Data Policy

1. Data Collection and Usage

1.1 We may collect and store the following information:
First Names, Second Names, Email Addresses, Telephone Numbers, Business Names, Home and Business Addresses, Usernames and Passwords (for access to 3rd party accounts).

1.2 We may collect this information in the following ways:
From our website contact form at https://dapperwebdesign.com/contact
We may also collect personal information via email corresponance, business cards, Creditsafe UK https://www.creditsafe.com/gb/en.html, and information that is available in the public domain.

1.3 We process data on the following legal basis:
1.3.1 Consent – By providing us your data by the means in section 1.2. (the data subject has given consent to the processing of his or her personal data for future comminucation).
1.3.2 Legal Compliance – By providing us your data by the means in section 1.2. (the processing is necessary for compliance with a legal obligation for invoicing records on Wave Accountancy https://www.waveapps.com/)
1.3.3 Necessary for the performance of the contract – We may require personal login information to 3rd party businesses in order to satisfy the contact.
1.3.4 Legitimate interest of the data controller – We may collect and hold data using means identified in section 1.2

1.4 We keep this information up-to-date by:
1.4.1 We check our information for accuracy by regularly vetting our database every 12 months, checking with you that your details are correct, and updating our records accordingly.

1.5 The data we collect is used for the performance of our services and to send correspondance related to our contract with you. We may also share this information with 3rd party suppliers where neccesary for the performance of our services. We may use the data to contact you regarding contract renewals, as we as anything we deem may be of interest to your business and/or our business relationship.

1.6 We may share your data with third party suppliers where necessary to fulfil our contract. We have mutual Non-Disclosure Agreements in place with our suppliers to ensure your data is only used in direct relation to the service being provided and is not stored for longer than the duration of the contract.

1.7 Any data collected in paper format, i.e. business cards, will be transferred to our database and the paper format will be shredded. Your data will be reviewed in line with section 1.4.1

1.8 We use and store data that is bought in from our supplier, CreditsafeUK, who are GDPR compliant https://www.creditsafe.com/gb/en/more/about/gdpr.html

1.9 On the rare occasion a third party is contracted outside the EEA, they remain bound by the same Non-Disclosure Agreement outlined in section 1.6

2. Data Access and Responsibility

2.1 Dapper Web Design operates as a Sole Trader and as such only one person has access to the data being held. Dapper Web Design assumes sole responsibility for the management and the use of data held.

2.2 All hardware used to access data is protected by face and finger-print recognition software.

2.3 All data being held is stored securely on cloud storage with OneDrive who provide data encrypted storage solutions. Details can be found here: https://support.office.com/en-us/article/data-encryption-in-onedrive-for-business-and-sharepoint-online-6501b5ef-6bf7-43df-b60d-f65781847d6c. Microsoft are GDPR compliant.

3. Data Access and Responsibility

3.1 Individuals have the right to access their personal data, this is commonly referred to as subject access. Individuals can make a subject access request verbally or in writing by telephoning 01822 481 868 or emailing support@dapperwebdesign.com. We will respond to your request within 30 days.

3.2 Your record in our database will have a Unique Reference Number attached to it. Should you wish your details to be deleted under the “right to be forgotten rules”, all your data will be deleted except the Unique Reference Number. This number will be stored to allow us to prove that any data related to your Unique Reference Number has been deleted in the future.

4. Data Breach Actions

4.1 In the event of a data breach Dapper Web Design are responsible to report the breach to the ICO and inform anyone who’s data may have been affected within 72 hours.

4.2 In the event of a breach Dapper Web Design will take the necessary action required to prevent the instance occurring in the future including the revision of this policy.

This document was created by Dapper Web Design on 18.05.2018 and reviewed on 18.05.2018