The General Data Protection Regulations (GDPR) (2018) requires Eighty3 Creative Limited to be open about the information that it holds on you and uses. It is our policy is to respect the privacy of clients and to maintain compliance with the General Data Protection Regulations (GDPR). Personal data related to clients will be protected. All of Eighty3 Creative’s employees are asked to sign a confidentially clause. We will, if required, sign a separate confidentiality agreement if the client deems it necessary. We will ensure that any suppliers to the company are fully GDPR compliant. You are entitled to audit the business to ensure we comply with the GDPR. Please contact the Directors of Eighty3 Creative Limited in writing. You have the right to withdraw your consent to processing of data. Please contact the the Directors of Eighty3 Creative Limited in writing. This policy complies with the General Data Protection Regulations May 2018. This policy outlines the information we collect and how we use it.
In order to comply with its obligations, Eighyt3 Creative Limited, undertakes to adhere to the eight principles:
1) Process personal data fairly and lawfully. We will make all reasonable efforts to ensure that individuals who are the focus of the personal data (data subjects) are informed of the purposes of the processing, any disclosures to third parties that are envisaged; given an indication of the period for which the data will be kept, and any other information which may be relevant.
2) Process the data for the specific and lawful purpose for which it collected that data and not further process the data in a manner incompatible with this purpose. We will ensure that the reason for which it collected the data originally is the only reason for which it processes those data, unless the individual is informed of any additional processing before it takes place.
3) Ensure that the data is adequate, relevant and not excessive in relation to the purpose for which it is processed. We will not seek to collect any personal data which is not strictly necessary for the purpose for which it was obtained. Forms for collecting data will always be drafted with this mind. If any irrelevant data are given by individuals, they will be destroyed immediately.
4) Keep personal data accurate and, where necessary, up to date. We will review and update all data on a regular basis. It is the responsibility of the individuals giving their personal data to ensure that this is accurate, and each individual should notify us if, for example, a change in circumstances mean that the data needs to be updated. It is the responsibility of the company to ensure that any notification regarding the change is noted and acted on.
5) Only keep personal data for as long as is necessary. We undertake not to retain personal data for longer than is necessary to ensure compliance with the legislation, and any other statutory requirements. This means we will undertake a regular review of the information held and implement a weeding process. We will dispose of any personal data in a way that protects the rights and privacy of the individual concerned (e.g. secure electronic deletion, shredding and disposal of hard copy files as confidential waste). A log will be kept of the records destroyed.
6) Process personal data in accordance with the rights of the data subject under the legislation. Individuals have various rights under the legislation including a right to:
• be told the nature of the information we hold and any parties to whom this may be disclosed.
• prevent processing likely to cause damage or distress.
• prevent processing for purposes of direct marketing
• be informed about the mechanics of any automated decision taking process that will significantly affect them.
• not have significant decisions that will affect them taken solely by automated process.
• take action to rectify, block, erase or destroy inaccurate data.
• sue for compensation if they suffer damage by any contravention of the legislation.
• request that the Office of the Information Commissioner assess whether any provision of the Act has been contravened. We will only process personal data in accordance with individuals’ rights.
7) Put appropriate technical and organisational measures in place against unauthorised or unlawful processing of personal data, and against accidental loss or destruction of data. Our Directors are responsible for ensuring that any personal data which they hold is kept securely and not disclosed to any unauthorised third parties. We will ensure that all personal data is accessible only to those who have a valid reason for using it. We will have in place appropriate security measures:
• keeping all personal data in a lockable cabinet with key-controlled access.
• password protecting personal data held electronically.
• Encryption of data In addition, we will put in place appropriate measures for the deletion of personal data – manual records will be shredded or disposed of as ‘confidential waste’ Hard drives will be wiped clean before disposal or if that is not possible, destroyed physically. A log will be kept of the records destroyed.
8) Ensure that no personal data is transferred to a country or a territory outside the European Economic Area (EEA) unless that country or territory ensures adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. We will not transfer data to such territories without the explicit consent of the individual. This also applies to publishing information on the Internet – because transfer of data can include placing data on a website that can be accessed from outside the EEA – so we will always seek the consent of individuals before placing any personal data (including photographs) on its website or social media sites.
