14.4 DATA PROTECTION The Company has a Data Protection Policy, which explains the responsibilities and principles that must be followed when handling personal data, that is – information about each individual data subject (customers, employees and suppliers). You can get a copy of the policy from your manager. If your job involves handling any records (whether on paper or computer), that contain information about individuals, please read and understand the Data Protection Policy, and follow it to the letter.You must ensure that you: • � Do not give out any personal data to anyone without permission, speak to your manager should you receive any requests for personal information. • � Adopt a clear desk/working area policy and avoid leaving any personal information on view. • � Ensure that hard copies of personal information are stored correctly or destroyed securely. If your work involves storing or retrieving data on a computer system, you must: • Only access the data required by your job. • Log out if you leave for an extended period of time. • � Do not give your log-in credentials and password to another member of the team. • � Do not keep additional copies of personal information, update the main online record and then delete the copy of the information securely. • � Do not download any personal data in bulk without expressed permission. • � Be careful with work emails you may receive.Where possible avoid clicking links in an email from someone you don’t know. • � The Company’s computer systems are critical to its business. Do not do anything which could put the system or the data it holds at risk. • � The InformationTechnology Policy contains detailed requirements about computer use.You must follow the policy completely or risk dismissal.You will find this on the Intranet. You should note that information about individuals handled at work is completely confidential and should not be exposed to anyone who is not authorised to access it. Any instances relating to a breach of data protection will be investigated and depending on the circumstances may be treated as a potential gross misconduct issue.This may result in summary dismissal and could even be a criminal offence, in which case the matter will be reported to the appropriate authorities. If you have any queries about handling data, data protection procedures or training, please speak to your manager. 39 14.INFORMATIONANDDATAcontinued 14.3 CONFIDENTIALITY AND DOCUMENTS We promote a working environment of openness and honesty, which we hope everyone respects and adheres to. This includes keeping confidential Company information exactly that – confidential. If, during the course of your employment, you come across any information about Byron, or other subsidiaries of the business, you should never disclose it to anyone other than your manager or senior management. Examples of the type of information you might read or find, include: • � Financial information, including margins, discounts, buying prices, management accounts, amount of takings • � Information about security arrangements, including computer access codes • Future organisational or promotional plans • Planned price changes • Salaries and information about colleagues • Guest details and lists • Supplier details and lists, terms of business, discounts • � Proposed restaurant sites, or potential sites under investigation • Recipes, work processes, techniques and technical know-how • Company policies and procedures • �� Any other information not generally known to other employees, guests or competitors Both during your employment and afterwards, revealing or using any of this information is strictly prohibited unless the information lawfully becomes public knowledge other than through you, like in a newspaper. Information about guests and other companies which you may discover in the course of your work is also confidential. All Company data and documents are and remain the property of the Company.This includes any data and documents you create in the course of your work.The copyright in Company documents is owned by the Company, and you may not copy, adapt or use any material in any Company documents for your own or any third-party purposes unless you have written permission from a Director Keep data and documents secure and prevent unauthorised access to them. On leaving the Company you must return all Company data and documents in your possession or under your control, and neither make nor keep any copies. Refer to the Information Technology Policy and the Data Protection Policy for more about data and information. 38 