Compliance with the General Data Protection Regulation (GDPR)
Date of issue: 1st May 2018
Blue Canyon Ltd (later referred to as BC) ensure that we treat your personal data in line with the requirements of the General Data Protection Regulation (GDPR). To comply with the GDPR regulations, BC must inform you of the data that we hold for you, why we hold it and who we share it with.
We need to gather and use certain information about individuals, including; customers, suppliers, employees, and other individuals that we have a business relationship with.
We only collect data for the sole purpose of providing the services, provision of products that you are purchasing from us and administering your account. This information is stored securely within the business and backed up to secure servers.
We may on occasion use your information to contact you about products or services that we genuinely believe to be of relevance and interest to you, unless you opt out of this communication.
We will never sell, or pass on, any data or personal information that we hold for you to any third parties unless required to do so by government authorities, or in the event of debt recovery, of which will only be done with the appropriate confidential protection.
You can contact BC at any time at: firstname.lastname@example.org, where you can request to have your data removed from our records, or to request a copy of the information that we hold for you. Any request such as this will be dealt with in a confidential manner and at no cost to you.
Our code of conduct for data is that it shall be:
- fairly and lawfully processed;
- processed for limited purposes;
- adequate, relevant and not excessive;
- not kept longer than necessary;
- processed in accordance with the data subjects’ rights;
- secure; and
- not transferred to countries outside the EU without adequate protection.
BC and its employees are made aware of the law and GDPR requirements. Only those persons within the business that require access to your data to enable them to complete our service of your account has access to that information. This may include, for example; your name, address and contact details to complete a design or print job, or email addresses to enable us to send you proofs of artwork.
The Information We Hold
We only hold the information and data that we need to complete the services that you buy from us such as, but not limited to; design, print work and online services (e.g. website builds), and to administer your account. Data will not be shared or further processed in any manner deemed incompatible with the original requirement of obtaining it.
We will securely hold the data using modern, up-to-date technology, that is regularly reviewed for as long as is necessary to deliver the services we provide to you, this will include, for example, details of previous orders, contact information for your business and details of previous payment terms that you have with us.
Personal data may be shared with our suppliers only to enable us to fulfil our services to you, consent is therefore given by you to do so by placing an order with us. For example, we may print business stationery of which has personal information detailed, or we may be delivering products directly to you and therefore addresses will be held and shared by us with the appropriate transport companies to enable us to deliver your goods.
When you purchase from us online, through www.bluecanyon.co.uk, we store your; name, address, email address and telephone number for the purposes of fulfilling your order. Please be assured that we do not share your personal details with any other companies without your consent.
All data processed by BC will be done on the lawful basis of one of the following: consent, contract, legal obligation, vital interests, public task or legitimate interests.
Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent will be clearly available, and systems will be in place to ensure such revocation is reflected accurately in BC’s systems.
When you log-in to BC’s Guest Wi-Fi, we may collect data about; your device, the volume of data that you use, the websites and applications that you access; and your usage by access time, frequency and location.
For all data and images that you send to us for use within a designated project, BC accept that you have obtained the appropriate permissions to share that information and/or images with BC for use in that designated project. That information will be securely stored with the jobs digital assets in the same appropriate manner that we store all digital data and used solely for the purposes of that project.
Security of your Data
Any data that we hold for you is stored securely.
Hard copy data is used by BC to administer our business and our services to you. Paper copy information, such as quotations, are held for a maximum of 4 years, after which they are securely destroyed. Access to paperwork is only by those employees who are required to do so to fulfil our commitments to you.
Digital data is also used by BC to administer our business and our services to you. Digitally stored information is used to process and administer our business, where your data is held and stored to enable us to invoice you for works that you have purchased from us.
Appropriate back-up and disaster recovery processes are in place.
Archiving and Removal of Data
Data is retained for as long as is necessary to enable us to fulfil our services to you. To ensure that personal data is kept for no longer than is necessary, BC will put in place an archiving process for each area that personal data is held and review this annually.
The archiving process will consider what data should/must be retained, for how long, and why.
In the Event of a Security Breach
In the event of a security breach, BC shall promptly assess the risk to people’s rights and freedoms, and wherever appropriate, report the breach to the ICO within 72 hours of finding the breach.