Compliance with the General Data Protection Regulation (GDPR)
Date of issue: 1st May 2018
Cuttlefish Graphics Limited T/A Full Circle Graphics (later referred to as FCG) ensure that we treat your personal data in line with the requirements of the General Data Protection Regulation (GDPR). To comply with the GDPR regulations, FCG must inform you of the data that we hold for you, why we hold it and who we share it with.
We need to gather and use certain information about individuals, including; customers, suppliers, employees, and other individuals that we have a business relationship with.
We only collect data for the sole purpose of providing the services, provision of products that you are purchasing from us and administering your account. This information is stored securely within the business and backed up to secure servers.
We may on occasion use your information to contact you about products or services that we genuinely believe to be of relevance and interest to you, unless you opt out of this communication.
We will never sell, or pass on, any data or personal information that we hold for you to any third parties unless required to do so by government authorities, or in the event of debt recovery, of which will only be done with the appropriate confidential protection.
You can contact FCG at any time at: firstname.lastname@example.org, where you can request to have your data removed from our records, or to request a copy of the information that we hold for you. Any request such as this will be dealt with in a confidential manner and at no cost to you.
Our code of conduct for data is that it shall be:
1. fairly and lawfully processed;
2. processed for limited purposes;
3. adequate, relevant and not excessive;
5. not kept longer than necessary;
6. processed in accordance with the data subjects’ rights;
7. secure; and
8. not transferred to countries outside the EU without adequate protection.
FCG and its employees are made aware of the law and GDPR requirements. Only those persons within the business that require access to your data to enable them to complete our service of your account has access to that information. This may include, for example; your name, address and contact details to complete a design or print job, or email addresses to enable us to send you proofs of artwork.
The Information We Hold
We only hold the information and data that we need to complete the services that you buy from us such as, but not limited to; design, print work and online services (e.g. website builds), and to administer your account. Data will not be shared or further processed in any manner deemed incompatible with the original requirement of obtaining it.
We will securely hold the data using modern, up-to-date technology, that is regularly reviewed for as long as is necessary to deliver the services we provide to you, this will include, for example, details of previous orders, contact information for your business and details of previous payment terms that you have with us.
Personal data may be shared with our suppliers only to enable us to fulfil our services to you, consent is therefore given by you to do so by placing an order with us. For example, we may print business stationery of which has personal information detailed, or we may be delivering products directly to you and therefore addresses will be held and shared by us with the appropriate transport companies to enable us to deliver your goods.
All data processed by FCG will be done on the lawful basis of one of the following: consent, contract, legal obligation, vital interests, public task or legitimate interests.
Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent will be clearly available, and systems will be in place to ensure such revocation is reflected accurately in FCG’s systems.
When you log-in to FCG’s Guest Wi-Fi, we may collect data about; your device, the volume of data that you use, the websites and applications that you access; and your usage by access time, frequency and location.
For all data and images that you send to us for use within a designated project, FCG accept that you have obtained the appropriate permissions to share that information and/or images with FCG for use in that designated project. That information will be securely stored with the jobs digital assets in the same appropriate manner that we store all digital data and used solely for the purposes of that project.
Security of your Data
Any data that we hold for you is stored securely.
Hard copy data is used by FCG to administer our business and our services to you. Paper copy information, such as design briefs, are held for a maximum of 4 years, after which they are securely destroyed. Access to paperwork is only by those employees who are required to do so to fulfil our commitments to you.
Digital data is also used by FCG to administer our business and our services to you. Digitally stored information is used to process and administer our business, where your data is held and stored to enable us to invoice you for works that you have purchased from us.
Also, artworks and designs that you have commissioned us to produce may also contain your personal information, for example; letterheads and business cards. Digital data such as this is held and stored for as long as is necessary to service your account with appropriate security measures onsite at FCG, with secure backup procedures in place that meet maximum possible standards for data security, ISO 27001.
Appropriate back-up and disaster recovery processes are in place.
Archiving and Removal of Data
Data is retained for as long as is necessary to enable us to fulfil our services to you. To ensure that personal data is kept for no longer than is necessary, FCG will put in place an archiving process for each area that personal data is held and review this annually.
The archiving process will consider what data should/must be retained, for how long, and why.
In the Event of a Security Breach
In the event of a security breach, FCG shall promptly assess the risk to people’s rights and freedoms, and wherever appropriate, report the breach to the ICO within 72 hours of finding the breach.
“Good design is obvious. Great design is transparent.”