In relation to the handling of any personal data required for the delivery of services by Collaborative Change within a project contract, the board of directors guarantees that:

• Data is only accessible by named project personnel and is never transferred to a third party other than when written instruction is provided by the client.

• Data is stored on a stand-alone Windows 10 desktop PC, protected with Windows and Norton security features. Access is restricted to designated project personnel using Windows user authentication and the application of strong passwords.

• Files containing confidential data are transferred securely using Microsoft OneDrive for Business service. Other services are used if these are preferred by the client, for example Dropbox or a client’s own secure FTP service.

• In the event of any confidential data needing to be transferred via email, these files are always password encrypted with the password being preferably sent using a separate medium (phone text), or at least a separate email if an alternative medium if not available.

• Backups of data are stored securely using Microsoft OneDrive for Business cloud storage. In addition to OneDrive encryption, files containing personal data are also individually password protected.

• No files containing personal data are stored on any form of removable media such as USB sticks.

• All files are deleted 3 months after final completion of the project, or at some time agreed with the client if required. Secure deletion from drives is achieved using Microsoft’s SDelete utility.

• Any redundant hard drives are wiped securely using DBAN before disposal.