Legal compliance and what we stand for
As a business based in the UK we have both legal and moral requirements to comply with the letter and spirit of the relevant laws impacting our business. Easy to say but as a small business the compliance landscape is not always the clearest to navigate; mainly because we are small and as our operating model means we have less than 5 employees we are exempt from a number of recent Acts and Regulations. Well, that makes life easy, doesn’t it? At one level, it does but procurement functions in large organisations often don’t operate separate systems for small businesses. So, if you want to do business you have to have a stated policy on a number of subjects– exempt or not!
There is however a more important reason for putting this page together. We do have a view on a number of topics and we want our clients, our suppliers and everyone who has any dealings with us, to hear and understand where we are coming from and what we do stand for. So, set out below are our policies and views what we hold dear:
The Modern Slavery Act 2015
As our turnover is a tad smaller than £36m we are exempt from complying with this Act. But we fully support the direction and purpose of this legislation and we take steps to ensure that all of our corporate clients are in compliance with the Act to the best of our ability. Our business model does not rely on complex supply chains to meet our clients’ needs but we do exercise care when entering into supplier arrangements, including contractor arrangements.
Slavery of any type is wholly unacceptable to our values and our purpose.
General Data Protection Regulation (GDPR) (WEF 25th May 2018)
This is a complex and demanding piece of EU regulation that, in effect, replaces the Data Protection Act in the UK. At its heart is the desire to ensure all EU citizen’s personal data is protected, transparent and accessible upon request, relevant to purpose and can be removed upon request. The covers data held by an organisation and when it transfers or processes that data to or via a third party.
As we have less than 250 employees and we do not process personal data as such it is reasonable to assume that we are exempt.
But we do hold information that is personal in nature regarding our clients while they engage us. When we mentor or coach our clients share information that is intended for our ears and eyes only. We use that information to help our clients and, as none of us are super human, we have to record that information somewhere!
Therefore, regardless of whether we are exempt or not, we take the security and confidentiality of our client’s personal information extremely seriously. We trade on our reputation and that is based on our personal professionalism and integrity. So, what steps do we take?
Under the GDPR, the lawful basis for us to hold personal data is “Consent”; the individual has given clear consent for us to process their personal data for a specific purpose. Therefore, our first action is to gain consent from our clients to hold their personal data. Normally we achieve this by entering into a “Non-disclosure agreement” (NDA) with the client or their employer to manage the taking, holding and confidentiality of their personal data.
We record client personal data in two forms: in a note book during the mentoring or coaching sessions, and in the Cloud via an iMac or a MacBook Pro laptop.
When we record client data in the note book we use a code to represent the client to protect their identity. This is not full proof but it does make it harder to link the notebook content to an individual should we lose a notebook. Whilst we take material care over the custody of our notebooks, we cannot give a 100% guarantee that it will not be lost or stolen.
There are occasions when we capture personal data digitally. This raises two specific risks: unauthorised access and loss.
We use an iMac as our main processing machine and MacBook Pros as our onsite-portable machines. The machines are linked via Apple’s iCloud. All client data and the IP of the business is stored encrypted via iCloud. No data is specifically held on the hard drives of the machines.
The iCloud provides back up and security against loss of data.
Access to our machines is strictly controlled, both physically and logically. In addition to a series of password protection levels, the machines operate within a VPN, have advanced firewall and anti-virus and malware protection, and are scanned regularly.
All emails are sent via the VPN.
A cyber related and data security risk assessment is undertaken quarterly.
When a client engagement has ended and there is no longer a purpose for us to hold that client’s personal data, it is erased from our systems; both in digital and written form.
No system is 100% secure but for the risk levels associated with our business we believe we have taken “reasonable” steps to ensure our client’s data is both secure and only used for the purpose that it given for.
Unless our clients have asked us to we never divulge who our clients are. Whilst we do name sponsoring organisations for some client engagements on our web site, we do not name any mentoring or coaching clients or discuss the details of our engagements.
Equality & Diversity
We passionately believe that the best solutions come from the contribution of as wide and diverse set of sources as possible. Whilst we are a small team we come from a range of backgrounds, professions and nationalities. Of the 7 client facing coaches 4 are male 3 are female; some are gay and some are straight, and we cover the age spectrum.
With regard to equality we strive to ensure we treat everyone equally and with respect. Even those who support Arsenal.
Supporting the environment and others
One of the first decisions made by the Board when Copper Bottom was set up was to donate 5% of our operating profit to selected charities. The specific charities and why they were chosen are set in the Community section but here we wanted to be very specific on our core values and beliefs.
The whole purpose of Copper Bottom is to help others so it would be unthinkable not to contribute to three charities that focused on helping others; Children in Need, Comic Relief and Pink Ribbon. In addition, we have added Thames Valley Air Ambulance to the list and last year one of the team raised £2,500 for TVAA by doing a sponsored long distance walk.
We are equally passionate about enhancing the state of the environment. We actively support actions to prevent (and clear up) plastic entering the rivers and oceans. Plastic was only invented in 1907 but today research indicates between 8 and 10 million tonnes reaches our oceans each year and this figure will increase unless we radically change our approach. On average it takes a piece of plastic between 450 and 600 years to fully decompose.
We also actively support Sea Shepherd, an organisation who proactively engage in protecting the wild life that call the oceans home.
We are realistic we what we can do to reduce our carbon footprint as we operate our business, but where we can we will.