- Never be, sold, retransmitted, forwarded, emailed, printed, or shared externally without written Keymate management approval
- Always be checked and verified and validated fit for purpose, prior to being utilised
- Be destroyed or deleted once the data is no longer required
- Never be transmitted with Credit Card or Banking details included in any format or stored in a retrieval system in an unencrypted format
- Must not be provided to Resellers, or Wholesale partners.
- Created data such as reporting, sales targets or exceptions should not be shared externally Data release exceptions
- Customer Data may be requested and provided to law enforcement agencies.
- Keymate market research or customer data must not be shared with wholesale partners, unless authorised to do so, in writing by a senior Employee
Data Transmission policy:
Customer and Banking related data may only be transferred via a Secure connection, never by plain-text email or physical media, such as DVD, CD, Email, or removable computer memory.
Reporting Data or Security Breaches:
Should a data breach be suspected, it is the duty of all Keymate employees to inform Keymate management and data security manager as soon as it is discovered or suspected.
v1.2 20 Oct 2011