Data Security and Protection
At Optimise, data protection is built into how we deliver offshore operational support. Our team accesses customer systems through a controlled remote-access model, with practical safeguards covering confidentiality, access control, secure working, incident response, and customer data governance.
This page explains how customer data is handled, where it is stored, and how access is controlled.
Unwavering Commitment to Data Security
The protection of your data is a top priority for us. We employ diligent and effective measures to handle your data in a secure environment. Our security practices encompass technical, contractual, administrative, and physical safeguards, all meticulously designed to ensure the safety of the data you entrust to us.
Strong systems in place
We use appropriate technical and organisational measures to protect client information, including secure encrypted connections, access controls, network and device safeguards, monitoring, physical security, and continuity measures.
Regular security audits and penetration testing
Optimise personnel access customer systems only through authorised credentials. Where supported by customer systems, access may include multi-factor authentication, individual user accounts, and role-based permissions.
Access controls
Customers retain control over user accounts, system permissions, access rights, and system governance. Optimise team members operate only within the permissions granted by the customer.
Expert staff
All Optimise personnel are bound by confidentiality obligations and trained in secure handling of information, data protection responsibilities, secure remote working, recognising potential security incidents, and reporting procedures.
Data Protection
Optimise recognises the importance of protecting customer information. Our approach is based on clear customer control, secure remote access, data minimisation, confidentiality, and practical safeguards designed to protect the integrity, availability, and confidentiality of customer data.
Data Protection Roles
Customer remain in control of their own systems, data, access permissions, and processing decisions. Optimise acts as a Data Processor, providing operational support under the documented instructions of the customer organisation.
Optimise does not determine the purpose or means of processing customer personal data.
Where Client Data Is Stored
Customer data remains stored within the customer organisation’s own systems and infrastructure. Optimise does not host client databases, maintain copies of customer records, export personal data from customer systems, or store customer personal data on Optimise infrastructure or devices.
Our team accesses customer systems remotely only to carry out authorised operational tasks. The customer’s own system remains the authoritative source of record at all times.
Secure Remote Access
Optimise delivers services through a controlled remote-access model. Authorised team members access customer systems using approved credentials and operate within the permissions set by the customer.
Where supported by customer systems, security measures may include encrypted connections, multi-factor authentication, individual user accounts, role-based permissions, and access logging.
Remote and International Access
Optimise may provide services through authorised personnel located outside the United Kingdom. Under this model, client data remains stored within the client organisation’s own systems.
No copies of client personal data are exported, replicated, or stored outside the client’s system environment. Access takes place only while authorised team members are authenticated within the client’s systems.
Operational Safeguards
Optimise applies practical safeguards to support responsible data handling. These include access limited to authorised operational tasks, minimum necessary access, individual user accounts, no shared credentials, and restrictions on downloading, copying, printing, screenshots, or recordings containing confidential client information.
Incident Response and Breach Cooperation
Optimise maintains an Incident Response and Personal Data Breach Policy. Suspected security incidents are assessed, contained, recorded, and escalated through our internal response process.
Where personal data may be involved, we notify the client organisation without undue delay and provide reasonable assistance with investigation, containment, remediation, and regulatory obligations.
External Legal Review and Sector Alignment
Optimise regularly reviews its data protection and information governance approach to ensure it remains aligned with UK GDPR, the Data Protection Act 2018, ICO guidance, and client expectations.
Where a customer operates in a regulated or sector-specific environment, Optimise may engage UK-based legal advisers with relevant data protection and sector experience to review our documentation and support alignment with applicable requirements.
This provides additional assurance for customers whose operating environment requires specific governance, confidentiality, or compliance considerations.
ICO Registration and Data Protection Contact
Optimise Outsourcing Ltd is registered with the Information Commissioner’s Office under registration reference ZC103678.
For data protection enquiries, please contact:
Maureen Fernandez
[email protected]
Data Protection FAQs
Where appropriate, Optimise may engage UK-based legal advisers with data protection and sector-specific experience to review its documentation and support alignment with UK GDPR, the Data Protection Act 2018, ICO guidance, and relevant client requirements
Where required, Optimise will cooperate with customer organisations in responding to data subject requests under applicable data protection legislation.
Customer data remains within the customers organisation’s own systems. Optimise personnel access customer systems remotely for authorised operational tasks, but Optimise does not create or maintain separate customer databases.
Access to customer systems is managed carefully and only introduced with the customer’s agreement. Optimise works with customers to ensure any agreed third-party access is appropriate, controlled, and aligned with the customer’s data protection requirements.
