General Data Protection Regulation Policy
On 25th May 2018, new legislation surrounding the handling, processing and storage of personal data will come into force across the European Union. The new legislation is designed to protect the rights of the individual where their personal data is concerned.
Here at FAS Media, we take such legislation very seriously and in line with these new laws we have reassessed our data protection policies and created a more robustly designed set of policies and procedures to ensure that an individuals data is handled and processed in a more secure way.
FAS Media Ltd does not process special category data or any data relating to children under 16, apart from in rare circumstances. This policy, therefore, covers an individual’s personal data only. An individual’s data is only processed in line with this data protection policy.
What information do we hold about you, as an individual?
Any data which is integral to the design of the product
(eg. On a business card we will have all of the information above, often about more than one member of your organisation’s staff)
Due to the nature of our business, we also keep some of this data on file in a physical format.
The following security measures are in place to protect your data:
Lockable filing cabinets
5 level mortice locks on all main access points
Intruder alarm with telephone notification and sensors at all main access points
CCTV on main access points
What information do we process on your behalf?
If you have employed FAS Media Ltd services to build you a website or to carry out work on your website, then we will likely have access to some, if not all of the customer data which is processed through said website.
We will handle this data with the utmost of care. As a data processor, we will ensure that the following provisions are in place for you and your customer’s protection:
All computers and phones used by the company are password protected.
Any laptops or phones which are taken outside of the registered business address are fingerprint protected in addition to having standard passwords attached.
We will ensure that where possible, multi-factor authentication is used when accessing your details and that of your customers.
Any third party consultants will sign a non-disclosure agreement prior to being given access to your personal data.
All emails sent by our staff are end to end encrypted to protect your data from interception.
If an individual’s data is collected directly from the subject. Then consent will be sought at this time.
This consent will be:
Informed – transparent information about how the data is to be used will be provided.
Specific – this data will only be used for the purposes outlined at the time the data is collected.
Freely given/ non-conditional
Consent to use an individual’s data can be withdrawn at any time. Unless contractual necessity prevents it.
If the individual’s data is collected on behalf of FAS Media, then we will take on the role of the data processor, therefore the consent will be sought by the data controller.
Consent can of course still be withdrawn at any time.
An individual’s rights
Under the new GDPR rules, an individual has the right to:
1, Right to be informed – the individual has the right to be informed when their data is collected and how it will be used.
2. Right to access – an individual can access the data held on file at Pluscrates at any time
3. Right to rectification – if an individual discovers errors in their data or if their data has changed since it was originally collected, then the individual can ask for it to be rectified.
4. Right to erasure/be forgotten – if an individual so wishes, they can have their data erased from our databases. At this point, none of their data will be used for any reason going forward.
5. Right to restrict processing – an individual can request that restrictions are put on their data being used, eg. “I would no longer like to be contacted via email”.
6. Right to data portability – if the request is made, then an individual’s data will be made available in a secure manner for transportation eg. On a password protected USB stick or via a password protected email.
7. Right to object – if an individual does not believe that their data is being used for the purpose for which consent was given, they can object to their data being used in this way. At this point, their data will cease to be used in any form that they are not happy with.
8. Rights in relation to automated decision making and profiling – FAS Media does not carry out any automated decision making or profiling using your personal data.
On our website, all data is set to a 26th month retention period from the point of contact.
Legally we are expected to keep any data relating to the financials of the business for 7 years. After this time, all individual’s data will be disposed of or deleted in a safe and secure manner.
It is often important for the staff at FAS Media to keep emails for a period of 1 year or more. This is to aid in the confirmation of data held on our financial systems.
An automatic retention period will be implemented for all emails which do not fall into this category or which do not pertain to information which by law is required to be kept.
We only share your personal data with third parties if it is relevant to the completion of the job. For example, if we have to use a third party printer for specialist work then they will, of course, have access to any information required for printing and delivering the product. No unnecessary data will be shared with third parties.
We do not sell your data.
If requested, we may share your data with government agencies or law enforcement. In most circumstances, we would inform you of the request which has been made. We may seek legal advice if we are unsure how to progress this request.
FAS Media do not carry out a form of automated decision making or profiling on your personal data.
In the unlikely event of a data breach occurring, we would notify the ICO as well as those involved within a 72 hour period from detection.
FAS Media use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be upfront about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
All gathered information on our website ie. from contact forms, will be used for the purpose it has been given. Prior to you submitting your information, you will be given details about how your information will be used.
You will also be given the option to opt-in to receive marketing on the subject of our products and services. It is important to note that any consent regarding marketing can be withdrawn at any time.
Complaints, Questions and Comments
If you have a complaint about the way in which we collect, process and store your personal data please contact our Data Protection Officer at Head Office on 020 8581 1182 or firstname.lastname@example.org
If, after contacting us, you feel that we have not resolved your issue, you have the right to complain to the Information Commissioners Office.