IT, Data & Communications

What does copyright mean?

Copyright refers to the legal right of the owner of intellectual property (in simpler terms, it is the right to copy). This means that the original creators of products, and anyone they give authorisation to, are the only ones with the exclusive right to reproduce the work.

What is intellectual property?

Intellectual property refers to creations of the mind such as inventions, literary and artistic works, designs and symbols, names and images used in business.

What do I need to know about copyright and intellectual property?

If you create any works during the course of your employment with us, then all copyright and design rights are the intellectual property of our co-op in accordance with the Copyright, Designs and Patents Act 1988. This provision remains in place during the course of your employment and after your employment has ended too. We understand that this isn’t always the easiest subject to understand so, if you have any questions, please speak with your line manager.

You can learn more about copyright and data ownership when using IT and communication systems / equipment throughout the rest of this section.

We’re a busy and varied business, meaning we gather and use lots of data. Whether this data is about you as our colleague, or information about our members, customers or business contacts (as examples), we take our responsibilities to collect, handle and store our data compliantly with regulations seriously. This policy sets out how we:

• Comply with data protection law and follow good practice.
• Protect the rights of colleagues, members, customers and partners.
• Are open about how we store and process individuals’ data.
• Protect ourselves from the risks of a data breach.

This policy applies to all our branches, offices and other trading locations (including subsidiaries), as well as our central functions. This includes all our colleagues, contractors, suppliers and anyone else working on behalf of our co-op.

What kind of data is protected?

Data protection laws apply to any form of data storage and handling whether electronic, paper-based or in any other form. It includes any data that we hold relating to identifying individuals, including:

• Names of individuals.
• Postal addresses.
• Email addresses.
• Telephone numbers.
• Any other information relating to individuals.

What are the fundamental principles around data protection?

These say that personal data must be:

• Fairly and lawfully processed.
• Processed for limited purposes.
• Adequate, relevant and not excessive.
• Accurate and up to date.
• Kept for no longer than is necessary.
• Processed in line with people’s rights.
• Secure.
• Not transferred outside the European Economic Area (EEA) unless that country or territory also ensures an adequate level of protection.

What does data protection / this policy protect us from?

It is important that personal information is collected and used fairly, stored securely and not disclosed unlawfully. Adhering to this policy helps to protect you and our co-op from material data security risks, including:

• Breaches of confidentiality, such as information being given out inappropriately.
• Failing to offer individuals appropriate options on how we use data relating to them.
• Reputational damage associated with the inadvertent breach of our data protection obligations.

What are my responsibilities?

• All personal information should be regarded as confidential and treated with care and respect. It should not be shared informally (particularly by unencrypted email) and should only be accessed when you need it to be able to do your work (this includes only accessing CCTV for legitimate purposes).
• All data should be kept secure, taking all sensible precautions. This includes using strong passwords (which must not be shared) and changing these regularly.
• If you’re unsure about any aspect of data protection, particularly regarding the disclosure of personal information to others (either within our co-op or externally), you should seek  guidance from your line manager or the Data Protection Officer.
• Personal information stored or printed on paper or on removable media (e.g. CD or DVD) should be kept in a secure place where unauthorised people cannot see it. When no longer required, it should be shredded / destroyed and disposed of securely.
• Personal information should never be saved directly to desktop hard-drives, laptops or other mobile devices (such as tablets or smart phones).
• Your PC / laptop screen should always be locked when unattended. This is especially important when working with personal information.
• You should report and /or correct any data inaccuracies as soon as you discover any.

In addition to the above, some colleagues within our co-op have particular responsibilities, including:

Further guidance can be found in our Employee Privacy Notice and Recruitment Privacy Notice. Alternatively, further information can be requested from our Data Protection Officer, to whom any Data Subject Request should also be addressed:

• Data Protection Officer, Society Secretary, East of England Co-operative Society Limited, Wherstead Park, The Street, Wherstead, Ipswich, Suffolk, IP9 2BJ
• jcarey@eastofengland.coop

We will endeavour to make individuals aware of their data rights in any appropriate printed material and via our company website.

