DATA PROTECTION & PRIVACY POLICY

(General Data  Protection Regulations)

 

We consider the privacy of our visitors and our clients to be extremely important. This privacy policy document  describes the types of personal information collected and recorded by Studio 35 (York) Ltd and how we use it.

 

Studio 35 (York) Ltd’ Data Protection and Privacy Policy is in line with the laws set out in the GDPR (General Data Protection Regulation) and covers the following areas in layman’s terms:

  1. Data controller
  2. What data we have and why we have it
  3. Data collection
  4. Data storage and protection
  5. Company and staff guidelines
  6. Data access and accuracy

 

1. Data Controller

Studio 35 (York) Ltd is the Data Controller under the GDPR, which means that it determines what purposes personal information is held and will be used for. It is also responsible for  notifying  the  Information  Commissioner  as  and when required of the data it holds or is likely to hold, and the general purposes that this data will be used for.

Studio 35 (York) Ltd has taken steps to ensure its infrastructure complies with the Cyber Essentials Certification of Information technology systems.

 

2. What Data we have and why we have

Studio 35 (York) Ltd  needs to collect and  use certain information about  the people  we come into contact with. This      is in order to carry out our work and serve our clients to the best of our ability. This personal information is collected and dealt with as set out in the GDPR.

The data we collect and store:

  • Name:
    • So that we can address you personally in our
  • Email Address:
    • So that we can provide in an environmentally friendly way the  information  required  for  consideration to your requirements relating to product, design and services from Studio 35 (York)
  • Postal Address:
    • So that we can locate your premises and populate relevant design criteria, and for geographical location purposes for potential supply and installation requirements.We may also use postal addresses to communicate where no email is known, or if this  is  your  preferred method of communication.
  • Telephone Numbers:
    • So that we can keep in touch, ask you how we are doing and/or to contact you if  there  is  a requirement to book home visits, arrange consultations or discuss design and service requirements further to any email/postal communication. Plus, any change of plan to any  meeting/work arranged, and  occasion ally  as  an  alternative contact to verify another communication.
  • Kitchen and Lifestyle Information:
    • Required solely to design a tailored kitchen environment for your specific and individual

 

3. Data Collection

Studio 35 (York) Ltd will ensure that data is collected within the boundaries  defined  in  this policy.  This  applies  to data that is collected in person, or by completing a form.

When collecting data, Studio 35 (York) Ltd will ensure that the Individual/Service User:

  • Clearly understands why the information is needed.
  • Understands what it will be used for and what the consequences are should the  individual/service  user  decide not to give consent to processing.
  • As far as reasonably possible, grants explicit consent, either written or verbal for data to be processed.
  • Is as far as reasonably practicable, competent enough to give consent and has given so freely without any duress.
  • Has received sufficient information on why their data is needed and how it will be used.

Informed consent is when:

  • An individual/service user clearly understands why their information is needed, who it will be  shared with,  and the possible consequences of them agreeing or refusing the proposed use of the data.
  • And gives their consent.

 

4. Data Storage & Protection

Information and records relating to individuals/service users will be stored securely and will only be accessible to authorised staff and sub-contractors (limited to task in progress).

Information will be stored only for as long as it is needed or required by statute and in line with the rules/ regulations and guidelines of our regulating bodies. It will be disposed of appropriately.

Studio 35 (York) Ltd’ responsibility to ensure all personal and company data is non-recoverable from any computer system previously used within the organisation, which has been passed on/sold to a third party.

Studio 35 (York) Ltd locates its data in a secure protected and encrypted environment. It does  not  share  data with any other agencies.

Studio 35 (York) Ltd intends to ensure that personal information is treated lawfully and correctly.

Studio 35 (York) Ltd will, through appropriate management and strict application of criteria and control:

  • Observe full conditions regarding the fair collection and use of information.
  • Meet its legal obligations to specify the purposes for which information is used.
  • Collect and process appropriate information, and only to the extent that it is needed to fulfil its operational needs or to comply with any legal requirements.
  • Ensure the quality of information used.
  • Ensure that the rights of people about whom information held, can be fully exercised under the Act. These include:
    • The right to be informed that processing is being undertaken.
    • The right of access to one’s personal information.
    • The right to prevent processing in certain circumstances, and
    • The right to correct, rectify, block or erase information which is regarded as incorrect information.
  • Take appropriate technical and organisational security measures to safeguard personal information.
  • Treat people justly and fairly whatever their age, religion, disability, gender, sexual orientation or ethnicity when dealing with requests for information.
  • Set out clear procedures for responding to requests for information.

 

5. Company and Staff Guidelines

Information and records relating to service users will be stored securely and will  only be  accessible to authorised staff and sub-contractors (limited to task in progress).

Information will be stored only for as long as it is needed or required by statute and in line with the rules/ regulations and guidelines of our regulating bodies. It will be disposed of appropriately.

Studio 35 (York) Ltd’ responsibility to ensure all personal and company data is non-recoverable from any computer system previously used within the organisation, which has been passed on/sold to a third party.

To this end, Studio 35 (York) Ltd and its staff will  adhere  to the Principles  of  Data  Protection,  as  detailed  in  the  Data Protection Act 1998.

Specifically, the Principles require that personal information:

  • Shall be processed fairly and lawfully, and shall not be processed unless specific conditions are met.
  • Shall be obtained only for or more of the purposes specific in the Act and shall  not  be  processed  in  any manner incompatible with that purpose or those purposes.
  • Shall be adequate, relevant and not excessive in relation to those purpose(s)
  • Shall be accurate and kept up to date.
  • Shall not be kept longer than is necessary.
  • Shall be processed in accordance with the rights of data under the Act.
  • Shall be kept secure by the Data Controller who takes appropriate technical and other measures to prevent unauthorised or unlawful processing or accidental loss or destruction of, or damage to, personal information.
  • Shall not be transferred to a country or territory outside the UK.

In addition, Studio 35 (York) Ltd will ensure that:

  • It has a Data Protection Officer with specific responsibility for ensuring compliance with Data Protection
  • Everyone processing personal information understands that they are contractually responsible for following good data protection practice
  • Everyone processing personal information is appropriately trained to do so
  • Everyone processing personal information is appropriately supervised
  • Anybody wanting to make enquiries about handling personal information knows what to do
  • It deals promptly and courteously with any enquiries about handling personal information
  • It describes clearly how it handles personal information
  • It will regularly review the way it holds, manages and uses personal information
  • It regularly assesses and evaluates its methods and performance in relation to handling personal information
  • All staff are aware that a breach of the rules and procedures identified in this policy may lead to disciplinary action being taken against them

 

6. Data Access and Accuracy

All Individuals/Service Users have the right  to  access  the  information  Studio  35  (York)  Ltd  holds  about  them. Studio 35 (York) Ltd will also take reasonable steps to ensure that this information is kept up to date by asking data subjects whether there have been any changes.

This policy will be updated as necessary to reflect best practice in data management, security and control and to  ensure compliance with any changes or amendments made to the Data Protection Act 1998.

In case of any queries or questions in relation to this policy please contact : Studio 35 (York) Ltd – Director & Data Protection Officer:

Gary McGowan gary@studio35york.co.uk

 

Version 2018