GDPR policies and procedures - We take your privacy seriously. Information about what details we collect, what we do with it, how we store it and for how long.
Daisy May Creations is registered with the I.C.O. for Data Protection. We ensure compliance with privacy laws for the UK https://ico.org.uk/for-organisations/business/ UK Data Protection Act 1988 (DPA) EU Data Protection Directive 1995 (DPD) EU General Data Protection Regulation 2018 (GDPR)
Here is our privacy statement and our procedures:
WEBSITE…
1. www.daisymaycreations.co.uk is protected by a website security certificate demoted by the "https" status in the address bar. No personal data can be submitted through the website, nor is it e-commerce enabled. 2. Website compliant with GDPR guidelines. 3. Link will be added to ico.co.uk website. 4. Privacy policy in place and published on website.
WEBSITE COOKIE POLICY...
Our website may offer your browser cookies to improve efficiency of use and user experience and also to provide user statistics to google analytics for analysis: https://www.google.com/analytics/terms/us.html It is entirely your preference to set your browser to not accept these cookies. You can delete or remove cookies and/or cookie permission at anytime. By continuing to use this website you are agreeing to these terms.
SECURITY…office/business practises
1. Ensure computer operation system is current and supported for security updates. 2. Switch off back-up drive when not in use. 3. Do not send sensitive data whilst connected to public or insecure Wi-Fi. 4. Mobile phones and devices set up to allow remote tracking/wiping for if lost/stolen. 5. All devices must be password/PIN/fingerprint recognition protected. 6. 2FA – two factor authentication set up where possible. 7. Awareness of and vigilance to rogue/emails. 8. Only download software from reputable sources. 9. Utilise and update anti-virus/malware detection software on all devices.
DATA COLLECTION/STORAGE/RETRIEVAL…
SOURCE…how do we get your personal data?
1. Via email – direct enquiry by the client themselves 2. Details taken down during a phone enquiry by the client or their representative e.g. Marketing Agent 3. Business card provided. 4. Details may be given as details as a referral. 5. Details passed on by the client’s authorised representative/agent. 6. Via messenger apps such as facebook/messenger/whatsapp – direct enquiry by the client themselves 7. Via text – direct enquiry by the client themselves 8. Via telephone/mobile phone call – direct enquiry by the client themselves
TYPE OF DATA COLLECTED IS LIMITED TO…
1. Name 2. Email address 3. Telephone number(s) 4. Address – home or business 5. Business/Charity/Organisation particulars 6. Wedding/Event particulars e.g. date, venue(s), guests names
REASON FOR DATA COLLECTION…
1. To carry out the requested services or supply goods to the client etc. 2. To set up a contract with the client. 3. To communicate with the client in relation to their requests. 4. To raise an invoice for any services/goods provided. 5. For the delivery of any services/goods. 6. Daisy May Creations do not use personal data they collect for marketing purposes.
WHO ELSE HAS ACCESS TO THE PERSONAL DATA WE HOLD…
1. The suppliers of any items we order for the client if they are to deliver direct to our client(s). 2. The trade/service providers we ask for quotes or organise on the client’s behalf. A list of the relevant suppliers/trades can be given to the individual on request. 3. Our delivery companies and logistics partners. Details can be provided where used. 4. Where large electronic files need to be sent, the client’s email address will be given to a file transfer sites such as: www.opentext.com : https://www.opentext.com/who-we-are/copyright-information/gdpr-commitment www.wetransfer.com : https://wetransfer.com/legal/privacy www.dropbox.com : https://www.dropbox.com/privacy2018 5. Our Accountant: Lawson’s Accountants, Blackpool. 6. We may also share your information with our trusted partner designers when we working in collaboration.
DATA REMOVAL…how long do we keep your personal data?
1. We will delete any data we hold relating to you upon request by you or by an authorised person, if it doesn’t contravene any laws/regulations. https://ico.org.uk/for-the-public/personal-information/ 2. Data relating to a general enquiry, with no further action or contract, will be deleted after a period of 12 months, or, if kept, personal data will be redacted. The cleansed files will be then be stored in a folders identified by the ‘town’ or ‘business name’ of the project/date. 3. Personal data contained within a contract or project where the Daisy May Creations has supplied goods or services will be retained to ensure continuity of service and compliance with Health & Safety, Fire Regulations and Consumer Laws etc. 4. Personal data held within our accounts system will be kept for the statutory 6 years plus current financial year. After which time any digital copies will be deleted from the computer hard drive/backup drive, with paper copies disposed of securely.
STORAGE…where do we keep personal data we collect?
1. Local computer hard drive, password protected. Files only accessible by relevant personnel and authorised users. 2. Email host/server supplier: www.fasthosts.co.uk , https://www.fasthosts.co.uk/terms/privacy-policy . Emails deleted from the server 5 days after download to local desktop/mobile email software. 3. Emails: on local desktop computer saved, were relevant, in project folders on a local hard drive. Otherwise deleted after 12 months. 4. Mobile phone: emails older than 2 months deleted. 5. Mobile phone: contact details. Deleted after 12 months if not connected to contract work. 6. Mobile phone: texts or calls – user log and texts deleted after 12 months. 7. Mobile phone: password protected/fingerprint recognition. 8. Messenger apps: Facebook messenger: https://www.facebook.com/policy.php WhatsApp: https://www.whatsapp.com/security/ 9. Samsung cloud: contacts/emails. http://www.samsung.com/uk/info/privacy/ 10. Paper files: project files containing personal data are stored securely. 11. Invoice/accounts: stored securely.
RETRIEVAL …how we will carry out a request to retrieve your personal data?
1. Authentication required for legitimate/authorised request. Proof of identity required. https://ico.org.uk/for-the-public/personal-information/ 2. Project files: Paper copies kept in a filing system in date order. 3. Financial records: a search of the accounts database/spreadsheet then cross referenced with the paper files. 4. Project files: within the digital filing system on local computer hard drive. 5. Finally a general name/keyword search sweep of the computer local hard drive and mobile phone.
REPORTING OF DATA BREACHES…
1. Design Fix will report any breach of data security within the organisation to the I.C.O. within the required 72 hours of its discovery. https://ico.org.uk/for-organisations/guide-to-eidas/breach-reporting/ 2. Any data breach within the Daisy May Creations organisation will be thoroughly investigated. 3. If you would like to notify Daisy May Creations of any data breach please email: hello@daisymaycreations.co.uk
Updates: 09.04.2020
Get in touch...
Where we work:
We are based close to Preston in Lancashire UK, but thanks to modern technology, we can work for clients anywhere!