Technology is constantly developing and influencing our business. Most of us will use technology as part of our job role and will benefit from it making our lives a little easier and improving the service we’re able to provide our colleagues, members and customers alike.

However, like every organisation, we’re often subject to attempts to compromise our systems. These attempts can happen when we’re doing things as simple as browsing the internet or opening an email. This policy seeks to prevent any unauthorised use of our systems, data theft and system corruption, as well as any criminal or other liability for you and our co-op.

What are the really important things not to do?

Please ensure you do not use our network, resources or equipment to do the following:

• Download software or data (if you need to do this, you must seek prior authorisation from IT Services).
• Display, access, store or distribute any kind of inappropriate material which contravenes any of our policies (including, but not limited to, Inclusion and Diversity).
• Transmit abusive, profane or offensive language.
• Propagate any virus, worm, Trojan horse or Trap Door programme code, Malware or any other potentially malicious software.
• Disable or adversely affect any computer system network, or to circumvent any system intended to protect the privacy or security of another user.

You should also never:

• Release confidential information about our co-op, customer data or trade secrets.
• Upload any software licensed to our co-op, or data owned or otherwise licensed by us, without prior authorisation from the Head of IT Services.
• Share your individual user ID and password log-in details with anyone else (or use another colleague’s details) without the prior authorisation of a Chief Officer.
• Open any attachments unless they are expected, of known content or are from a known source.
• Attempt to disable or circumvent any IT facility (e.g. internet firewalls) which ensures the safety and security of our IT and communications networks.
• Use a company device to playback or stream TV programmes (due to TV licencing laws).

What should I be aware of in terms of copyright and data ownership?

• Any files or software downloaded via the internet onto our network becomes our property, so must be used in ways which are consistent with our licences and / or copyrights.
• We retain the copyright to any material posted to any forum, newsgroup, chat or webpage by any colleague in the course of their duties.
• If you have internet access, you should take particular care to understand copyright and libel laws. This helps to ensure our use of the internet does not violate any laws which might be enforceable against our co-op. You can read more about Copyright and Intellectual Property throughout this section.

Will you monitor my activity?

It’s important for you to know that our systems record all users’ email messages (sent or received) and an internet history is also stored. Files and messages that are deleted are still retrievable by us for a period of time. Our firewall and IT security systems record file transfers on our network, as well as restricting incoming and outbound messages as part of safeguarding procedures.

We may access, monitor, analyse and / or keep records of communications and your use of IT (at any time and without notice) to generally monitor your compliance with this policy, as well as to:

• Detect and / or prevent crime.
• Ascertain whether ‘we’ (our co-op and you, as an individual) are complying with our rules and policies, as well as any legal and / or regulatory obligations.
• Ascertain whether you have been using the email system to send and receive an excessive number of personal communications.
• Ascertain and / or demonstrate whether we are attaining appropriate standards of customer service.
• Carry out maintenance and to monitor for viruses and / or any other programme which has contaminating or destructive properties.
• Investigate or detect unauthorised use of IT resources.

Therefore, you shouldn’t have any expectations of privacy in relation to your usage of our network, resources or equipment. We still take your individual privacy seriously so, whilst we do need to have monitoring in place to safeguard our IT and communications systems, appropriate controls are in place to ensure that access to individual communications is only undertaken in circumstances necessary to protect our legitimate interests.

Will my emails be accessed when I’m away from work?

If you’ve got some time off planned (e.g. holiday), you can arrange to put steps in place, such as email forwarding or an ‘out of office’ message. However, there are occasions where we will need to access work-related messages when someone is away from the business. Whilst our email system is primarily for business use, we recognise that colleagues may occasionally send or receive personal emails from their work account. To help us tell the difference, if we do ever need to access your emails, you should clearly mark any personal emails as such (and encourage the sender to do the same). We’ll avoid, wherever possible, opening emails clearly marked as personal or private, unless this is necessary as part of an investigation into a suspected breach of policy.

Are there any particular standards I need to keep in mind when using email or other collaboration / messaging tools (e.g. Microsoft Teams)?

