Skip to main content
Last reviewed: [Date] — Next review due: [Date]

Scope

This policy applies to all personal data processed by Blevins Holdings — including data about employees, contractors, clients, and any third parties whose data we handle in the course of business.

What data we collect

Data typeExamplesPurpose
Employee dataName, contact info, payroll detailsHR and operations
Client dataContact info, account detailsService delivery
Usage dataSystem logs, access recordsSecurity and auditing
CommunicationsEmail, messagesBusiness records

How we use data

We collect and use data only for legitimate business purposes. Data is never sold to third parties. Access is limited to those who need it to perform their role.

Storage and retention

  • Data is stored on company-approved systems only
  • Personal data is retained for the minimum period required by law or business need
  • When data is no longer needed, it is securely deleted or anonymized

Employee responsibilities

1

Use approved systems

Store company and client data only on approved platforms. Do not use personal email, personal cloud storage, or unapproved apps for business data.
2

Lock your screen

Lock your workstation when stepping away, even briefly.
3

Report incidents

If you suspect a data breach or unauthorized access, report it immediately to IT and your manager.
4

Handle requests carefully

If a client or individual requests access to or deletion of their personal data, forward the request to [designated contact] immediately — do not respond independently.

Data breaches

In the event of a suspected data breach: 
1. Do not attempt to investigate or resolve it yourself
2. Immediately notify IT Security: security@blevinsholdings.com
3. Preserve any evidence — do not delete files or logs
4. Follow the Incident Response SOP
Delays in reporting suspected breaches may result in regulatory penalties and personal liability.
Policy owner: IT / Legal