The following GDPR policy is a statement of how Commercial Blinds & Glazing LTD will comply with the new GDPR law as of 25 May 2018.
How we are complying
- In line with the ICO/GDPR guidelines, New Business prospecting emails and marketing campaigns will continue on a business-business basis to business email addresses.
- Only when a personal email address has been provided and consent given, will this be added to the marketing campaign.
- All marketing emails have the option to unsubscribe and any business wishing to unsubscribe will have their data removed in accordance with GDPR regulations.
- Current clients/customers who are dealing with on-going quotes/projects will be contacted as normal as they will have given consent for a reasonable period of time.
- When prospecting new business, clients/individuals will be asked for approval to send information to them (via phone calls, LinkedIn or replying to enquiries).
Where does our data come from?
- Current clients/ customers who are in regular contact over quotes/projects/potential projects.
- New enquiries which come through commercialblinds.co.uk where customers submit their name, contact number, email address and company name/address.
- Past clients/customers who have dealt with Commercial Blinds & Glazing LTD in the past or who have enquired via the website enquiry forms in the past.
- New potential clients/contacts that come from connections on LinkedIn or other networking events.
What data is held and where is our data stored?
- Sage – all payroll and payment information is stored on Sage which is password protected and only accessible by the accounts team. Employee’s personal details are kept on Sage for payroll purposes only.
- Microsoft Outlook – Commercial Blinds & Glazing has email accounts which staff operate from. Contact emails are stored in Outlook and predominately include customers/clients signature which contain name, numbers and addresses. All outlook accounts are password protected.
- Staff who have emails on their work phones are again all password protected and in the case of a phone being lost/stolen, the relevant action will be taken.
- Email Database – Commercial Blinds & Glazing LTD stores its emails database on a password protected document in a Microsoft excel format. This is stored on the companies shared Network Documents. Again all PC’s are password protected and this email database contains potential customers, current customers and historical customers.
- All quotations not proceeding to a full order/completed project are stored in a secure cabinet for 12-18 months to meet company policy. These quotes contain site survey details and contact information. These files are disposed of accordingly after a period of time.
- All completed job files are stored in secure boxes and securely locked in dry storage for 7 years to meet with company policy.
- At any time where an individual requests to opt-out of receiving emails from Commercial Blinds & Glazing, they will be removed from the main database and on to a separate file which will be stored in secure network documents and password protected.
Staff Data Procedures
- All staff contact details as well as tax details, bank details and pension details. The period is as stated on the GDPR document.
- During recruitment, successful candidate’s Contact details, Qualifications, Employment history, Ethnicity & Disability details are kept securely on file for 6 year post employment.
- For unsuccessful candidates, these details are stored for 12 month post recruitment campaign.
Sales & Marketing Data
- For direct marketing to existing customers the customer’s contact details and purchase history are kept on file until the end of the relationship. All customer’s completed order files are kept on file to meet the companies’ procedures as stated in the GDPR document.
- For potential customers their contact details are stored on file for up to 2 years post campaign or until they ask to be removed from all marketing.
- Commercial Blinds & Glazing will review their GDPR policy annually. The next review will be on 20/05/2019
- The review will ensure we are meeting the required steps for GDPR and any necessary changes will be made.
Appointed Data Protection Officer