Handling Information

Handling Customer & Personal Data

Foundational

We are trusted with people's identity documents, financial details, and personal information. That trust comes with a simple duty for all of us: only look at data you need for your job, only share it with people who should have it, and only keep it in approved places. Personal data is borrowed, not ours to do as we like with.

Data protection law (GDPR) isn't only the legal team's concern — it shapes how everyone handles information day to day. The core ideas are easy: use personal data only for the proper reason, see and share only what you genuinely need, and keep it inside the company's approved, secure systems. Curiosity, convenience, and shortcuts are how data ends up in the wrong place.

Some data we hold is especially sensitive — identity documents and biometric information used for identity checks. Treat that with extra care. And remember the golden move: if you're ever unsure whether you can look at, share, or copy something, ask before you do, not after.

Handle data with care

DoAccess customer and personal data only when you need it for your specific job — not out of curiosity, and not about people you know.
DoShare personal data only with people who are entitled to it, and only through approved company systems and channels.
DoKeep data in approved company tools; if you must send it, use the approved secure method, and double-check the recipient before you hit send.
DoCollect and keep only what's needed, and follow guidance on how long things are kept — don't hoard personal data "just in case".
AlwaysAsk before you look at, share, copy, or export personal data if you're not certain it's allowed — checking first is always the right call.

Never do this with data

NeverSend customer or personal data to your personal email, personal cloud storage, personal phone, or any unapproved app or device.
NeverLook up, access, or share someone's data out of curiosity or for any reason outside your job — including friends, family, or public figures.
NeverTake screenshots, photos, or copies of customer data to keep, send, or post — including in chats, tickets, or social media.

Ask yourself

AskDo I actually need this data for my job right now?
AskIs this the right person to share it with, and the approved channel to use?
AskAm I about to put data somewhere personal or unapproved? Stop.

Why it matters: A single piece of personal data in the wrong place — a customer file forwarded to a personal email, a screenshot in a chat — can be a reportable data breach, with serious fines and a real impact on the person whose data it was. Handling data carefully protects our customers, keeps us on the right side of the law, and preserves the trust the whole business depends on.