INGLISTON COUNTRY CLUB & HOTEL
Date: 23 May 2018
1.1 This policy outlines the principles and standards the Company requires those using our internet, email and other communications systems to observe. It also explains when the Company will monitor the use of those systems and the action the Company will take if the terms of this policy are breached.
1.2 The Company expects all of its electronic and computer facilities to be used in an effective and professional manner and encourages all staff to develop the skills necessary to do so. These facilities are provided by the Company for its own business purposes to assist its staff in carrying out their duties effectively. It is the responsibility of all staff to ensure that this technology is used for proper business purposes and in a manner that does not compromise the Company or its workforce in any way.
1.3 Professional integrity is central to the Company and it must characterise all our dealings. All staff should think about how their own image or that of the Company may be affected by how they use the internet and other electronic communication systems. The same professional ethical obligations apply to conduct in online and offline environments.
1.4 This policy applies to the use of Company technology while at work and also when using Company technology from outside work eg when accessing our systems remotely, using a Company laptop or tablet when travelling and when using BlackBerries, smartphones or personal digital assistants (PDAs).
1.5 Misuse of the internet, email and/or other communication systems can expose both individuals and the Company to legal or financial liability. For example, an individual may enter into unintended contracts, breach copyright or licensing arrangements, incur liability for defamation or harassment or introduce viruses into the system. This policy is designed to safeguard both individuals and the Company from such liabilities. It is important that all staff read the policy carefully and ensure that all use of the internet, email and other communication systems is in accordance with its terms.
1.6 This policy applies to all employees of the Company, agency workers, volunteers, workers, consultants and other contractors who have access to Company computer and other communications systems. It also applies to personal use of the Company’s equipment and technology in any way that reasonably allows others to identify any individual as associated with the Company.
1.7 This policy does not form part of any employee’s contract of employment and the Company may amend it at any time.
1.8 Willie Hodge, Business Protection Manager is responsible for the monitoring and implementation of this policy. Any questions about the content or application of this policy or other comments should be referred to Willie Hodge.
2 Use of the Company’s computer systems
2.1 Staff may use the Company’s computer systems only to the extent that they are authorised to do so. Staff should not use the Company’s computer equipment for any purpose that is not connected to the Company’s business unless they have express permission to do so or they are making personal use of the system as permitted by this policy (see paragraph 0).
2.2 Use of the Company’s systems for commercial purposes other than the business of the Company is strictly prohibited.
2.3 Any individual with access to the Company’s network must adhere to strict access controls, to reduce the risk of virus infections, hacking and other unauthorised access attempts:
2.3.1 only authorised equipment is allowed to connect to the Company’s network from any office location;
2.3.2 remote access (via broadband, dial up, etc) is also restricted to authorised equipment and access must only be via secure means, eg VPN software;
2.4 The Company licenses software from a number of sources. The Company does not own that software and must comply with any restrictions or limitations on use, in accordance with its licence agreements. All staff must adhere to the provisions of any software licence agreements to which the Company is party.
2.5 Staff must not use any software for any purpose outside the business of the Company without express permission of Willie Hodge, Business Protection Manager or as otherwise permitted by the terms of this policy.
2.6 Staff must not copy, download or install any software without first obtaining permission from Willie Hodge, Business Protection Manager.
3.1 Staff should never assume that internal or external messages are necessarily private and confidential, even if marked as such. Email and the internet are not secure means of communication and third parties may be able to access or alter messages that have been sent or received. Do not send any information in an email which you would not be happy being publicly available. Matters of a sensitive or personal nature should not be transmitted by email unless absolutely unavoidable and if so, should be clearly marked in the message header as highly confidential. The confidentiality of internal communications can only be ensured if they are sent by internal post, or delivered personally by hand or included in a password-protected or encrypted online document.
3.2 Email and internet messages should be treated as non-confidential. Anything sent through the internet passes through a number of different computer systems, all with different levels of security. The confidentiality of messages may be compromised at any point along the way unless the messages are properly encrypted.
3.3 Staff should refer to their contract or the Staff Handbook for details of the types of information that the Company regards as confidential and which should be treated with particular care.
