Thank you for trusting me with some information about you. I take that trust seriously and I want you to know how I use your information and why. If you have queries about how I use your data, or comments or questions about this Policy, please do email me. The email address to use is set out in section 2 below. Policy updates: I keep this Policy under regular review, and this page may be updated from time to time. Please come back here to check the latest version. This Policy was last updated on the date given in the final box in the table in section 2 below.
2. WHO AM I?
Name: Susan J Mumford Email address for official notices: firstname.lastname@example.org Date this Policy last updated: 25th January 2019
3. WORDS WITH SPECIFIC MEANINGS
In this Policy, there are words and phrases that have a specific meaning or that I am using in a special way. They are: “personal data” any information about an identifiable living human being. “process” I “process” your personal data when I do anything with it, which might include: collecting, recording, organising, storing, adapting, altering, retrieving, using, combining, disclosing, or deleting it. “special category data” personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life or sexual orientation, health, genetic or biometric data.
4. WHAT THIS POLICY DESCRIBES
This policy describes how I will collect and use personal data about you. I process information about: “Prospects” potential customers or referrers; “Customers” who have bought goods or services from me; “Suppliers”, “Associates”suppliers or potential suppliers of goods or services to us;
5. WHAT INFORMATION DO I PROCESS, AND WHY?
a. Prospect Most of the information I process comes from you. I process it so that I can reply to you, and when you contact me again I know what you asked before, what you were sent, and what you told me. Typically, I am collecting name, contact details, how I came across you, and background information from you or published by you on social media or freely accessible on the internet, on why you might be interested in my products or services or a relevant contact for my business. If you sign up to a newsletter list, you will be sent what you asked for. You can unsubscribe at any time by clicking the unsubscribe button on any email. You are not automatically subscribed to any other lists, but may be invited to join an appropriate one. If I email you individually using my own email system, or respond to an email sent to me at any of the business email addresses, a copy of that email will also be stored. If you make an enquiry via the website, I will keep details of that enquiry and response for only as long as necessary for business operations and according to legal requirements. I do not routinely keep special category data. To the extent I hold this, it was supplied or made publicly available by you.
b. Customer Once you buy something from me, I will collect information from you at the point of sale. This will include the information collected from Prospects (above). I collect your email address, phone number and postal address so I can provide what I have contracted to do, invoice you and keep proper records of our business relationship. I process your data to support the delivery the goods and services you have bought. I keep records of the goods/services provided to you, and information you give me, so I can support you when needed and advise you of any additional services you may need.
Financial and credit card details I do not receive or store your credit card details. Credit card payments are handled by an external secure processor in accordance with their data security policies (see section 2, Table, above).
c. Supplier and Associates I collect information on potential and actual suppliers and associates. This is mostly provided by you, but I do add to it the same kind of data used for Prospects (see above). If you become a supplier or associate I keep a copy of the contract between us and your bank details so I can pay you. I also keep a record of invoices/payments for accounting purposes. I keep a record of the work you undertook for my clients along with any comments, reviews or suggestions about that work including complaints (if any) and their resolution. This information is all needed to manage my customer relationships and supply chain.
6. NEWSLETTERS AND AUTOMATED EMAILS I monitor who opens what in the newsletter lists, and pre-set sequences of information I send you. I do this, so I can see if content is popular and generate more of it, or if it is not read. There may be sub-routines that trigger if you click on links or articles. These are designed to offer you more information about things you are interested in. You can unsubscribe from these sequences at any time. Existing customers may receive emails about specific offers relating to things you have already purchased. You can unsubscribe from these at any time. From time to time, I contact individual email newsletter subscribers but it is extremely rare. This would normally be if something odd were going on and I wanted to check you could see and use the content or find out what was causing a problem.
7. DATA SHARING – 3rd PARTIES
I do not sell or exchange your personal data with organisations who may want to sell you something or use your data for research or other purposes.
a. Platforms I keep a list of the software platforms used to run the business. If you would like a list of all the platforms used, please email me (at the email address in section 2).
b. People I have an outsourced support team for the business which may include Virtual Assistants, Web Designers, IT support, Sales and Marketing, Accounting and more. They have limited access to your data, where the service they provide to me means they need it. For example, if the IT support wants to check the functionality of a laptop or back up, they may need temporary access to information that may include something about you. For example, if I invoice you, our Accountant needs to process the information in the invoice. Your information/advice is held in the strictest confidence. The team is all contracted to strict confidentiality clauses.
8. WHERE IS YOUR DATA LOCATED?
Like most small businesses, I do not have any tailor-made software – I use mainstream packages for everything from our customer records, to email, to accounting. This means that some of your data may be held in the EEA, and some may be held in services in the USA (with suitable data privacy shields) or elsewhere. I have picked mainstream suppliers with appropriate security standards.
9. RETENTION PERIODS
Your information will be kept only as long as its needed for business operations. Note that I need to keep customer information long enough to satisfy HMRC and the insurers. I keep information on prospective customers long enough to make the sales enquiry system effective.
If you subscribed to a newsletter or updates list, you will remain on the list(s) you joined until you unsubscribe from that list.
10. YOUR RIGHTS
You have the right to know what information I am collecting on you, and to amend it if it is inaccurate. If you feel for some reason I have information I should not be keeping, or it is out of date or otherwise wrong, please let me know and I will take appropriate action. Most of the information I hold is not based on your individual consent but is based on my needing the information to run the business and provide the products and services. If you want to know what information I have about you (if any) email me at the email address set out above and give me your name, email address(es) and I will happily do a search and let you know what information I hold on you and how I am using it/have used it. You have a “right to be forgotten” – but that does have some legal limits to it. If you want me to remove information about you, let me know. If you have been a customer, I may not be able to remove all data as I will have to ensure that I can continue to comply with legal, accounting, taxation and the insurer’s requirements.
If you have a complaint about the way I am handling your information or how I have responded to a request for information or removal, you can take this up in the first instance by emailing me at the email address set out above. If I can’t sort it out, the relevant supervisory authority for me is the Information Commissioner for the UK, so please do feel free to contact them.