On 25 May 2018 the new EU General Data Protection Regulation (GDPR) came into force (this included the United Kingdom regardless of its decision to leave the EU) and impacted each and every organisation that holds or processes personal data.
It introduced new responsibilities, including the need to demonstrate compliance, more stringent enforcement and a significant increase in penalties compared to the current Data Protection Act (DPA) that it superseded.
In simple terms, individuals now have greater say over how, why, where and when their personal data is gathered, processed and disposed of. Any organisation that works with EU residents’ personal data in any manner, irrespective of location, has obligations to protect the data.
If you hold and process personal information about clients, staff or suppliers, you are legally obliged to protect that information.
Wild Dog Design GDPR Statement
Wild Dog Adventure Ltd, (trading as ‘Wild Dog Design’ or for this statement, ‘WDD’) is committed to the security of our customers Data by adhering to the requirements of the EU GDPR.
We collect only private personal data that is needed to maintain a working relationship with clients, suppliers and staff. Data is never shared with third parties for sales or marketing. Data is only held for as long as it is needed. We endeavour to keep retained data relevant and up to date and may contact you for this purpose. When adding a record to our database we confirm at the point of data collection that you are happy for us to retain your data. Any information we hold on an individual can be requested by that individual. All data is stored within a GDPR compliant database on a secure SSL encrypted server. Our premises has CCTV from which images are recorded and stored for a short period of time – detailed below.
If you are a client of WDD we use your contact details for the following purposes: Customer support and account management; order processing and invoicing; maintaining our company accounts and records; marketing and communications. Data normally consists of the following fields: First name, last name, address, postcode, email address, telephone number, mobile number and IP address. Data is stored/transferred using SSL encryption.
Marketing for WDD
Our mailing list consists of names and email addresses collected through the WDD website on which a double opt-in mechanism is used. Only customers who have agreed to receive marketing messages will receive them. WDD will be clearly identified as the sender of emails. Emails sent for marketing purposes will include an option to unsubscribe from future messages.
Marketing on behalf of our clients
We are occasionally sent mailing lists from our clients to fulfil marketing campaigns on their behalf. Data is transferred securely using an SFTP or HTTPS SSL encryption method. After the completion of the campaign, the data is deleted. We have a shared responsibility with our client that the data that they supply has been collected using approved GDPR guidelines.
Due to the nature of the work WDD does, it is necessary for us to gain access to web-servers and other web related services through accounts belonging to our clients. This requires WDD to hold a database of usernames, emails and passwords to access the various services. The database is encrypted and has two factor authentication to access it. The software we have adopted for this purpose is one of the world’s leading secure password managers, LastPass.com.
WDD has CCTV cameras in operation at their offices at 44-46 Old Steine, Brighton BN1 1NH. The footage is retained for a maximum of three weeks after which the media is recycled and the data deleted. Face recognition technology is not used to identify visitors. The storage device is kept securely behind a locked door. The device does not have internet connectivity.
It is WDD’s responsibility to protect any private and personal data that we hold in a secure manner. WDD staff have been briefed on the importance of safeguarding client data. It is the right of every individual to request that that data is retained, deleted or changed as they wish. You can request to see your data we hold by contacting firstname.lastname@example.org