4 General rules regarding communications and email
4.1 All communications, including email, should reflect the highest professional standards at all times. In particular, all staff must:
4.1.1 keep messages brief and to the point;
4.1.2 ensure the spelling and grammar are carefully checked before sending;
4.1.3 ensure that all emails sent from the Company include [the current disclaimer wording OR the following wording: Ingliston Country Club – The data contained in, or attached to, this e-mail, may contain confidential information. If you have received it in error you should notify the sender immediately by reply e-mail, delete the message from your system and contact 01505 864 333 if you need assistance. Please do not copy it for any purpose, or disclose its contents to any other person.
4.1.4 ensure that an appropriate heading is inserted in the subject field; and
4.1.5 double check the recipient(s) before pressing the send button—not only can it be embarrassing if a message is sent to the wrong person, it can also result in the unintentional disclosure of confidential information about the Company or a client/customer.
4.2 Staff must not send messages from another person’s email address (unless authorised in the proper performance of their duties) or under an assumed name.
4.3 Staff must not send offensive, demeaning, disruptive or defamatory messages or images by any method. This includes, but is not limited to, messages or images inconsistent with the Company’s Equal Opportunities Policy and Harassment and Bullying Policy and any sexist or racist material or any material which could be offensive on the grounds of a person’s disability, age, sexual orientation, gender or religion or belief.
4.4 Staff must not place on the system or send any message or image which could be regarded as personal, potentially offensive or frivolous to any recipient or to any other person (even if not sent to them).
4.5 If any individual receives any communication containing material that is offensive or inappropriate to the office environment, the individual must delete it immediately. Under no circumstances should such communication be forwarded either internally or externally, other than internally to Elaine Sherlock, Head of HR & People Development in order to report a breach of this policy.
4.6 Staff should not transmit anything in an email or other communication that they would not be comfortable writing (or someone else reading) in a letter. Emails leave a retrievable record and, even when deleted, can remain on both the individual’s computer and on the Company’s back-up system. Emails can be recovered and used as evidence in court proceedings and/or reviewed by regulators. Electronic messages are admissible as evidence in legal proceedings and have been used successfully in libel and discrimination cases.
4.7 Staff must not create congestion on the Company’s systems by sending trivial messages or by unnecessary copying or forwarding of messages to recipients who do not need to receive them, or by sending or forwarding chain mail, junk mail, cartoons, jokes or gossip.
4.8 Staff must use a Company email address for sending and receiving work-related emails and must not use their own personal email accounts to send or receive emails for the purposes of the Company’s business. Staff must not send (inside or outside work) any message in the Company’s name unless it is for an authorised, work-related purpose.
4.9 Staff must not send unsolicited commercial emails to persons with whom the individual does not have a prior relationship without the express permission of the relevant manager.
4.10 Communications must not provide references, recommendations or endorsements for any third party, unless expressly authorised by Nigel Bird, CEO.
4.11 Emails will be stored on the Company’s server for a period of 52 weeks, after which they will be permanently deleted. If an individual wishes to keep any emails beyond this date that are not customer-related, they should use their personal folders.
5 Passwords and security
5.1 Each individual is personally responsible for the security of all equipment allocated to or used by them. An individual must not allow equipment allocated to that person to be used by any other person other than in accordance with this policy.
5.2 Each individual must use passwords on all IT equipment allocated to them and must keep any password allocated to them confidential and must change their password regularly.
5.3 No individual may use another person’s username and/or password to access the Company’s systems, nor may any individual allow any other person to use their password(s). If it is anticipated that someone may need access to an individual’s confidential files in their absence, that individual should arrange for the files to be copied to a network location that is properly secure where the other person can access them or give the person temporary access to the relevant personal folders.
5.4 All staff must log out of the Company’s system or lock their computer when leaving their desk for any period of time. All staff must log out and shut down their computer at the end of the working day.
6 Contact lists
6.1 Lists of contacts compiled by staff during the course of their employment and stored on the Company’s email system and/or other Company database(s) (irrespective of how they are accessed) belong to the Company. Such lists may not be copied or removed by staff for use outside their employment or after their employment ends.
