Data Processing Policy
It is Somerford Associate’s policy to avoid becoming a Data Processor on behalf of our customers.
Other than business contact and customer account information, we do not hold any customer data on our systems.
Our customers’ data may be held on our Partners Systems (eg. Splunk) where the services are provided as a cloud hosted solution, and any security and data protection terms are agreed (or need to be agreed) directly between the customer and the Partner.
Insofar as Somerford employees are providing installation or maintenance services (Professional Services) for our customers, this will be performed using the customer’s systems and data (albeit procured from our partner) under the direct supervision of the customer. In other words we’ll only access the customer systems and data in order to help the customer set up, operate and maintain the services for themselves.
We are happy to confirm that while Somerford employees are engaged in this activity, they will:
- have been suitably security screened beforehand,
- be suitably trained and qualified to undertake the task at hand,
- perform their tasks with all due care and professionalism, in accordance with the agreement and SOW,
- follow all reasonable customer security and data protection policies and procedures during the conduct of their work, and in any case comply with prevailing Data Protection law.
We expect that the customer will:
- wherever possible, avoid unnecessarily exposing Somerford employees to live personal data, payment card data or other confidential data;
- and, where this is not possible, advise Somerford employees beforehand, of the sensitive nature of the data that they are about to handle so that our staff can take all due care.