At Axminster Printing we will only process data fairly and lawfully, only keeping data which we need to operate our business. The data will be kept up to date, accurate and secure. We will respect people’s right to opt out at any time. We will also do a GDPR impact assessment when doing anything new. We will securely destroy data when we don’t need it anymore.
Axminster Printing recognises that individuals have rights with regard to their personal data. These include:
- The right to opt in and out of marketing.
- The right to be forgotten which means deleting their personal data.
- The right to know what data you have on them and this data has to be sent electronically in a commonly used form upon request.
- The right to be informed.
- The right of access.
- The right to rectification.
- The right to restrict processing.
- The right to data portability.
- The right to object.
- The right not to be subject to automated decision making, including profiling.
- We understand that should someone request their personal data it should be supplied free of charge and within one month of request.
- We acknowledge that we keep personal data when a person has a printing job. For the purposes of proving work to HMRC each job has a workbag which is kept in month order in boxes. These boxes are kept partially inside the building, which is secure, and the rest are kept in a shed on the premises, which is now kept locked with a padlock. These records have to be kept for 7 years, after which they are securely destroyed.
- Personal data in the form of emails and addresses is also kept for the purposes of processing orders, sending and receiving invoices. This is necessary for the running of the business. They will not be passed on to any third party.
- We also keep personal records in staff personnel files which are kept in a locked filing cabinet.
- Staff have been informed of the personal data we keep on them, the reasons why we keep it and how we store it.
- With regard to sending marketing leaflets via email, usually using mail chimp, consent has been re obtained and customers have the right to refuse and have their details deleted. We will be clear in our reasons for requesting email addresses for marketing and will not share details with any third party. We will operate a clear opt in rather than an opt out method of obtaining information.
- Should there be a data breach one of the directors will inform the person/persons concerned and will report to the ICO where necessary.
- At Axminster Printing we will ensure that we have suitable virus protection on our computers.
- We will either shred or lock away any hard copy documentation that might identify and individual.
- Any USBs that are taken home with personal data on will be password encrypted.
- All laptops, computers, mobile phones and tablets are password protected.
- When using Microsoft software to hold data in Excel both the file and folder will be password protected.
- We do not currently sell online. In the event of us doing so we will review procedures in light of GDPR.
- When inputting data on computer I will ensure no one can read what I am doing. No screen with personnel data will be left visible if I have to leave the office.
- We will not use the password remembering function of Chrome or any other system.
Written by Keith Rockett & Jane Rockett (Managing Directors)