Data & Privacy
Our promise: personal and client information and data are safe with us. Client confidentiality and data security are a ‘conditio sine qua non’ for our work.
Data protection officer
Steward Redqueen’s Data Protection Officer (DPO) is Pauline Brunner.
It is her duty to:
- Respond when individuals ask about their personal data that has been collected by Steward Redqueen;
- Allow for correction of personal data;
- Establish security arrangements to protect personal and client data.
Data security arrangements
To ensure this we have done the following:
- The hard drives of all our laptops and computers are encrypted and cannot be accessed without passwords;
- Firewalls and virus-checking software has been installed on all employees’ computers;
- Portable computing devices are secured and/or locked up when not use;
- Computer screens lock automatically when left unattended for a specific period;
- Restricted use of external devices on all company-issued computers;
- Limited employee access to sensitive and confidential documents on a need-to-know basis;
- Employees are not allowed to store personal and client-related data outside the Microsoft cloud, nor can these be shared with third parties without permission of a partner or the respective person/client. In case of travel relevant data and documents can be synced with Steward Redqueen laptops. Synchronizing will be undone upon return.
- All our information is managed in the Microsoft cloud ensuring that all data is encrypted and stored only on European servers (notably in the Netherlands and the Republic of Ireland). Confidential client information is stored in separate directories in this cloud with restricted level of access for authorised team members.
- Regular back-ups are made on the computer systems and are kept in a separate location;
- We will stop holding on to personal and client data when we no longer have any business or legal use for it and this will safely be disposed of;
- We don’t transfer personal and client data to other organisations without proper consent from the respective individual or organisation. In case of personal data, we will always check first if the receiving party provides protection comparable to the standard under Singapore’s Personal Data Protection Act.