General Data Protection Regulation Policy
On 25th May 2018, new legislation surrounding the handling, processing and storage of personal data will come into force across the European Union. The new legislation is designed to protect the rights of the individual where their personal data is concerned.
FAS Media Ltd t/a FAS Printing is hereinafter referred to as FAS Printing. FAS Printing as referenced hereinafter shall include but is not limited to the following services; printing, print production, print management, graphic design, and/or related services.
Here at FAS Printing, we take such legislation very seriously and in line with these new laws we have reassessed our data protection policies and created a more robustly designed set of policies and procedures to ensure that an individuals data is handled and processed in a more secure way.
FAS Printing does not process special category data or any data relating to children under 16, apart from in rare circumstances. This policy, therefore, covers an individual’s personal data only. An individual’s data is only processed in line with this data protection policy. What information do we hold about you, as an individual? Name Phone number Email address Invoice address Delivery address Any data which is integral to the design of the product (eg. On a business card we will have all of the information above, often about more than one member of your organisation’s staff)
Due to the nature of our business, we also keep some of this data on file in a physical format. The following security measures are in place to protect your data: Lockable filing cabinets 5 level mortice locks on all main access points Intruder alarm with telephone notification and sensors at all main access points CCTV on main access points
What information do we process on your behalf?
If you have employed FAS Printing services to print any materials and have them delivered to you, then we will have been provided with your delivery address details and possibly an invoice address. These details are protected on password-protected computer systems.
We will handle this data with the utmost of care. As a data processor, we will ensure that the following provisions are in place for you and your customer’s protection: All computers and phones used by the company are password protected. Any laptops or phones which are taken outside of the registered business address are fingerprint protected in addition to having standard passwords attached. We will ensure that where possible, multi-factor authentication is used when accessing your details and that of your customers. Any third party consultants will sign a non-disclosure agreement prior to being given access to your personal data. All emails sent by our staff are end to end encrypted to protect your data from interception. Consent If an individual’s data is collected directly from the subject. Then consent will be sought at this time. This consent will be: Informed – transparent information about how the data is to be used will be provided. Specific – this data will only be used for the purposes outlined at the time the data is collected. Freely given/ non-conditional Consent to use an individual’s data can be withdrawn at any time. Unless contractual necessity prevents it. If the individual’s data is collected on behalf of FAS Printing, then we will take on the role of the data processor, therefore the consent will be sought by the data controller. Consent can of course still be withdrawn at any time.
An individual’s rights
Under the new GDPR rules, an individual has the right to: 1, Right to be informed – the individual has the right to be informed when their data is collected and how it will be used. 2. Right to access – an individual can access the data held on file at Pluscrates at any time 3. Right to rectification – if an individual discovers errors in their data or if their data has changed since it was originally collected, then the individual can ask for it to be rectified. 4. Right to erasure/be forgotten – if an individual so wishes, they can have their data erased from our databases. At this point, none of their data will be used for any reason going forward. 5. Right to restrict processing – an individual can request that restrictions are put on their data being used, eg. “I would no longer like to be contacted via email”. 6. Right to data portability – if the request is made, then an individual’s data will be made available in a secure manner for transportation eg. On a password protected USB stick or via a password protected email. 7. Right to object – if an individual does not believe that their data is being used for the purpose for which consent was given, they can object to their data being used in this way. At this point, their data will cease to be used in any form that they are not happy with. 8. Rights in relation to automated decision making and profiling – FAS Printing does not carry out any automated decision making or profiling using your personal data.
On our website, all data is set to a 26th month retention period from the point of contact. Legally we are expected to keep any data relating to the financials of the business for 7 years. After this time, all individual’s data will be disposed of or deleted in a safe and secure manner.
It is often important for the staff at FAS Printing to keep emails for a period of 1 year or more. This is to aid in the confirmation of data held on our financial systems. An automatic retention period will be implemented for all emails which do not fall into this category or which do not pertain to information which by law is required to be kept.
We only share your personal data with third parties if it is relevant to the completion of the job. For example, if we have to use a third party printer for specialist work then they will, of course, have access to any information required for printing and delivering the product. No unnecessary data will be shared with third parties. We do not sell your data. If requested, we may share your data with government agencies or law enforcement. In most circumstances, we would inform you of the request which has been made. We may seek legal advice if we are unsure how to progress this request.
FAS Printing do not carry out a form of automated decision making or profiling on your personal data.
Data Breach In the unlikely event of a data breach occurring, we would notify the ICO as well as those involved within a 72 hour period from detection.
Complaints, Questions and Comments
If you have a complaint about the way in which we collect, process and store your personal data please contact our Data Protection Officer at Head Office on 020 3865 2390 or firstname.lastname@example.org If, after contacting us, you feel that we have not resolved your issue, you have the right to complain to the Information Commissioners Office. https://ico.org.uk/