Data Policy

Data policy

 

  1. Data Collection & Usage

1.1 We may collect and store the following details; Full names, Addresses, Email Addresses, Telephone Numbers, Business Names.

1.2 When contracted to work with you we may also collect and store the following details; Usernames, Passwords, Login details.

1.3 We may collect your details through the following means; website contact form (www.drakewallsmarketing.com), email correspondence, collection of business cards, Creditsafe UK (https://www.creditsafe.com) and information that is available in the public domain.

1.4 We process data on the following legal basis;
Consent – by providing us with your data in the means listed in section 1.3 the data subject has given consent to the processing of his or her personal data and to be used for the purpose of future communications.
Legal compliance – the processing is necessary for compliance with a legal obligation for invoicing records.
Necessary for the performance of the contract – we may require personal login information to third party services in order to satisfy the contract.
Legitimate interest of the data controller – we may collect and hold data that is available using means identified in section 1.3

1.5 We check our information for accuracy by regularly vetting our database every 12 months, checking with you that your details are correct and updating our records accordingly.

1.6 The data we collect is used for the performance of our services and to send correspondence related to our contract with you. We may also share this information with third party suppliers where necessary for the performance of our services. We may use the data to contact you regarding contract renewals as well as anything we deem may be of interest to your business and/or our business relationship.

1.7 We may share your data with third party suppliers where necessary to fulfil our contract. We have mutual Non-Disclosure Agreements in place with our suppliers to ensure your data is only used in direct relation to the service being provided and is not stored for longer than the duration of the contract.

1.8 Any data collected in paper format, i.e. business cards, will be transferred to our database and the paper format will be shredded. Your data will be reviewed in line with section 1.5.

1.9 We use and store data that is bought in from our supplier, CreditsafeUK, who are GDPR compliant. https://www.creditsafe.com/gb/en/more/about/gdpr.html

1.10 On the rare occasion a third party is contracted outside the EEA they remain bound by the same Non-Disclosure Agreement outlined in section 1.7.

 

  1. Data Access and Responsibility

2.1 Drakewalls Marketing operates as a Sole Trader and as such only one person has access to the data being held. Drakewalls Marketing assumes sole responsibility for the management and use of the data held.

2.2 All hardware used to access data is protected by fingerprint recognition software.

2.3 All data being held is stored securely on cloud storage with OneDrive who provide data encrypted storage solutions. Details can be found here: https://support.office.com/en-us/article/data-encryption-in-onedrive-for-business-and-sharepoint-online-6501b5ef-6bf7-43df-b60d-f65781847d6c. Microsoft are GDPR compliant.

 

  1. Enquiries on Data held

3.1 Individuals have the right to access their personal data, this is commonly referred to as subject access. Individuals can make a subject access request verbally or in writing by telephoning 01822 481 868 or emailing mail@drakewallsmarketing.com. We will respond to your request within 30 days.

3.2 Your record in our database will have a Unique Reference Number attached to it. Should you wish your details to be deleted under the “right to be forgotten rules”, all your data will be deleted except the Unique Reference Number. This number will be stored to allow us to prove that any data related to the Unique Reference Number has been deleted in the future.

 

  1. Data Breach Actions

4.1 In the event of a data breach Drakewalls Marketing are responsible to report the breach to the ICO and inform anyone who’s data may have been affected within 72 hours.

4.2 In the event of a breach Drakewalls Marketing will take the necessary action required to prevent the instance occurring in the future including the revision of this policy.

 

This policy was written by David Crawford on behalf of Drakewalls Marketing.
Date created: 15th May 2018
Date Reviewed: 15th May 2018