GDPR DATA PRIVACY AND PROCEDURE NOTICE FOR CLIENTS AND SUPPLIERS
INTRODUCTION – THE PURPOSE OF THIS PRIVACY NOTICE
Mr Ferguson Trading As A5PC: is committed to protecting the privacy and security of your personal information. Please read this privacy notice carefully in order to understand our views and also our practices in regards to your personal data. The notice covers how we collect and use your personal information during and after your working relationship with us, in accordance with the General Data Protection Regulation (GDPR). It applies to all of our clients.
A5PC is a “data controller”. This means we determine the purposes and means of processing personal data.
A “data processor” is responsible for processing personal data on behalf of a controller. We will always use data processors who are GDPR compliant.
Personal data is defined by the GDPR as meaning any information relating to an identifiable person who can be directly or indirectly identified by reference to an identifier (Article 6). For example full name, home address, private email address or telephone number. Online identifiers include IP addresses and cookies.
There is also special categories of personal data, which is referred to as sensitive data (Article 9). For example racial or ethnic origin, health data, biometrics or political opinions. A5PC will never store any such data.
HOW TO CONTACT A5PC
A5PC is the data controller and as such, we decide how your personal data is processed and for what purposes (as explained in this privacy notice). Should you wish to discuss your personal data, or any queries in regards to how we hold or process personal data, please contact Mr Ferguson Trading as A5PC. Mr Ferguson can be contacted by telephone on 07971 060764 or by email at: firstname.lastname@example.org
DATA PROTECTION PRINCIPLES
We will comply with data protection law (GDPR). This says that personal information we hold about you must:
1. Processed lawfully, fairly and in a transparent manner;
2. Collected for specific, explicit and legitimate purposes;
3. Must be adequate, relevant and limited to what is necessary;
4. Must be accurate and up to date;
5. Kept in a form which permits identification of data subjects (a natural person) for no longer than is necessary;
6. Processed in a manner that ensures appropriate security of the personal data.
WHY WE KEEP AND PROCESS YOUR PERSONAL DATA
We will use your personal data for the following purposes:
1. To meet contractual obligations
2. To meet legal obligations
3. Where consent has been positively given for marketing purposes
We will only collect basic personal data to fulfil the above purposes, and this does not include any special categories of personal information about you. This information will include the likes of your name, address and personal email address.
We will collect personal data from our clients themselves, and will never accept personal data from third parties. The data will be collected from our clients for 1 and 2 above, in order to continue our professional relationship.
Data will be collected for 3 above, primarily for marketing purposes and always with a GDPR complaint method (for example, MailChimp as an emarketing solution).
WHAT IS OUR LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA?
The GDPR outlines 6 legal basis for processing personal data. Of these six, A5PC has identified 3 lawful basis for collecting and processing personal data. These are:
1. Contractual: personal information is collected and processes where we need to perform the contract/agreement we have entered with you
2. Legal: where it is necessary to collect and process personal information to comply with the law
3. Consent: where consent has been freely given for marketing purposes
A5PC will not share your data for marketing purposes with any third parties. We will only share your personal information with third parties when required by the law to do so, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.
A5PC data is stored securely on a standalone computer, which is fully updated and as secure as possible.
Please be aware that your information may in the future be stored on a cloud-based system, whose servers are located outside of the EU. In such a case A5PC will always ensure that we use a GDPR complaint company for such a service.
A5PC also has access to some personal data (your name, phone number and email address) on an encrypted mobile phone.
We have put in place security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We do not have any employees, agents or contractors who have or would have access to your personal information.
We will only retain your personal information for no longer than is reasonable necessary in order to fulfil the purposes it was collected for. To determine these lengths of time we consider the amount, nature, sensitivity of the data, potential risk of harm from unauthorised use or disclosure, the purposes for which we process your personal data and whether we can achieve those purposes through other means.
YOUR RIGHTS AND YOUR PERSONAL DATA
The GDPR provides the following rights for you as individuals:
1. Right to be informed about the collection and use of your personal data
2. Right of access (referred to as a “data subject access request”) to your personal data
3. Right to rectification – where personal data may be out of date
4. Right to erasure of your personal data when it is no longer necessary to retain it
5. Right to withdraw your consent at any given time, where consent was the lawful basis for processing the data
6. Right to restrict personal data processing
7. Right to request the transfer of your personal data to another data controller or processor
8. Rights in relation to automated decision making and profiling (not used by A5PC).
For more information on your rights as individuals, please visit the ICO website.
If we wish to use your personal data for a new purpose, that isn’t covered in this privacy notice, we will provide you with a new notice and explanation.
CHANGES TO OUR PRIVACY NOTICE
We reserve the right to update this privacy notice from time to time, and we will provide you with a new privacy notice when we make any substantial changes. Please check back frequently to see any updates or changes.
DATA BREACH PROCEDURE
Should any data under A5PC’s control be breached in any way, Mr Ferguson Trading as A5PC will immediately inform The ICO, the Police and you the client.