Information Security Policy

Click & Kind Co. Ltd is committed to protecting the confidentiality, integrity, and availability of information and systems used in delivering our services.

Scope

This policy applies to Click & Kind Co. Ltd, including the Director, any contractors we may engage, and any devices, accounts, and systems used to deliver client work.

Our approach

We take a risk-based approach to information security. We apply proportionate controls based on the sensitivity of the information involved and the requirements of each client.

Access control

We restrict access to information and systems to authorised individuals only, using the principle of least privilege. Access credentials are stored securely and are not shared.

Data handling

We only access and process client data where it is necessary to deliver agreed services. Where possible, client data remains within client-managed systems. We do not sell or share client data.

Device and account security

We protect devices and accounts through password or passkey protection, multi-factor authentication where available, encryption, and automatic security updates. We use reputable software and services and keep them up to date.

Secure working practices

We use secure methods for remote access and file transfer. We avoid using unencrypted channels for sensitive information. We minimise the use of local copies of client data and delete them when no longer required.

Incident management

If we suspect or identify a security incident that may affect client data or services, we will act promptly to contain the issue and notify the client without undue delay, including details of impact and remedial actions taken.

Business continuity

We take reasonable steps to maintain service continuity and to reduce the risk of disruption, including secure backup practices where relevant and appropriate to the service being delivered.

Supplier and subcontractor management

Where subcontractors or third-party services are used, we select reputable providers and apply appropriate due diligence based on the risk and nature of the service.

Policy review

This policy is reviewed at least annually, and also after any significant changes to our services or operating practices.

Data Protection and Regulatory Compliance

Click & Kind Co. Ltd is registered with the UK Information Commissioner’s Office (ICO) and complies with applicable UK data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Where Click & Kind Co. Ltd processes client data, this is carried out only as necessary to deliver contracted services and in accordance with client instructions and applicable legal requirements.

Last updated: February 2026
Policy owner: Director, Click & Kind Co. Ltd