Data Collection and Storage Policy

Purpose:The purpose of this policy is to define and guide the methods by which Elucidate Group collects and securely stores customer data during the Salesforce implementation process.
‍‍

Scope:This policy applies to all digital assets, customer data, and processes acquired, used, and stored during the Salesforce implementation and support phases.

1 Data Collection:

• Consent: Before data collection, explicit consent will be obtained from customers. This will ensure clarity about the type of data being collected, the purpose of collection, and how it will be used.
• Minimisation: Only data that is directly relevant and necessary for the Salesforce implementation process will be collected.
• Accuracy: Efforts will be made to ensure the data collected is accurate and up-to-date. Customers will be provided with mechanisms to correct inaccuracies in their data.
• Transparency: Customers have the right to inquire about what data is being collected and will be provided with accessible information.

2 Data Storage:

• Salesforce Sales Cloud: Customer data stored within the Salesforce Sales Cloud is encrypted in transit and at rest. Regular security assessments will be conducted to ensure data integrity and security. System access logs will be maintained and periodically reviewed to detect and prevent unauthorised access.
• Notion: Notion pages containing customer data will be private and accessible only to designated personnel. Access logs and activity within Notion will be monitored to maintain the security and integrity of the data.
• Google Drive: Customer-related files will be organised in specific folders with defined access controls. File and folder sharing will be limited. Files will be shared using secure methods, including encrypted links or shared drives with restricted access when necessary. Regular backups will be conducted to ensure data availability.

‍

Data Encryption: Regardless of the platform, all stored data will be encrypted using industry-recognised encryption standards to protect against unauthorised access or breaches.

‍Physical Security (if applicable): If Elucidate Group uses any physical servers or data centres, strict physical security measures, including surveillance, controlled access points, and secure storage, will be in place.

‍Periodic Review: This Data Collection and Storage Policy will undergo a biannual review to ensure its effectiveness and relevance. Any significant changes in the platforms or implementation processes will prompt an immediate review of this policy.

‍