Still a few things to do but most of the content below is in place and the rest should be ready for GDPR launch date.
Personal information held by Open Door Multimedia – 19/5/18
Open Door Multimedia is run on a sole trader basis by myself. I employ no staff and the only person who has access to personal information/ data is me. The business is covered under GDRP but information held is very limited and not sensitive. It includes:-
The names of clients and contacts
The business or charity they are involved with
Their phone numbers
Website URL’s (in most cases)
No postal addresses are held in any database, spreadsheet or narrative records though they may feature in emails to and from an individual and in invoices received or sent.
Most of the above information may be available in the public domain.
This information is maintained in simple spreadsheets which are maintained in encrypted form.
A short narrative note of contact with clients and potential clients is maintained and kept for a period of two years. This will include information about :-
Work done – including products and services
Current position/ activity
Thoughts, ideas and proposals for future work
Prices charged or quoted for future work
Current payment situation e.g. invoice issued, outstanding invoices
Emails to and from contacts may be retained for a period of up to two years in an encrypted form.
Invoices which contain information of payments received from and made to individuals and companies are retained in encrypted form.
Most of the contact details have been taken from business cards passed on by the individual in face to face meetings, often in a business networking setting or by emails received.
No information about date of birth, relationships, age, gender, sexual orientation, personal finances, marital or citizenship status, lifestyle, vulnerability or health related issues is held.
No data is processed in a way that will allow the identification of e.g. women on high incomes in Warrington over the age of 50.
No financial details e.g. salary, spending, wealth, savings are retained though a small number of Sort Codes and Account Numbers may be held within emails which are held in encrypted form.
No collected information is passed on to other individuals or agencies either free of charge or on a paid for basis with the exception of video footage and photographs in original or processed form. This is in line with the signed release form that clients and contacts sign at the time of being filmed, photographed or audio recorded.
Basic individual contact details may be passed on to third parties, but only with the permission of the individual concerned.
No information from e.g. Credit Agencies or CCJ’s or linking to criminal convictions is kept or processed.
Email marketing will be delivered via MailChimp. It will be restricted to a small number of contacts who have responded positively to a recent Opt-in request. That contact list will be added to over time.
The information referred to above has been obtained through email contact, conversation, reference to websites, personal introductions, phone calls.
No information is passed out of the UK with the exception of the email marketing Opt Ins which may be contacted via MailChimp.
No information about existing or potential clients has been purchased.
The information held will be used to make contact on an individual basis with the clients and contacts of Open Door Multimedia in writing or via the telephone. This includes submitting invoices for work done and following up on late payments/ recovering debt and submitting tax returns.
If information has to be passed to an external agency for e.g. debt recovery, a GDPR compliant agent will be used.
The information may also be used in connection with government/ legal requirements.
Information will be used for email marketing for a small group of contacts who have Opted In to that usage. Withdrawal can be requested at any time and the request will be acted on within two weeks.
The Legal Grounds for holding and processing information are based on the provision of products and services which may be of benefit to our existing and potential new clients. The simple information held allows me to communicate effectively and to respond to orders and to keep up to date with payments received or paid.
We also need the information to produce annual accounts and a tax return.
Specific consent has been received from a small number of contacts for email marketing communication. This would be unlikely to involve more than one contact per month.
Co-operation with legal and statutory bodies will be readily given but no information will be routinely shared with those agencies.
No information will be shared with credit or fraud protection agencies.
In the event of advice or support or hardware repair being needed, a GDPR compliant IT consultant will be used.
Your personal information may be held for a period of 24 months unless you ask us to erase it in the meantime. Cleansing of contact details, emails and ongoing narrative notes will be carried out after 24 months if there has been no contact, provided there is no specific reason to retain them e.g. financial dispute, possible claims or litigation.
Still images (photographic) and moving images (video) in original, straight out of the camera form and processed product (finished photographs and film) will be retained indefinitely. This is on the basis that clients do request old pictures and footage after extremely lengthy periods. There is no commitment to hold those resources beyond 24 months but in practice the actual period of retention may be considerably longer than that. When Open Door Multimedia produces photographic and video material for clients there is a release document which grants permission for the business to use the material in any reasonable way in perpetuity. Much of it is made available in the public domain. If a client specifically requests the erasure of photographs and video footage reasonable efforts will be made to do that. However some of that material may have been supplied on a paid basis or transferred to a third party and full erasure may not be possible.
Due to the scale and storage implications photographs and video footage will be stored in a non-encrypted form but it is not normal practice for them to have names and other personal information included in the metadata relating to individual files. External hard drives are stored in locked cabinets when not in use.
Basic arrangements for password protection on one computer and one mobile telephone are in place. One folder on the computer containing all sensitive information is encrypted. The mobile phone is password protected and data will be erased after 10 unsuccessful attempts to access the phone. Emails are encrypted. The Open Door Multimedia website has been altered so that it is not possible for viewers to input personal details. Contact is only available via email or telephone. There is no commercial activity via the website and financial details cannot be entered.
Staff training. Open Door Multimedia is a sole trader arrangement and no-one except myself can process any information.
If you wish to view any information held on you please ask and it will be made available.
If you wish for all of your data to be erased, please ask and this will be done within 2 weeks, with the exception of financial data which may need to be retained for HMRC/ tax returns or other legal requirements e.g. if claims or litigation are considered a possibility.
Open Door Multimedia