Every business is different and the General Data Protection Regulation (GDPR) takes a risk-based approach to data protection. Therefore companies should individually assess their own data collection and storage policies.
The following information is not legal advice and is our interpretation of what we do to ensure the projects we work on handle data in a way that is GDPR compliant.
We strongly recommend that you obtain your own legal advice to ensure that you are fully compliant with GDPR regulations.
About the data
What data do you hold?
We always ensure that the data we collect is essential and of ‘legitimate interest’ as set out in the official GDPR guidelines. This means we don’t handle sensitive information we have no application for and and our data collection process is thoroughly considered.
How did you obtain the data?
The data we collect and house on our internal systems is easily traceable to its source which is extremely important. We can identify the permissions of use at the time of collection and we can confidently justify its use and identify the permissions of use communicated to us.
What will you be doing with the data?
If you take a look at our data journey you’ll see how we plan to use the data based your interactions with us and the purpose of communication. We aim to contact you based on this and therefore you won’t ever receive any communications from us that aren’t relevant to our relationship.
How long will you be retaining this data?
We plan on holding data indefinitely unless specifically requested by you. However when a project ends, any information we have on file such as passwords will be erased. If we work together again at a later date then we may request this information once again.
How is the data being secured?
We aim to be proactive when security is involved, so our team uses a combination of strong passwords and Two Factor Authentication where available. Access is only given to team members when it’s relevant to the work we’re doing with you.
We also ensure that any third parties we use are established and trusted, and have a strong view on the importance of security.
Who will have access to the data?
When data is submitted it will, at times, be passed to various third party tools to ensure we can communicate effectively. For a full list of the tools we use, please see our data journey which highlights these.
Internally, team members working on your project will have access to some of the information and data you have provided. If you’d like details or have specific requirements in terms of the way we deal with your data, please speak to us directly.
Can historic data you hold be tracked?
We are confident that all data we collect can be tracked to it’s source of origin and any historical data was acquired by honest means.
Our Data Journey
Below is a guide detailing how we handle your data and your data’s lifecycle with us. This can be used alongside our handy visual guide.
When we obtain your data – either in person, via phone, or electronically – it will be captured using one of our systems of which include:
From here the data will be utilised depending on the nature of your interaction with us.
There are a few paths your data may take.
At the point you become a client, we may request additional information and data that may need to be added into the following systems:
© 2018 3ManFactory LTD | Company reg: 07642302