7 Systems and data security
7.1 Be vigilant when using the Company’s email system. Computer viruses are often sent by email and can cause significant damage to the Company’s information systems. Be particularly cautious in relation to unsolicited email from unknown sources.
7.2 If any individual suspects that an email may contain a virus, they should not reply to it, open any attachments to it or click on any links in it and must contact Click Networks immediately for advice.
7.3 Any files or software downloaded from the internet or brought from home must be virus checked before use. Staff should not rely on their own computer to virus check any such programs but should refer direct to Click Networks.
7.4 No personal computer, mobile phone, tablet computer, USB storage device or other device is permitted to be connected to the Company’s systems or network without express prior permission from Willie Hodge, Business Protection Manager. Any permitted equipment must have up-to-date anti-virus software installed on it and the Company may inspect such equipment in order to verify this.
7.5 Staff must not run any ‘.exe’ files, particularly those received via email, unless authorised to do so in advance Click Networks. Unauthorised files should be deleted immediately upon receipt without being opened.
7.6 Staff must not access or attempt to access any password-protected or restricted parts of the Company’s systems for which they are not an authorised user.
7.7 All staff must inform Click Networks immediately if they suspect their computer may have a virus and must not use the computer again until informed it is safe to do so.
7.8 All laptop, tablet, smartphone and mobile phone users should be aware of the additional security risks associated with these items of equipment. All such equipment must be locked away in a secure location if left unattended overnight.
8 The internet
8.1 Access to the internet during working time is strictly limited to matters relating to your work duties and employment.
8.2 Any unauthorised use of the internet is strictly prohibited. Unauthorised use includes (but is not limited to):
8.2.1 creating, viewing, accessing any webpage or posting, transmitting or downloading any image, file or other information unrelated to your employment and, in particular, which could be regarded as pornographic, illegal, criminal, offensive, obscene, in bad taste or immoral and/or which is liable to cause embarrassment to the Company or to our clients/customers;
8.2.2 engaging in computer hacking and/or other related activities; and
8.2.3 attempting to disable or compromise security of information contained on the Company’s systems or those of a third party.
8.3 Staff are reminded that such activity may also constitute a criminal offence.
8.4 Postings placed on the internet may display the Company’s address. For this reason staff should make certain before posting information that the information reflects the standards and policies of the Company. Under no circumstances should information of a confidential or sensitive nature be placed on the internet. Staff must not use the Company’s name in any internet posting (inside or outside work) unless it is for a work-related purpose.
8.5 Information posted or viewed on the internet may constitute published material. Therefore, reproduction of information posted or otherwise available over the internet may be done only by express permission from the copyright holder. Staff must not act in such a way as to breach copyright or the licensing conditions of any internet site or computer program.
8.6 Staff must not commit the Company to any form of contract through the internet without the express permission of their manager.
8.7 Subscriptions to news groups, mailing lists and social networking websites are permitted only when the subscription is for a work-related purpose. Any other subscriptions are prohibited.
8.8 The Company may block or restrict access to any website at its discretion.
9 Personal use of our systems
9.1 Reasonable personal use of the Company’s systems to send personal email, browse the internet and make personal telephone calls is allowed provided that it does not interfere with the performance of any individual’s duties and the terms of this policy are strictly adhered to. The Company reserves the right, at our absolute discretion, to withdraw this privilege at any time and/or to restrict access for personal use.
9.2 Personal use must meet these conditions (in addition to those set out elsewhere in this policy):
9.2.1 personal use must be minimal (both in terms of time spent and frequency) and reasonable and must take place exclusively outside normal working hours, ie during lunch or other breaks, or before and after work;
9.2.2 personal use must not affect the job performance of any member of staff or otherwise interfere with the Company’s business; and
9.2.3 The Company does not permit access to web-based personal email such as Hotmail, Yahoo!, Outlook.com or Gmail on its systems at any time, due to the additional security risks to the Company’s systems.
10.1 The Company’s systems enable us to monitor telephone (including mobile telephone), email, voicemail, internet, CCTV and other communications. Any individual’s use (including personal use) of our systems may be monitored by automated software or otherwise, for business reasons, in order to carry out our obligations as an employer and in order to monitor compliance with the terms of this policy.
