Matthew Humphries Design Ltd may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 18th May 2018.
In the simplest terms, GDPR (General Data Protection Regulation) is a new privacy law introduced in the UK on 25th May 2018. It protects users from unauthorised data collection by requiring explicit consent. If data is being collected and stored, the individual providing the information needs to be aware of it and give permission before any action is taken. Along with providing permission to collect data, the GDPR also requires that users are able to request access to their data and have it removed if requested.
GDPR – The Basics
We hold your Personal Data under secure conditions using the following software which is GDPR compliant.
- Mailchimp (Marketing platform for small businesses)
We are using the grounds of Legitimate Interest to maintain contact with our existing pre-May 25th 2018 CRM database. All new clients will be asked to positively opt-in after this date.
As required, we will inform contacts of a data breach within a 72-hour window of becoming aware of the occurrence of a data breach.
Right to Access
Ogle will provide confirmation as to whether or not personal data concerning you is being processed by us, where the data is being stored and for what purpose. Furthermore, we shall provide a copy of the personal data, usually free of charge, in writing.
Right to be Forgotten *
The right to be forgotten entitles you to obtain from the controller the erasure of any personal data without undue delay and to stop any further distribution of the data.
* Warning once we delete all your records, we will not be able to monitor your name should you then re-appear via a request for a quote or other information.
GDPR introduces data portability; the right for a data subject to receive the personal data concerning them, which has previously been provided in a ‘commonly used and machine-readable format’, and to have the right to transmit that data to another company or organisation. It’s really about ‘transferring’ data between suppliers. e.g. allowing a customer to switch bank or insurance provider easily, without having to set everything up from scratch. Although we are not involved in this type of information sharing, we will only pass your information on for delivery purposes.
Marketing Platforms & Activities
Our marketing platforms and activities are compliant with GDPR going forward.
At MHD we use Mailchimp for almost all of our client email marketing communications.
Our Mailchimp signup forms are incorporated into our website; they collect the email address, IP address and timestamp. They are set to require ‘double opt in’ – which emails the user to confirm they would indeed like to join the mailing list. When data is collected via a MailChimp sign up form, the relevant permission data is then stored within our Mailchimp list and is compliant with the new record keeping regulations. At the point of information collection, we will make it clear to users how and where we will be storing your information and how we will be using it.
The option to unsubscribe is also present inside each email communication sent via the Mailchimp platform and is managed accordingly directly in our Mailchimp list.
- If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to us or emailing us at firstname.lastname@example.org