Klaremont is committed to protecting the privacy of individuals. If you provide us with personal details about yourself, we will not pass that information to any other third party with out your permission, unless required to do so by law. Our website offers opportunities for visitors to request information and services. When giving us your details, you have the option of asking us not to contact you with details of special offers.
Klaremont may collect the following information about you:
We want to give you the best possible customer experience. One way to achieve that is to get the richest picture we can of who you are by combining the data we have about you.
The data privacy law allows this as part of our legitimate interest in understanding our customers and providing the highest levels of service.
Whenever we collect or process your personal data, we only keep it for as long as is necessary for the purpose for which it was collected.
To assist Klaremont resolve technical issues, we may need to share your data with our IT infrastructure support partners. Our support partners are obliged to delete this data, once the issue has been resolved.
You have the following rights;
To make full use of the online shopping and personalised features on klaremont.com, your computer, tablet or mobile phone will need to accept cookies, as we can only provide you with certain personalised features of this website by using them.
Our cookies don't store sensitive information such as your name, address or payment details: they simply hold the 'key' that, once you're signed in, is associated with this information. However, if you'd prefer to restrict, block or delete cookies from klaremont.com, or any other website, you can use your browser to do this.
Each browser is different, so check the 'Help' menu of your particular browser (or your mobile phone's handset manual) to learn how to change your cookie preferences.
All of our serves are located within the U.K.
Data Protection Policy
Introduction
Klaremont’s Data Protection Policy sets out our commitment to protecting the personal data we control and how we implement this commitment with regards to the collection and use of personal data as defined by the Data Protection Act 1998 and EU regulation 2016/679 (GDPR – General Data Protection Regulation).
This Data Protection Policy adds more detail and expands on Klaremont's Information Security Policy
1.Commitments
Klaremont is committed to:
2. Klaremont as a controller
Klaremont collects and processes a limited set of personal data in relation to its operational needs and support of our Customers, which are necessary for the performance of a contract with the data subject and/or its employees or to take steps to enter into a
The activities are limited to :
Use of Information Technology Assets
1. Acceptable Use and Ethics
2. Password Policy
3. Remote Access
4. Wireless Network Access
Customers and staff may use wireless devices in the office network. The wireless is logically separated from the main network using Layer 2 VLANs. There are two wireless access points both with the SSID ‘Klaremont’, there is no encryption on either network and the SSID is not broadcasted. As well as this, wireless isolation is employed to prevent packet sniffing.
Once connected to the wireless network, the user will be presented with a login page. All Customers are provided with unique credentials with time limited access, only once they have logged in is web access permitted. Klaremont employees are allowed to access the wireless network based on the device MAC address.
Wireless credentials are isolated from any other function on the network, they are unique and only for the wireless service. All wireless traffic passes via its own firewall which is separated both logically and physically from any other network firewalls. In addition to this, the traffic is NAT’d to its own, unique external IP address on wireless firewall and need to pass the incoming ACLs if accessing Klaremont’s services and there are no specific rules granting that traffic special access over standard external traffic. The wireless network will only provide internet access between 8am and 6:30pm Monday to Friday. At any other time, access is blocked.
5. Information Sensitivity
Personal data is defined according to the EU regulation 2016/679 (GDPR – General Data Protection Regulation) and UK Data Protection Act 1989, and all subsequent revisions as any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
6. Disciplinary Action
Failure to comply with this security policy may, at management’s discretion, result in disciplinary action up to and including termination of employment.
7. Access Control and Physical Security
8. Secure media management
Security Personnel
1. Information Security Officer
For daily security matters, an Information Security Officer, who is an employee of the company is appointed. The Information Security Officer is responsible to oversee that the provisions of this Information Security Policy are performed as needed for all system users, the ISO is non-biased and is able to apply rules objectively.
2. Incident Response
Security incidents should be handled according to the security incident response plan and disaster recovery plan (contained within technical team documentation).
Security incidents should be immediately reported to the Information Security Officer.An incident response team will be appointed by the Information Security Officer, and will be ready for deployment in case of personal data compromise.
3. Incident Response Plan (IRP)
If a compromise is suspected:
Alert the Information Security Officer who will perform an initial investigation and notify the Incident Response Team if necessary.
Immediately report the suspected or confirmed loss or theft of any material or records that contain personal data.If a security breach is suspected with a merchant or service provider, take immediate action to investigate the incident and limit the exposure of personal data.
Steps for compromised entities.Immediately contain and limit the exposure. Prevent further loss of data by conducting a thorough investigation of the suspected or confirmed compromise of information.
To preserve evidence and facilitate the investigation:
Alert all necessary parties immediately. Be sure to contact:
4. Incident Response Team
The incident response team will always consist of:
Incidents will be managed in accordance to the Incident Response Plan (IRP) and each individual is required to submit a written report on the conclusion of the incident which should be stored securely (either electronically or in paper format).