In this digital age, these communication tools are used to relay formal and informal messages and information. You’ll have a good idea what’s appropriate considering your relationship with the other person involved, and we’d ask you to remember the following too:

• You’re representing our co-op when replying to email or other messages, so please maintain the same high standards as you would with other forms of communication.
• Emails and messages are quick to send but are often permanent. They may also be read by someone other than who you addressed it to.
• You should never use email or other communication tools to send messages / content which are defamatory, obscene or otherwise inappropriate. If you receive any such content, don’t forward it on and notify your line manager immediately.
• Avoid including any statements which criticise our competitors, whether that be about their product, service offering, colleagues or suppliers.
• Sometimes messages can be read in different ways. You should consider whether the language or tone could be misinterpreted (as offensive or aggressive, for example) by the recipient or any other third party who the email may be forwarded on to.
• Adhere to our Dignity at Work policy.

What should I do if I receive a suspicious email?

False emails claiming to be from known or unknown senders pose the biggest risk to modern IT. ‘Phishing’ emails can carry malware such as ransomware, which will freeze all company systems until a ransom is paid. Therefore, it’s essential that all users question all unexpected emails and do not click on links in emails which seem suspicious. If you’re unsure of an email and you know the sender, check with them that it is legitimate. If the sender is unknown, or you’re otherwise unsure, either delete the email or contact IT Services for further advice.

Is there anything else I need to know about using the internet, in particular?

Whilst our systems are for business-use only, incidental, limited personal use is okay, as long as it doesn’t interfere with your performance of your job role. We reserve the right to monitor colleague’s internet usage and consider the following as valid reasons why this would be appropriate:

• If we suspect that a colleague has accessed, viewed, downloaded, transmitted or possessed any material which is inappropriate to / in a professional workplace. Examples of this might be pornographic, sexually explicit, illegal or offensive content.
• If we have concerns that a colleague has been spending an unacceptable amount of time viewing websites which are not work-related.
• If we suspect a colleague has downloaded copyright protected material from the internet.
• If we have concerns that a colleague has used our internet facilities to download music, entertainment software, etc. or to play games or to gamble.
• If a colleague has downloaded software without the prior agreement of our IT Services team.
• If we are investigating a security breach or virus.

We’ve got software in place which identifies, and blocks access to, inappropriate or sexually explicit websites. If you inadvertently access any such website / material, you should immediately disconnect and notify IT Services.

I’ve been provided with a work mobile phone as part of my job. What do I need to know?

If we provide you with a mobile phone, you may use this for limited personal reasons (i.e. phone calls, text messages) without having to reimburse us for the cost of doing so. We may monitor telephone statements to ensure this isn’t being abused, as well as to check it isn’t being used for inappropriate reasons. There is no taxable benefit to providing colleagues free use of work-provided phones and therefore no income tax liability arises for either the colleague or our co-op.

Can I use my personal mobile phone or device at work?

Yes, you can. We recognise that for many of our colleagues, mobile phones are closely integrated with both their personal and working lives, where mobile phones may be used for authentication, training, colleague updates and interacting with the Loop etc. We trust our colleagues to make appropriate judgements about when it is and is not appropriate to be using a mobile phone when at work.

Our colleagues should also be aware that they are responsible for the safekeeping and security of their personal mobile phone at work. For guidance on keeping your personal belongings safe, please refer to our Personal Belongings policy.

If you choose to use your own phone or personal device to playback downloaded or stream live TV programmes etc whilst on your break, you are personally responsible for ensuring you maintain an active and valid TV licence.

Can I use my own personal device to access work systems?

Certain colleagues may use their own personal device (such as smartphones, laptops, and tablets) for accessing systems at work. Before accessing business, systems or data using personal devices, you should seek approval from IT Services or your line manager. If agreed, you are responsible for the security of this data and ensuring this remains confidential (including data held on web apps such as Trello and Evernote). Any actual or potential data leak or security breach (such as loss or theft of the device) must be notified to the Head of IT Services immediately. You must not download any personal, sensitive information or business confidential information from our business systems onto a personal device. All company data held on personal devices should be destroyed in line with the Company’s data retention/destruction policies; and in any event destroyed immediately when you cease to be an employee of the business.

How should I connect my own personal device to work systems?

