Data Protection Lead
Our data protection lead is Matthew Garrett. The data protection lead ensures that Define Creative meets the requirements of the GDPR, liaises with statutory bodies when necessary, and responds to any subject access requests.
Confidentiality
Within Define Creative we respect confidentiality in the following ways:
• We will only ever share information with a client about their own brand.
• Information given by clients will not be passed on to third parties without permission.
• Staff are made aware of the importance of confidentiality during their induction
process.
• Issues relating to the employment of staff, whether paid or voluntary, will remain confidential to those making personnel decisions.
• All personal data is stored securely either in a lockable file, on a password protected
Computer or passcode-locked phone
• Students on work placements and volunteers are informed of our Data Protection policy and are required to respect it.
Information that we keep
The data that Brands present us with are kept securely for the project engagement.
Electronic data that is no longer required is deleted and paper records are disposed of securely.
Staff: We keep information about employees in order to meet HMRC requirements, and to comply with all other areas of employment legislation. We retain the information after a member of staff has left our employment for the recommended period of time, then it is deleted or destroyed as necessary.
Sharing information with third parties
Some limited personal information is disclosed to authorised third parties we have engaged to process it, as part of the normal running of our business, for example in order to take online bookings, and to manage our payroll and accounts. Any such third parties comply with the strict data protection regulations of the GDPR.
Subject access requests
•Clients can ask to see the information and records relating to their brand, and/or any information that we keep about themselves.
• Staff and volunteers can ask to see any information that we keep about them.
• We will make the requested information available as soon as practicable and will respond to the request within one month at the latest.
• If our information is found to be incorrect or out of date, we will update it promptly.
• If any individual about whom we hold data has a complaint about how we have kept
their information secure, or how we have responded to a subject access request, they may complain to the Information Commissioner’s Office (ICO).
GDPR
We comply with the requirements of the General Data Protection Regulation (GDPR), regarding obtaining, storing and using personal data.
This policy was adopted by: Define Creative
Date: 05/12/22
Review Date: 01/12/23
Signed: J.Alexander