10.2 The Company reserves the right to monitor, intercept, retrieve and read the contents of any internal or external email or other communication to listen to or record any telephone conversation or to check internet usage (including pages visited and searches made) as reasonably necessary in the interests of the Company’s business, including for these purposes (the list is not exhaustive):
10.2.1 monitoring and record keeping to establish facts;
10.2.2 to establish compliance with regulatory or self-regulatory procedures;
10.2.3 to prevent, detect or investigate alleged crime or wrongdoing;
10.2.4 to investigate or detect the unauthorised use of the Company’s systems or to ascertain compliance with the Company’s policies, practices or procedures (including this policy);
10.2.5 to locate and retrieve lost messages or files;
10.2.6 to check whether communications are relevant to the business (for example when an individual is absent due to sickness or holiday); and/or
10.2.7 to comply with any legal obligation.
10.3 The Company reserves the right to read any employee’s emails in order to check for business emails while they are absent or out of the office. The Company may also access any employee’s voicemail to check for business calls while they are absent or out of the office. It may therefore be unavoidable that some personal messages will be read or heard.
11 Prohibited use and breach of this policy
11.1 The Company considers this policy to be extremely important. Any breach of the policy will be dealt with under the Company’s dismissal and disciplinary procedure.. In certain circumstances, breach of this policy may be considered gross misconduct resulting in immediate termination of employment or engagement without notice or payment in lieu of notice. In addition, or as an alternative, the Company may withdraw an individual’s internet and/or email access.
11.2 Examples of matters that will usually be treated as gross misconduct include (this list is not exhaustive):
11.2.1 unauthorised use of the internet as outlined in paragraph 8.2 above;
11.2.2 creating, transmitting or otherwise publishing any false and defamatory statement about any person or organisation;
11.2.3 creating, viewing, accessing, transmitting or downloading any material which is discriminatory or may cause embarrassment to other individuals, including material which breaches the principles set out in the Company’s [Equality OR Equal Opportunities] Policy and our Harassment and Bullying Policy;
11.2.4 accessing, transmitting or downloading any confidential information about the Company and/or any of our staff and/or client or customers, except where authorised in the proper performance of your duties;
11.2.5 accessing, transmitting or downloading unauthorised software; and
11.2.6 viewing, accessing, transmitting or downloading any material in breach of copyright.
12 Review and training
12.1 Colette Johnston-Douglas, Head of Finance is responsible for this policy.
12.2 The Company regularly monitors the effectiveness of this policy to ensure it is working in practice and will review and update this policy as and when necessary. The Company will provide information and/or training on any changes made.
12.3 All staff will receive appropriate training on this policy, including training on any updates made to it.
13.1.1 In line with GDPR the company will always ask for consent on use of your personal details:
(a) We have checked that consent is the most appropriate lawful basis for processing.
(b) We have made the request for consent prominent and separate from our terms and conditions.
(c) We ask people to positively opt in.
(d) We don’t use pre-ticked boxes or any other type of default consent.
(e) We use clear, plain language that is easy to understand.
(f) We specify why we want the data and what we’re going to do with it.
(g) We give separate distinct (‘granular’) options to consent separately to different purposes and types of processing.
(h) We name our organisation and any third party controllers who will be relying on the consent.
(i) We tell individuals they can withdraw their consent.
(j) We ensure that individuals can refuse to consent without detriment.
(k) We avoid making consent a precondition of a service.
(l) If we offer online services directly to children, we only seek consent if we have age-verification measures (and parental-consent measures for younger children) in place.
14 Recording Consent
14.1.1 We keep a record of when and how we got consent from the individual.
14.1.2 We keep a record of exactly what they were told at the time.
15 Managing Consent
15.1.1 We regularly review consents to check that the relationship, the processing and the purposes have not changed.
15.1.2 We have processes in place to refresh consent at appropriate intervals, including any parental consents.
15.1.3 We make it easy for individuals to withdraw their consent at any time, and publicise how to do so.
15.1.4 We act on withdrawals of consent as soon as we can.
We don’t penalise individuals who wish to withdraw consent