The Secret Copper Events do everything they can to respect your right to privacy and the protection of your private personal information. The Secret Copper Events is a small business with four directors. Mrs J Young, director is the Data Controller.
Purpose of statement
To ensure compliance with GDPR to establish the following:
- Who is the data controller?
- What data we receive
- What data we store
- Where data is stored
- Who has access
- For what purpose data is stored
- How is consent obtained to use/store data?
- How data is deleted
- Control measures in place
- Procedure to report breach
Who is the data controller?
Company director Mrs J Young Who is ultimately responsible for the company compliance with gdpr.
What data we receive
- Address & telephone number.
- Email address.
- Payment details.
Where data is stored
- Database system password protected PC with security software.
- Paper invoices – secure filling cabinet at company address office.
- If customers send via email - attachment deleted after printed and added to secure filing cabinet.
Who has access to data
- P Young J Young R Marsden E Dunn company directors (all information).
- Accountant for The Secret Copper Events (name address payment details).
For what purpose is data stored
- Payment and payment ID.
- Company accounting.
How long data is stored
- All information is stored securely before and during hire period.
- Name address and email address will be store post hire period all other personal information will be destroyed within 1 month of hire period.
- We are required for tax purposes to keep basic personal data (name address contact information) for a minimum of 6 years after which time it will be destroyed.
How is consenting to use data obtained
- Enquiries made via telephone/email social media and website and upon arranging booking of hire verbally or electronically.
- Entry added to T&Cs read and signed by hirers before hire date.
How is a request for data handled?
All subject request applications to be made to the data controllers in writing via email to email@example.com Mr P Young and Mrs J Young All requests will be responded to within the relevant timeframes set out by GDPR and usually be within 30 days. The subject data request will only be accepted by the person who the data relates to.
How is data deleted
Data is deleted by the directors of 4eva young camper hire Ltd who have access to the database where the information is stored. All requests to delete data will be endeavoured within 30 days of the request, however should the request contradict legislation of England and Wales or instructions by relevant authorities the data will remain on file until instructed by aforementioned.
What control measures are in place
Data access is restricted to the named persons in this document The Secret Copper Events Young Camper GDPR policy statement.
All third-party business partners mentioned in this document who keep data of customers also have GDPR policies.
What is the procedure to report a breach?
If a suspected breach has taken place all individuals identified who may have been affected by the breach will be contacted within 24 hours.