The General Data Protection Regulations (GDPR) come into effect on the 25 May 2018 and apply to all EU citizens but must be upheld by all organisations worldwide. The aim of GDPR is to provide protection to individuals for their personal information to ensure it is held and processed lawfully.
Personal data is defined as any information relating to an identified or identifiable natural person (a natural person who can be identified directly or indirectly). The data applies to both automated data and manual filing systems.
Vinters, The Maidstone Studios, Vinters Business Park, Maidstone, Kent, ME14 5NZ, respects and is committed to protecting the privacy of all its clients. We can be contacted at this address or by email: email@example.com or tel: +44 1622 524215. If you disagree or are unhappy with the way we handle your personal data and we are unable to resolve your issue, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
We will apply the following principles when collecting data:
The personal data that Vinters holds for its clients is: Name, address, telephone number, email address, IP address and bank or credit card details. This information is needed to enable employees of Vinters to provide a service to its clients and make charges for these services.
Where we use a third party to process payment information on our behalf, we will only pass the information that is necessary for this purpose. The information will be transferred, processed and stored in a secure way and we will only use companies that are regulated by the Financial Conduct Authority.
Where a third party is used for licensing purposes, we will only pass information that is necessary for this purpose (usually first name and second name). The information will be transferred, processed and stored in a secure way and we will ensure the supplier has the appropriate security measures in place.
As part of our operations and continued availability of service to our clients, we duplicate our client database in Europe and the USA – the data is transferred securely using up-to-date encryption and in accordance with permitted processes for cross border data transfer. We have an Information Security Management System which is accredited under ISO27001 and will ensure that the data centres we use in other countries have equal accreditation.
Vinters will only use the data for the purpose for which it has been provided, ie the contract of service – if Vinters wish to use the data in any other way, we will seek consent from you and this consent may be withdrawn by you at any time.
In accordance with the GDPR regulations, clients are able to have access to all their own personal data. This request must be put in writing and we will respond to requests within one month in the majority of cases. The client can request that any inaccurate personal data is corrected and that incomplete data is completed.
Retention of Data
Vinters will ensure that data is kept in accordance with it’s data retention policy which can be made available on request. Once the retention period has expired, Vinters will only retain information if there is a compelling reason to do so, otherwise the data will be erased.
In accordance with GDPR, we will notify the ICO without undue delay but in any event within 72 hours of becoming aware of the breach, where a breach is likely to result in risk to an individual’s rights and freedoms. We will contact you in the case of a data breach – which is defined as a security incident that has affected confidentiality, integrity or availability of personal data.