Data Protection

General

The EU General Data Protection Regulation now applies (since 25 May 2018).

Data

We do collect and hold (or process) basic contact data for business purposes only; generally, this is publicly available, contact information. The lawful basis we apply is either "consent" or "legitimate interest". The basic data we "process" is limited to organisation names, individual names, email addresses and telephone numbers; "sensitive data" is not included. We do not buy marketing lists or share data with any third parties. For existing clients, we also hold delivery address information and possibly card transaction data, in document format only, in secure cabinets (never on a computer database).

Processing

Data is processed or simply stored, only for as long as necessary, to allow us to contact existing clients and present our products and service to potential clients. Every effort is made to maintain currency.

Security Measures

Our database is stored in encrypted format, on a firewall-protected computer system and is subject to regular back-up, to a remote, secured hard drive.

Rights

Anyone whose personal data might be held by us has the right to access, update, delete or request that we no longer process it. Please contact the Data Controller below.

Data Controller

The Data Controller is also the Company Director and can be contacted here.

Ultimate Authority

The ultimate, UK data protection authority is the Information Commissioner's Office (ICO).