Any personal devices used at work or for work purposes should be connected using public Wi-Fi and must not be physically connected (e.g. by wire, Bluetooth or similar mechanism) to the corporate network without prior consent of the Head of IT Services in alignment with our IT Security policies.

For many of us, social media is part of our daily life. Our co-op also uses social media to interact with our members, customers, clients and partners, and to share important company news. 

If you refer to your work at East of England Co-op via your personal account, then you are effectively a representative of the organisation via your personal account and are therefore expected to demonstrate best practices in your use of social media by following some simple rules:

• Be polite and respectful to all
• Don't use sexist, racist, homophobic, discriminatory, libellous, or promote hate speech
• Use common sense
• Stay out of trouble (do not start or step into an argument)
• Personal online activities should never interfere with your job or performance
• If you include your job tile or mention East of England Co-op in your bio, you need to include "Opinions are my own" in your bio 
• Ensure that you don't share any confidential company information. If an announcement has not been published on an official East of England Co-op channel, then do not share it or engage in conversation about it
• Use your energy to share and spread the many positive stories and attributes of our co-op
• Do not make comments or upload videos or images which could bring the East of England Co-op into disrepute or damage its reputation in any way. This includes making complaints or offensive comments about the East of England Co-op, customers, managers, colleagues, suppliers, business partners or other organisations
• Similarly, never write disparaging remarks, comments intended to berate others, or send messages that are intended to hurt, ridicule, or otherwise cyberbully others 

Breaches of this policy may lead to Disciplinary action and serious breaches of this policy may constitute gross misconduct and could therefore lead to summary dismissal.

Responding to customers

If you come across a post that you consider a customer inquiry, critical misinformation, news leaks, insults, rumours or any questionable content regarding the East of England Co-op or our colleagues, immediately alert the Corporate Affairs team by emailing communicationsmail@eastofengland.coop. Where possible, please provide a screen shot and/or link to the post. 

Please do not respond directly to comments/inquiries, particularly from your private social media accounts, unless permission has been granted by the Corporate Affairs team.

Creating social media accounts

Social media accounts, for any of the East of England Co-op brands (including Co-op Secure Response, H.L.Perfitt and Wherstead Park) can only be created by the Corporate Affairs team. Any accounts created without the prior knowledge of the Corporate Affairs team may either be closed or transferred to the management of the Corporate Affairs team. 

Have a question? 

Regardless of whether you're using a work-related or a personal social account, before you post or send a photo, take a moment to ask yourself, is this the right account to share from? Is this content appropriate? 

Not sure if your message is appropriate? Ask the Corporate Affairs team for their input before you publish. You can contact them via Teams or email at communicationsmail@eastofengland.coop.

How our members, customers, suppliers, and the general public perceive us can greatly impact their decision to shop or work with us. We're really proud of our co-op and what we do, and we work hard to protect our brand. It is therefore important that all colleagues adhere to the following rules: 

• Only colleagues who are authorised as a spokesperson of the East of England Co-op, as agreed by the Corporate Affairs team, should make public statements about us and/or on our behalf to the press or media. These colleagues will receive training and support from our Corporate Affairs team. 
• If posting content to your personal social media account, this may be accessed by the media. Please refer to our Social Media policy, as appropriate. 
• If you are approached by a member of the media, please decline to comment and refer them to the Corporate Affairs team on 01473 786446.

We use The Loop to keep in touch and share news with our colleagues. It's also a fantastic way to know what's happening in our co-op and what matters to our colleagues. 

The Loop should be a safe, friendly and helpful community. Therefore, we ask any colleague interacting with The Loop to consider the following: 

• Treat others as you would like to be treated and be respectful of other's views. Abusive language, aggression and bullying are not allowed, whether aimed at other users our co-op or others (please refer to our Dignity at Work policy)
• Choose your words carefully so that you don't hurt feelings or cause misunderstanding when not intended
• Comments subject to legal issues, including slander, defamation, contempt of court, encouraging or endorsing illegal activity, or that are overtly religious or political and intended to incite others, will be removed
• Content containing unverified or false claims will be removed
• The East of England Co-op Corporate Affairs team retains the right to remove content posted or remove users for any reason considered necessary

