Information Security Policy

At Kingston Trading (UK) LTD T/A Kingston Distro (“we,” “us,” or “our”), we are committed to safeguarding the confidentiality, integrity, and availability of all information assets associated with our business operations. This Information Security Policy outlines the measures we take to protect sensitive data and maintain the security of information systems. By using our services or accessing our website, you agree to comply with the terms outlined in this policy.

1. Purpose

The purpose of this Information Security Policy is to:

  • Protect personal and business information from unauthorized access, disclosure, alteration, or destruction.
  • Ensure the confidentiality, integrity, and availability of information stored, processed, or transmitted by our systems.
  • Comply with legal, regulatory, and contractual requirements related to data protection and information security.
  • Maintain customer trust and secure business operations.

2. Scope

This policy applies to all employees, contractors, third-party vendors, and users who access, manage, or store information within Kingston Trading (UK) Ltd’s information systems, including data related to customers, employees, and company operations.

3. Information Classification

To ensure appropriate protection, all information handled by Kingston Trading (UK) LTD will be classified according to its sensitivity:

  • Confidential Information: Includes sensitive data such as customer personal information, payment details, business strategies, and intellectual property. Access is restricted to authorized personnel only.
  • Internal Information: Includes internal communications, employee details, and general business records. Access is granted based on the need to know.
  • Public Information: Includes information intended for public release, such as marketing materials, product descriptions, and press releases.

4. Data Protection

We take the following measures to protect personal and business data:

  • Encryption: Sensitive data, including personal and payment information, is encrypted during transmission and at rest using industry-standard encryption methods.
  • Access Control: Access to sensitive data is restricted to authorized personnel only. We use role-based access controls (RBAC) to limit data access based on job responsibilities.
  • Authentication: All users are required to authenticate themselves using strong, unique passwords. We encourage multi-factor authentication (MFA) to enhance security.

5. Secure Data Storage

All sensitive customer data, including personal information and payment details, is stored securely within our systems. We implement physical, technical, and administrative controls to protect against unauthorized access and data breaches.

  • Backups: Regular data backups are performed to ensure data recovery in the event of a disaster, breach, or system failure.
  • Retention and Disposal: We retain data only for as long as necessary to fulfill business requirements or legal obligations. After that, sensitive information is securely deleted or destroyed.

6. Security Monitoring

We continuously monitor our information systems to detect and respond to security threats. This includes:

  • Regular security audits and vulnerability assessments.
  • Real-time monitoring of network traffic and system logs.
  • Implementation of firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) to protect against external threats.

7. Incident Response and Breach Notification

In the event of a data breach or security incident, we will:

  • Promptly investigate and assess the nature of the incident.
  • Take necessary steps to contain and mitigate any damage or unauthorized access.
  • Notify affected individuals in compliance with applicable data protection laws (e.g., GDPR, CCPA) within the required timeframes.
  • Work with law enforcement and regulatory bodies when necessary.

8. Employee Training and Awareness

We provide ongoing security training to all employees to ensure they are aware of best practices and their responsibilities in safeguarding company and customer data. Training includes:

  • Identifying phishing and social engineering attempts.
  • Secure handling of sensitive information.
  • Proper use of security tools and technologies.

9. Vendor and Third-Party Management

We require all third-party vendors, partners, and contractors to comply with our information security standards. This includes:

  • Reviewing third-party security practices before sharing sensitive data.
  • Signing appropriate data protection agreements to ensure that third parties are also safeguarding the information they handle.

10. Physical Security

We ensure that our physical premises and data centers are secure from unauthorized access. This includes:

  • Access controls such as ID badges, security personnel, and surveillance systems.
  • Restrictions on physical access to servers, data storage devices, and other critical infrastructure.

11. Compliance with Laws and Regulations

We comply with all applicable laws, regulations, and industry standards related to information security and data protection, including but not limited to:

  • General Data Protection Regulation (GDPR)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Health Insurance Portability and Accountability Act (HIPAA), if applicable

12. Continuous Improvement

We are committed to continuously improving our information security practices and adapting to evolving threats. This includes:

  • Regular review and updating of this policy.
  • Adoption of new security technologies and practices as they emerge.
  • Seeking feedback from employees, customers, and security experts to enhance our security posture.

13. Violations of Security Policy

Any employee or third party found to be in violation of this policy may face disciplinary action, including termination or legal action, depending on the severity of the violation. Individuals are required to report any security incidents or policy violations immediately to management.

14. Contact Information

If you have any questions or concerns regarding this Information Security Policy, please contact us at:

Kingston Trading (UK) LTD, Site A Wiltshire Road, Dairycoats Industrial Estate, Hull, East Yorkshire, HU4 6PA, United Kingdom
Email: info@kingstondistro.co.uk

Phone: 01482 326555