Mailing Today is committed to ensuring the security and privacy of our clients, partners, and users. As one of Australia’s top Direct Mail service providers and a leader in pick-packing/kitting, 3PL, and logistics solutions, we recognise the critical importance of protecting the information we handle. This policy outlines our comprehensive approach to information classification and protection, physical security, access control, incident management, and compliance with relevant laws and regulations.

1. Introduction

Established in 2003, Mailing Today has built a reputation for personalised customer service, efficient processes, and expert industry knowledge. We understand that our success is closely tied to our clients’ prosperity, which is why we go to great lengths to ensure that your information is secure and your direct marketing goals are met efficiently and safely.

2. Information Classification and Protection

We classify and protect all information based on its sensitivity and criticality:

•  Confidential Information: Includes personal data, business information, and operational data. This information is encrypted and access is strictly controlled.

•  Internal Use: Includes operational data necessary for the execution of services. This data is protected through internal controls and restricted access.

•  Public Information: Information intended for public release, such as marketing materials, is carefully reviewed before dissemination.

3. Security in Human Resources

We ensure that all employees, contractors, and partners are aware of and adhere to our security policies:

•  Background Checks: We conduct thorough background checks for all personnel with access to sensitive information.

•  Training: Regular security awareness training is provided to all staff to ensure understanding and compliance with security protocols.

•  Confidentiality Agreements: All employees and contractors are required to sign confidentiality agreements.

4. Physical Security Requirements

Mailing Today implements robust physical security measures to protect our facilities and the information stored within them:

•  Controlled Access: Our facilities are secured with access controls, including keycard entry to restrict unauthorised access.

•  Surveillance: We employ video surveillance and monitoring systems to detect and deter unauthorised activities.

•  Secure Areas: Sensitive information is stored in secure areas with enhanced access controls.

5. Acceptable Use of Information and IT Devices

We enforce strict policies on the acceptable use of information and IT devices:

•  Device Security: All devices used for handling sensitive information are equipped with security software, including firewalls, antivirus programs, and encryption.

•  Internet Usage: Internet use is monitored, and access to unauthorised websites is restricted to minimise risks.

•  Data Transfer: The transfer of sensitive information is strictly controlled and encrypted.

6. Access Control

We maintain stringent access control measures to protect sensitive information:

•  Role-Based Access: Access to information is granted based on the principle of least privilege, ensuring that only authorised personnel can access specific data.

•  Authentication: Multi-factor authentication is required for access to critical systems and information.

•  Access Reviews: Regular audits are conducted to review and adjust access permissions.

7. Authorised/Unauthorised Use and Disclosure of Data

We strictly regulate the use and disclosure of data:

•  Authorised Use: Data is only used for its intended purpose and in accordance with client agreements.

•  Unauthorised Disclosure: Any unauthorised access, use, or disclosure of data is prohibited and will be addressed through disciplinary action and incident management procedures.

8. Software Development

For any in-house software development, we follow secure coding practices:

•  Secure Development Lifecycle: Our software development follows a secure development lifecycle, including regular code reviews and vulnerability assessments.

•  Testing: All software is thoroughly tested for security vulnerabilities before deployment.

9. Incident Management and Response Procedures

We have established comprehensive procedures for managing and responding to security and privacy incidents:

•  Incident Detection: We employ monitoring tools to detect potential security incidents in real-time.

•  Response Plan: We have a detailed incident response plan that includes containment, investigation, and recovery procedures.

•  Notification: In the event of a significant security or privacy breach, we will notify affected clients promptly and take appropriate measures to mitigate the impact.

10. Compliance with Laws and Regulations

Mailing Today complies with all relevant laws, regulations, and standards governing information security and privacy:

•  Legal Compliance: We adhere to national and international regulations, including data protection laws such as the Privacy Act and GDPR.

•  Industry Standards: We follow best practices from standards such as ISO 27001, PCI DSS, and SSAE 16 to ensure our security measures meet industry expectations.

11. Retention and Destruction of Data

We have clear policies for the retention and destruction of data:

•  Data Retention: Information is retained only as long as necessary for the purposes for which it was collected, or as required by law.

•  Secure Destruction: When data is no longer needed, it is securely destroyed using methods such as shredding, degaussing, or data wiping to prevent unauthorised access.

12. Changes to This Policy

We may update this Security and Privacy Policy to reflect changes in our practices or legal requirements. We encourage you to review this policy periodically to stay informed about how we protect your information.

13. Contact Us

If you have any questions or concerns about our Security and Privacy Policy, or if you wish to exercise your rights, please contact us at: mailingtoday@mailingtoday.com.au