We're committed to creating an environment where all our colleagues feel included and that they belong. To sustain this, we must all share responsibility. Alongside our Inclusion and Diversity policy, please follow some simple rules: 

• Be respectful to all
• Use common sense
• Be polite
• Use your energy to share and spread the many positive stories and attributes of our co-op
• Do not make comments or upload videos or images which could bring our co-op into disrepute or damage its reputation in any way. This includes making complaints or offensive comments about our co-op, colleagues, managers, customers, suppliers, business partners or other organisations. 
• Do not make comments or upload videos or images that could personally identify a colleague, customer or client, unless you have their prior permission. 
• Similarly, never write disparaging remarks, comments intended to berate others, or send messages that are intendced to hurt, ridicule, or otherwise cyberbully others. 
• Do not share any updates from The Loop on external websites or social media platforms, or share with anyone who's not a colleague. This includes screenshots. 

The Loop is a great platform to share good news and celebrate success – and we know our members and customers love to see what we're up to too! As such, a carefully defined group of colleagues (the Corporate Affairs, Marketing and People teams) may share photos and other content from The Loop on external social media platforms. Other colleagues are not permitted to share any updates (including screenshots) from The Loop on external websites or social media platforms, or share with anyone who’s not a colleague. If you have any concerns about content featuring you being shared externally, it’s best not to give your permission for this to be shared on The Loop in the first instance (please contact the Corporate Affairs team in the event of any queries). 

Breaches of this policy may lead to Disciplinary action and serious breaches of this policy may constitute gross misconduct and could therefore lead to summary dismissal. 

Accessing The Loop

Important: You should never share your individual user ID and password log-in details with anyone else or use another colleague's details. If you're accessing The Loop on a shared device, please do not save your log-in details to that device and ensure that you log-out at the end of your session. 

Will you monitor my activity? 

It's important for you to know that the system records all user's activity and messages. We take you individual privacy very seriously so, whilst we do have the ability to monitor, we will only access individual communications should we be notified of inappropriate use that goes against our Dignity at Work, Inclusion and Diversity, or our other IT and communications policies (as throughout this section).

Can I access The Loop on my work mobile/laptop/computer? 

Yes. The Loop can be accessed via any internet enabled device, including those provided to you by our co-op. 

Can I access The Loop on my personal device? 

Yes. The Loop can be accessed via any internet enabled device, such as a smartphone, tablet or laptop. If you do this, you're responsible for the security of any information shared within The Loop and ensuring this stays confidential (unless already shared publicly via official channels). Any anctual or potential breach (such as loss or theft of the devide) must be notified to the Head of IT Services immediately, in-line with our 'IT and Communications' policy (above). 

Can I use The Loop during working hours? 

Yes. Whilst you generally shouldn't use your personal mobile phone whilst you're working, we want you to be able to interact with content, and share photos, videos and updates with The Loop. However, it's important that this does not negatively impact on your job performance. Whilst in operational areas, unless you're engaging with The Loop or another society application (e.g. Metro), we would recommend storing your personal phone securely (e.g. in your locker). For guidance on keeping your personal belongings safe, please refer to our Personal Belongings policy. 

Many of us will spend time at a desk during our working day, handling documents which may be sensitive or confidential. Therefore, it’s really important that we consider how we keep this information safe, secure and tidy.

What is considered sensitive or confidential information?

This is anything which could potentially identify our customers or members, colleagues, financial information, business plans, or which could be used to compromise our IT systems. Therefore, it won’t only be colleagues in central functions which need to be aware of this policy as colleagues in our retail and operational businesses will be handling this kind of information too.

What do I need to do to keep this information safe?

Only having the things you need out on your desk will help to reduce any risks and will hopefully make your working day a bit easier too. If you’re working with sensitive or confidential information, you should be mindful of who else could potentially see this (if someone were to visit you at your desk, for example) and you should ensure that this is suitably secured anytime you leave your desk. At the end of your working day, again don’t forget to store away securely, any sensitive or confidential information (e.g. in your drawer or filling cabinets). Ending your day with a tidy desk really can help you clear your own mind and set you up for your next working day. If you work with a computer, don’t forget to lock this anytime you leave it unattended and ensure this is locked or shutdown at the end of the day.