Data Transfer and Sharing Policy
Purpose: This policy outlines the procedures to securely transfer and share customer data during the Salesforce implementation process.
Scope: This policy applies to all data transfers related to Salesforce implementation engagements, whether initiated by Elucidate Group or our clients.
1 Principles of Data Transfer and Sharing:
Secure Channels: All data transfers, whether inbound or outbound, will take place over specific, encrypted channels to ensure the integrity and confidentiality of data.
Data Minimisation: Only the essential data required for the Salesforce implementation will be shared or transferred. Any additional or unnecessary data will be excluded.
2 Specific Transfer and Sharing Procedures:
Google Drive Method: For customers who do not have a preferred data-sharing tool, Elucidate Group will provide a unique Google Drive folder at the beginning of the engagement. This folder will have strict access controls, ensuring only the client and necessary personnel from Elucidate Group can access the data. Data uploaded to this folder should be encrypted and exclude sensitive or personal information unless essential for the implementation. After successfully uploading data into the Salesforce platform, the contents of the unique folder will be deleted. A notification will be sent to the client confirming the same.
Client's Sharing Tools: If a customer wishes to use their data-sharing tools, they should ensure that their tool meets acceptable security standards. Elucidate Group will cooperate with clients in integrating with their chosen tools while still adhering to our security and data protection standards. Once the data transfer from the client's tool is completed, any stored data on Elucidate Group's end will be securely deleted.
3 Temporary Storage:
Any customer data temporarily stored during the transfer process will be held in a secure, encrypted environment. Post-transfer, this data will be securely deleted, ensuring no remnants remain.
4 Monitoring and Logging:
All data transfers will be logged, noting the date, time, data type, source, and destination. These logs will be periodically reviewed to detect any anomalies or unauthorised transfers.
5 Breach Protocol:
In case of any detected unauthorised access or breach during data transfer:
- Immediate action will be taken to halt and rectify the breach.
- Affected parties, including clients, will be notified, and a thorough investigation will be conducted.
- Based on the findings, corrective and preventive measures will be implemented.
6 Review and Updates:
This Data Transfer and Sharing Policy will be reviewed annually or in the event of significant changes to the company's processes, tools, or security landscape.
