Published: 23rd May 2018 at 6:58 pm
In order to comply with GDPR all companies must now obtain freely given, specific, informed, and unambiguous consent from their non-business contacts. We (elmtree creative) must clearly explain how we plan to use any personal data. This notice explains what personal data we collect, how we use that data, any reasons we may need to disclose that personal data to others, and how we securely store that personal data.
What personal data do we collect?
We currently receive and retain information from you when you contact us via email or telephone, with a request to engage in a working/business scenario or a request to hold your details for future opportunities.
This data usually consists of company names, individual names and business titles, email addresses, telephone numbers, social media locations, and any banking details we require to make or receive payments.
We do not currently purchase any marketing contact lists from external sources outside the realm of what is freely available to view/source openly to the public.
How we use your personal data
We currently use your personal data to:
– provide you with our day to day services.
– comply with our contractual obligations we have with you (i.e the provision of art and media files and other materials you have requested from us):
– espond to questions and queries posed by you the company or individual;
– make outgoing payments for goods and services which you as a business or individual may provide us with;
– provide you with news about or updates to our business and services which we feel may be of interest to you where you have consented to be contacted as such.
– offer freelance contracts and employment
Reasons we may be required to disclose your personal data to others
We do not currently share your personal data with anyone outside of elmtree creative without your consent to do so, other than where we need to provide invoice documentation for accounting purposes under our own legal obligations. AKE Accountancy currently provide this service for us.
How we store your personal data
We store your data in the following ways. This data is held for as long as we deem appropriate to our current or future service to you, or until you directly and specifically request for us not to hold such information – either via email, or via using any unsubscribe link/tool we provide to you).
We use strict procedures to try to comply with your own requested level of privacy, and to prevent any unauthorised access to this information.
Day to day services
We hold email addresses and any other information as disclosed by you to us via email signature setups within our businesses email accounts. We use LCN as our email provider in conjunction with Apple mail. We also use a job database on the Filemaker platform hosted by Molesoft which may hold direct contact details of stakeholders as part of the briefing information. We may also retain client telephone numbers (direct lines and mobile numbers) on mobile devices (backed up via iCloud) used by our day to day account contacts.
Historical and live work
We are required to hold our historical artwork for existing and lapsed clients on our server and back up systems which in part uses Dropbox for Business. Some of these jobs may contain contact details as appropriate/advised/consented via the brief at the time of that service being provided. Some of this information may be lapsed and outdated/irrelevant, this forms part of our historical archive of work and is only available to elmtree partners.
Occasionally we send HTML emails to update clients with news and changes to our products and services. We currently use Mailchimp to provide this service and hold a list of subscribers who have chosen not to unsubscribe from these emails.
elmtree Clientzone and other visits to our website
We currently do not actively track visits to our website (and therefore use any accompanying data) through the use of any analytics provider. Any change to this protocol will be updated on this document as part of that change and notified directly, where appropriate, to any clients or customers whose business contact email we hold.
In order to pay for goods and services and obtain payment we are required to hold banking details to make and receive those payments. We use Barclays PLC for these transactions.
We use the Clearbooks system for our invoicing our clients and customers, this holds relevant contact details for that contact in the form of email addresses.
Important things to remember
We do not currently share your personal or business data with anyone outside of elmtree creative without your consent (or our strong belief that you have consented) to do so. Please DO contact us directly if you have questions about the data we may hold for you or your business, how that data is used, or if you think a change needs to be made to the information we hold about you. We will respond to such requests within 30 days of the request.
You have the right to object to our use of your personal or business details, or to ask us to delete, remove, or to stop using it if you feel there is no need for us to keep it.
This is known as your right to be forgotten.
We will respond to any such requests within 30 days.
Please remember that if you are current client or we receive a brief from you and you have requested we remove your contact details this may delay or otherwise compromise our ability to deliver that service.
Please contact us first
You can contact us directly with any questions or queries you may have about the data we might hold for you as an individual or a business, how that data is used, or if you feel a change needs to be made to the information and/or use of that information.
In the first instance please contact firstname.lastname@example.org who is our acting Data Protection Officer. We will respond within 30 days.
If you have a complaint that has not been answered or, in the unlikely event that we cannot reach a sensible resolution, you have the right to make a complaint. In such an instance please visit the Information Commissioner’s Office at https://ico/org.uk/concerns to direct your enquiry who will contact us as appropriate.
Please note that the above policy and guidelines is/are subject to change. We will endeavour to communicate to all of our contacts, where it is permitted, when any change to this policy occurs or is requested by the appropriate authorities.
Privacy notice review and effective date: 23 May 2018