Version Date 01/01/2026
INFORMATION SECURITY POLICY Technical and organisational security measures Cleverbox takes the privacy and security of all our clients and their personal information very seriously and ensures every reasonable measure and precaution is taken to protect and secure the data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place to secure our IT infrastructure and the data stored within. Cleverbox will ensure that the following measures are taken with respect to the collection, holding, and processing of personal data.
Organisational Measures ● We regularly evaluate and review our methods of collecting, holding, and processing personal data. ● We regularly evaluate and review employees, contractors and other parties working on our behalf who handle personal data. ● We ensure any third parties we engage the services of are bound by the principles of this Policy and the GDPR and that any of their employees who may be involved in the processing of personal data are held to the same standards and conditions. ● Before we implement any new or change any existing personal data systems or processes, we will undergo any necessary Data Protection Impact Assessments and alert any affected Data Controllers for whom we process data on their behalf. ● Where any contractor or other party working on behalf of Cleverbox who handles personal data fails in their obligations under this Policy that party shall indemnify and hold harmless Cleverbox against any costs, liability, damages, loss, claims or proceedings which may arise out of their failure. Personnel Security All employees, contractors or other parties working on behalf of the company: ● Undergo appropriate recruitment checks. ● Receive appropriate training on Information Governance and Data Protection relevant to their job role. ● Are made fully aware of both their individual responsibilities and the Company’s responsibilities under the UK GDPR and under this Policy, and will be bound to these principles by contract. ● Understand the importance of the physical security of our premises and not allow unauthorised individuals access to our offices or secure areas. ● Comply with our secure password policy. ● Exercise care, caution, and discretion while working remotely and handling, discussing or using a device with access to, any company-held personal data (i.e. ensuring information cannot be overlooked and devices are not left unattended). Use of Personal Data Cleverbox will ensure that all employees, contractors or other parties working on behalf of the company will: ● Handle personal data with care at all times, not leave potentially sensitive data on desks in plain view and ensure computer screens used to view or access personal data are locked when unattended. ● Only have access to the personal data necessary for them to carry out their contractual obligations or job roles.
Cleverbox, 33 London Road, Bromley, Kent BR1 1DG T: 0208 466 7222 team@cleverbox.co.uk www.cleverbox.co.uk