Dee Two Limited – hereafter referred to as Dee Two, we, us or our – needs to gather and process personal information about individuals for core business purposes, such as accounting, staff administration and marketing. Individuals can include customers, suppliers, contractors, business contacts, employees and other people the organisation has a relationship with, or may need to contact.
This policy explains how personal data is collected, stored, and handled in order for us to comply with our own organisation’s privacy and data protection standards – and to adhere to the European Union’s General Data Protection Regulation, which becomes law on 25 May 2018.
This data protection policy ensures [company name]:
The General Data Protection Regulation describes how organisations — including Dee Two — across all 28 European member states must collect, handle and store personal information. These rules apply regardless of whether data is stored electronically, on paper, or on other materials. To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.
GDPR defines Personal Data as any information that can directly or indirectly identify an individual and includes: forename; surname; title; photo; address; email address; IP address; Location data; Cookies; and Profiling and Analytics data.
The Regulation also places much stronger controls on the processing of Special categories of personal data including: Race; Religion; Political opinions; Trade Union membership; Sexual orientation; Health information; Biometric data; and, Genetic data.
This policy applies to:
This policy applies to all data that [company name] holds relating to identifiable individuals, even if that information technically falls outside of the General Data Protection Regulation Act 2018. This can be made up of:
Identity Data including first name, surname, marital status, title, gender and photo.
Contact Data including business name, billing address, postcode; email address and telephone numbers.
Financial Data including bank account and payment card details.
Transaction Data including details about payments, invoices, and receipts between you and Dee Two, and other details of products and services we have purchased from one another.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our services.
Profile Data includes your online username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
Usage Data includes information about how you use our website, and our products or services.
Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.
Dee Two collects data from you:
Directly when you contact us by telephone, email, or completed and submit any form that is included on our website.
Indirectly when you take some action on our site (passive data).
We may also have personal data about you, if you:
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages of our site are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Dee Two also uses third party cookies for tracking and analytics services, such as Google Analytics, Adobe Analytics or similar services provided to us by individual internet service providers. In addition we may link or embed elements, for example YouTube videos, Vimeo videos or Google Fonts, into our site in order to provide visitors with a fuller experience.
These organisations are Data Processors and have obligations to confirm to the European Union GDPR laws so that Dee Two is unable to use their services to track, collect, or upload any data that personally identifies an individual (such as a name, email address or billing information), or other data which can be reasonably linked to a Visitor.
In addition, and where possible, Dee Two has actively switched on IP Anonymisation to disable the collection of Personal Identifiable Information (PII) through third party cookies to ensure that the individual IP addresses of Visitors to our site are masked and are not identifiable.
This policy also helps to protect Dee Two from some very real data security risks, including:
Breaches of confidentiality. For example, information being given out inappropriately.
Failing to offer choice. For example, all individuals should be free to choose how the company uses data relating to them.
Reputational damage. For example, Dee Two could suffer if hackers successfully gained access to sensitive data.
Everyone who works for, or with, Dee Two has some responsibility for ensuring data is collected, stored and handled appropriately. Anyone that handles personal data must ensure that it is handled and processed in line with this policy and data protection principles.
The only people able to access data covered by this policy should be those who need it for their work. Data should not be shared informally. When access to confidential information is required, staff and contractors can request it from David Davis of Dee Two.
Staff and contractors should keep all data secure, by taking sensible precautions and following the guidelines below:
Dee Two will ensure that all our staff and contractors are made aware of these guidelines, read them, and help them understand their responsibilities when handling data.
These rules describe how and where our data should be safely stored.
When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it. These guidelines also apply to data that is usually stored digitally but has been printed out for some reason:
When data is stored digitally, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts:
If you have any further questions about storing data safely these can be directed to David Davis of Dee Two.
We do not share your personal data with any third parties. However personal data is of no value to us unless Dee Two can make use of it for our day-to-day core business purposes.
It is when personal data is accessed and used that it can be at the greatest risk of loss, corruption or theft:
The law requires Dee Two to take reasonable steps to ensure data is kept accurate and up to date. It is the responsibility of our staff and contractors, who work with data, to ensure it is kept as accurate and up to date as possible.
Data will be held in as few places as necessary and additional data sets will not be created.
We take every opportunity to ensure data is updated, for example, by confirming a customer’s details when they call.
Where possible, Dee Two will make it easy for individuals to update their own data that we hold about them, for example, via our website.
We update data when inaccuracies are discovered. For instance, if a customer can no longer be reached on their stored telephone number, it is removed from the database.
All individuals who are the subject of personal data held by Dee Two are entitled to:
If an individual contacts [company name] requesting this information, this is called a Subject Access Request.
You may request details of data which we hold about you under the EU’s General Data Protection Regulation. Subject Access Requests should be made by email to David Davis, Managing Director at firstname.lastname@example.org. In accordance with the new regulations, we aim to provide all the relevant data to you within 30 days and for no fee.
We will always verify the identity of anyone making a Subject Access Request before handing over any information.
In certain circumstances, the EU General Data Protection Regulation allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.
Under these circumstances, [company name] will disclose requested data. However, we will ensure the request is legitimate, seeking assistance from legal advisers where necessary.
Dee Two retains different types of data for different lengths of time.
Identity Data, Contact Data, Profile Data and Marketing & Communications Data: for the length of time that an individual is a customer of, or a supplier to, Dee Two.
Contact Data, Financial Data and Transaction Data: for a minimum of seven years, in accordance with guidelines provided to us by the UK Government’s HM Revenue and Customs.
Technical Data and Usage Data: for 26 months.
Google Data Retention: for 26 months. For more information please see the Google Analytics Data Privacy & Security support pages.
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
This Policy was prepared by Dee Two and becomes operational on 25 May 2018.