As at 28 May 2018
The aim of this GDPR Policy is to state clearly how Stylize Digital Artwork Ltd (herein after referred to as just ‘Stylize’) controls, holds and processes data in line with the requirements of The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) which the European Parliament, The Council of the European Union and the European Commission aims to strengthen and unify data protection for all individuals within the European Union.
Stylize will ensure that it follows the principles contained within the GDPR when dealing with sensitive and personal information/data.
RESPONSIBILITY FOR DATA PRIVACY
Stylize does not require the appointment of a Data Protection Officer as we are not a ‘public authority’. Responsibility for the GDPR Policy within the business is held by ‘Neil Saville’ Managing Director of Stylize Digital Artwork Ltd.
Personal Data - This is the data that can identify a person, such as: name, date of birth, photo, National Insurance No. PAYE Information, home address, home phone number, mobile phone number, email addresses, contract of employment, passport, Right to Work Information, CV, references, bank details, medical information, records of holidays, sickness and other absence etc.
Sensitive Data - This is information that relates to medical records, religion, sexual orientation etc.
How Employee Data will be used - As an employer, Stylize needs to keep and process information about its employees for normal employment purposes. The information we hold is used for management and administrative purposes only and in order to enable the business to run and manage its relationships with its employees effectively, lawfully and appropriately, during the recruitment process, whilst employed, at the time when employment ends and after leaving. This includes using information to enable us to comply with its employment contract and to comply with any legal requirements and pursue its legitimate interests.
It may sometimes be necessary to process employee data to pursue legitimate business interests, for example to prevent fraud, for administrative purposes or in reporting potential crimes. Stylize will never process employee data where these interests are overridden by your own interests.
Employees might inevitably be referred to in many company documents and records that are produced by the employee and/or and their colleagues in the course of carrying out their duties and the business of the company. Where necessary we may keep information relating to employees’ health, which could include reasons for absence and GP/Occupational Health reports and notes. This information will be used in order to comply with the Stylize’s Health and Safety and Occupational Health Obligations, to consider how employee health affects their ability to do their job and whether any adjustments to that job might be appropriate. Stylize also needs this data to administer and manage statutory and company sick pay.
Employee personal data will be stored for a period of 6 years following employment end, after which it will be securely shredded. If Stylize intends to process employee personal or sensitive data for a purpose other than that which it was collected the employee will be provided with information on that purpose and any other relevant information.
Sharing Data with Third Parties - Stylize will only disclose information about employees to third parties if legally obliged to do so or if it needs to comply with its contractual duties to its employees, for instance, if it is required to pass on certain information to an external payroll provider, pension provider or health insurance schemes.
How Customer Data will be used - Stylize needs to keep and process information about its customers for business and contact purposes. The information held and processed will be used for service provision and administrative purposes only and in order to enable us to run the business and manage its relationships with our customers effectively, lawfully and appropriately.
INFORMATION WE MAY COLLECT
User name and password - if we collect a user name and password it is so that we can have this information at hand each time you visit our website.
Customer name, contact name, address, telephone and fax details - if we did not collect this information we would not know where to send the goods you have ordered from us or whom to call or fax.
Email addresses - we send an automatic confirmation email of your order when ordering from our website, as well as being able to keep you informed as to the progress of your order, sending digital proofs, delivery tracking, invoices etc.
IP addresses - when you visit our website we will automatically receive your IP address, this is a unique identifier for your computer or other access device.
SHARING DATA WITH THIRD PARTIES
Stylize may be required to share customer data (limited to contact and location details) with third party processors (such as courier companies), will not share customer data with any third-party processor for any purpose other than for legitimate business interests.
THE RIGHTS OF THE INDIVIDUAL
Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) all individuals have a number of rights with regard to their personal data. All individuals have the right to request from the Company access to and rectification or erasure of personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability.
DATA SUBJECT ACCESS REQUESTS (DSAR)
Individuals are allowed access to their personal data. Stylize will provide a copy of this information free of charge, however, if requests are considered to be manifestly unfounded, excessive or repetitive we may consider charging the individual a reasonable fee.
A Data Subject Access Request DSAR must be made to the Managing Director who will respond within one month of receiving this DSAR. Should a request be complex or numerous Stylize will reserve the right to extend this period to a further two months. Individuals have the right to lodge a complaint to the Information Commissioners’ Office if they believe that Stylize has not complied with the requirements of the GDPR or the Data Protection Act 2018 with regard to their data.
THE RIGHT OF ERASURE
The right of erasure does not mean to provide the individual with a “right to be forgotten”. Individuals can request their personal data to be erased or to prevent processing in the following circumstances:
- Where data is no longer necessary in relation to the purpose for which it was originally collected/processed.
- When the individual withdraws consent (applies only to data where consent is required for processing).
- Where there is no legitimate interest for continuing the processing.
- If the data was unlawfully processed.
- To comply with a legal obligation.
Stylize takes the security of its data seriously, all processing and storage of data is subject to suitable security precautions relevant to the type and use of that data. We protect the privacy of your information using highly secure, password-protected servers. The online and offline security measures we adopt protect information we have against unauthorised or unlawful processing of personal data, and against accidental loss or destruction of or damage to personal data.
Any credit card or personally identifying information divulged to Stylize via our website will be stored on secure servers and not released to any other party without your explicit written authorisation. Pages on our website that request payment information are protected using SSL (Secure Socket Layer - see below) security, which encrypts any data transmitted. Once you enter a credit/charge card number, we will never display the entire card number if the page is recalled after you have submitted it, this also covers the use of the "Back" button on your browser, the inner digits will always be displayed as asterisks, protecting your card number from other users of your computer or anyone who happens to see the screen.
The investigation and reporting of Data Breaches are the responsibility of the Data Privacy Committee and will be reported to the Information Commissioners Office in accordance with the reporting requirements of GDPR and the Data Protection Act 2018.
Stylize Digital Artwork Ltd, T/A ‘Stylize Display Graphics’
3 Hollands Road, Haverhill, Suffolk CB9 8PU. 01440 712713