The information you provide us
If you complete our online enquiry form, you will be asked for your name, email address, telephone number and company. These details will be sent to the company email address and a member of staff will contact you in order to go through your enquiry. You will be asked on the enquiry form if you would like to opt into receiving marketing literature. We will only send marketing emails where this box has been ticked. You have the ability to unsubscribe on our marketing emails or you may contact the directors of Eighty3 Creative Limited. We store out customer information on our internal system called Auto-Pilot and our accountancy system, Xero (for quotations, invoicing and accounting purposes) Our members of staff have access to the Auto-Pilot system, which is a password protected software.
The Directors of the company and the company accountant have access to the data stored on Xero. This system is password protected. Our company accountant has a separate data policy which you may request from the Directors of Eighty3 Creative Limited. In order to fulfil our service agreement, the company may require passwords to your website, google and email. We store website and google login data but do not store email login data. We store all sensitive data in a suitable lockable cupboard, with access only available to authorised members of staff. If we are required to log into your website for maintenance, we may have the ability to see your own enquiry forms and the data which is stored there. It is your responsibility to inform visitors to your website who may have access to their data. It is your responsibility to ensure that you have the permission from any third parties before you pass their information to Eighty3 Creative Limited.
If you require Eighty3 Creative Limited to sign a confidentiality agreement, it is the responsibility of the client to request and provide. It is your responsibility to ensure you have the correct permissions in place before you pass any design or photographs to Eighty3 Creative Limited. Our policy is to hold limited client data and where possible to delete the data once we have completed a project for a client. We will not hold any data for any longer than is necessary.
If you provide us with your customer contact details for marketing purposes
If you engage our services in order for us to carry out marketing campaigns on your behalf, we ask that you only provide us with email addresses on an excel spreadsheet. It is your responsibility to ensure that you have explicit consent to send out marketing literature to that individual prior to sending the information to Eighty3 Creative Limited. Please ensure that you only send data to us where consent has been gained. It is also your responsibility to inform your client that you pass their information on to a third party. We do not retain third party information; we securely erase the data once a campaign has been successfully sent. We do not pass this data onto any third parties.
We use Mailchimp and Auto-Pilot to send out marketing emails on behalf of our clients. These databases records how successful a campaign has been. We aim to keep this information for a period of 2 years in order to provide you with this data, after this period the data is securely deleted. Social Media: We do not ask you to provide us with any personal data in order for you to view our social media platforms.
We accept payment via BACS and Go Cardless. If a credit card payment is taken, we will use a third party to process the payment (Stripe). Pay per click services will be paid direct to Google. Eighty3 Creative Limited do not store any payment details.
It is our policy to encrypt all files and to have a two -point password/ authentication on all files, including any applications which are used on company mobile phones. We back-up on a weekly basis via our server and via google drive which are both encrypted. We confidentially shred any paperwork we receive once we have completed a project. Our employees, are all trained in cyber security and handling personal data. We annually review our security and systems and take any necessary actions which is an outcome of this report. The company take appropriate cyber precautions and have cyber insurance.
We store client details for a period of seven years, in the event that the client, wishes to recover or restore data. If you would like us to store this data for a longer period, we will do so at your request and for an additional charge. Details can be found in our terms and conditions. If you engage our services to host a website, please be aware that your website will be hosted on a separate server. Third party: We do not pass any data onto any third parties, unless otherwise stated.
Transparency and Choice
You may at any time contact the company and ask what information we hold on you and your Company. You may ask us to update this information if it is incorrect, which we will strive to do as quickly as possible. You may ask for any company data to be deleted and requests should be made in writing to the Directors of Eighty3 Creative Limited. Please write to the Directors of Eighty3 Creative Limited, if you wish for data to be erased. However, there may be circumstances where we are unable to do this (to fulfil our legal responsibilities).
We regularly review this policy to ensure that it complies with current legislation. Terms and Conditions: Please view this Policy alongside our Terms and Conditions.