9a Market Place, Brigg, North Lincolnshire, DN20 8ES
ICO Registration Number:
Alexander Wright (Managing Director)
Rachel Davey (Office Manager)
What information do we hold about you and why?
We hold the information you give us when you become a client or supplier, and any information collected subsequently during normal business activity.
This may include your name, postal address, telephone number, email address and bank details for payment purposes. We use and store this information securely to provide the service for your business requested by you or to communicate with you about the service you provide to our business.
For more information about how we gather data, please refer to Google Analytics Advertising Features Policy.
Personal and business information that you give to us is treated in confidence and never given to a third party without your specific consent unless there is a legal obligation to do so.
You may choose to restrict the collection and use of your data by ‘unsubscribing’ from our communications at any time (by emailing firstname.lastname@example.org) even if you have agreed to us using your information previously.
If you would like to update your personal or business information, check it’s accuracy, request a copy of the data we hold about you, or have it removed from our records contact email@example.com, and we will happily comply with the Subject Access Request, for which there is no charge. We will respond to your request within 21 days.
All data held by us is reviewed regularly, and data no longer required by us is removed or destroyed. We keep a record of all data reviews.
Our Communication with your Contacts/Customers
Any information given to us by you which includes personal/business information belonging to your contacts/clients will be treated as an extension of your own information i.e. with complete confidentiality and security and within the rules of the GDPR.
If you provide us with names, postal addresses and email addresses, we will assume they have been obtained lawfully.
- If the contacts come from a bought-in data list, we will assume the organisation from which they were bought is acting within the rules of the GDPR, and that you have exercised due diligence with regard to that company.
- If the contacts are from your own database of contacts/clients/members, we will assume that you have sought consent from them for the purpose of informing them about your business activities that may be relevant to them.
In order to prevent unauthorised or illegal access to your data, we ensure the following measures are in place, and checked and reviewed regularly. These reviews are recorded.
- We use up-to-date, fit for purpose anti-virus software, change passwords regularly on all our devices and our server, and use robust, cloud based back up (this allows us to access and remove data from anywhere, so if a device is stolen or mislaid, client information can be removed as soon as the discovery is made).
- Confidential documents and devices not in use are kept securely locked away.
- Staff are fully aware that any data breaches must be reported according to GDPR. They have all the information to hand to do this promptly and are also required to log any breaches and serious near misses internally.
- Staff receive regular training on best use of our IT system and abide by rules set out in our HR policy regarding data protection. We demand that they are extremely vigilant in their use of email and the internet. They are aware of the risks of using public Wi-Fi, and we do not allow personal mobile telephones to be charged on company devices.
- We have a specific Cyber Insurance Policy and adhere to all instruction set out by the insurer to guarantee it is always valid.