RMG00000087
RMG00000087
Royal Mail Policy Statement
Data Privacy Policy
Royal Mail Group Limited (RMG) respects the privacy of all its colleagues and customers in relation to any personal
data it collects, stores and processes about them. We accept our responsibility to ensure that all such personal data is
managed in line with all applicable data protection and privacy laws. This policy sets out the steps our people must
take to do this.
We will:
* Only use personal data for specified and lawful purposes and in line with our published Privacy Notice’ and
Employee Privacy Notice’.
© Classify® and protect any personal data RMG holds based on its volume, importance and sensitivity to the business
and individuals, applying additional protection as required to sensitive data (Appropriate Policy Document‘) and
payment card data (PCI Standard’).
¢ Ensure personal data is kept accurate and up to date, deleted and disposed of carefully and only retained for the
time period set out in our Corporate Retention Schedule’.
* Complete data protection and information security training promptly as required.
e Report any actual or suspected personal data breaches to the 24-hour IT Helpdesk o1
possible.
e Ensure all the necessary due diligence and data sharing guidance is followed when using a third-party supplier to
process personal data on RMG’s behalf, or when we transfer personal data outside the UK.
e Follow all the additional requirements regarding the protection of personal data including any individual
responsibilities of usage of RMG devices which is outlined in the Information Security Policy’ and Acceptable Use
Policy’.
30 June 2022
Policy Owner: Director of Privacy and DPO
Where to go for help
This policy is supported with the following documents:
Privacy Notice
Employee Privacy Notice
Information Classification Standard
Appropriate Policy Document
PCI Standard
Corporate Retention Schedule
Information Security Policy
8. Acceptable Use Policy
NOURWNE
If you need h
thinksecure@:
Who does this Policy apply to?
jis policy, please contact the Data Protection Office team at
Lor visit the Think Secure intranet page.
This policy applies to all individuals working for Royal Mail Group Limited (including Parcelforce Worldwide),
including employees, workers, and agency workers. The spirit of this policy should also be applied to any individual or
company who deliver services to or on behalf of Royal Mail Group Limited. This policy is not applicable to companies
within the General Logistics Systems BV group.
Classified: RMG — Internal