General Data Protection Regulations (GDPR)
Design Base is committed to high standards of information security, privacy, and transparency. We place a high priority on protecting and managing data. The company will comply with applicable GDPR regulations when they take effect in 2018.
What Data Do We Hold?
We hold project records containing personal contact data of Customers.
We hold invoice records containing personal contact data of Customers.
We hold a mailing list containing the personal contact data of Customers and prospective Customers who consent to receive relevant service information on a once per month basis.
We hold personal contact data of Customers and prospective Customers within our MS Outlook accounts.
What Nature of Information Do You Hold?
The contact data we hold is strictly limited to name, company, position, email address and telephone number. We do not hold information described as “special data” within the GDPR regulations.
Where Is the Contact Data Stored?
Project records are held in a protected file on our server. Only the Directors and Managers and the active Project team have access to this data.
Invoice records are held in a protected file on our server. Only the Managing Director, HR & Administration team have access to this data.
The mailing list is held in a protected file on our server. Only the Directors, Managers and Marketing team have access to this data.
Outlook contact records held within our user specific and password protected MS Office 365 accounts.
How is the Contact Data Protected?
The contact data is protected by user profiles including login and password. Furthermore, the Company deploys cyber threat management software F-Secure on a continual subscription that protects the entire IT system. Microsoft protects Office 365 data.
How Long Is Contact Data Held on File?
Project records are held for a total of 3 years including 12 months on the Company server and 2 further years at a secure data vault. Please note that we can only hold point cloud files for 12 months due to the sheer scale of the data.
Invoice records are held for a total of 7 years including 12 months on the Company server and 6 further years at a secure data vault. We have a legal requirement to maintain these records.
The mailing list is updated on a weekly basis, as Customers provide their consent for inclusion or ask to be removed.
Contact data that has been dormant for a period of 12 months is automatically deleted from our individual MS Outlook accounts.
Do You Share Contact Data with Any Other Organisation?
No. We do not share contact data with any other organisation. Nor do we purchase contact data from third party organisations. The contact data we maintain is held purely for the daily operation of our business.
Can I View the Personal Data You Hold?
Yes. Customers and prospective Customers can request a report on their personal data being held by Design Base. Please contact firstname.lastname@example.org.
Can I Be Removed from Your Contact Records?
Yes. You can request to be removed from our contact records by;
- Unsubscribe – We will remove you from the mailing list and hold your data in a dormant “Unsubscribe” database to make certain that you do not receive communication from us in the future.
- Right To Be Forgotten – Instigating RTBF will cleanse your data entirely from the mailing list, projects records and MS Outlook accounts. The RTBF process includes an audit of data files, email accounts and contact literature such as business cards, all will be permanently deleted or shredded.
Please note that we are legally required to maintain invoice records for the stipulated 7 years, following which your data will be permanently deleted.
Who Can I Speak with Concerning Data Protection?
If you have any questions or are concerned about GDPR please contact Jane King (GDPR representative). 01225 314370 / email@example.com