Data Protection and GDPR
In May 2018 a huge change comes in which affects businesses large and small. The General Data Protection Regulation (GDPR) has been developed to protect your personal information from being misused or sold without your knowledge or consent. It affect us because we keep your information that is collected from the booking process and any images we take during your parties.
Why Do We Collect Your Information
As a client we want to be able to keep in touch with you which is why we collect your phone number and email address. We also may from time to time send very limited email offers, reminders, and keep in touch so we can retain your custom. We collect your address as part of our contract process in case there is ever a need to send you something physical or for legal proceedings.
We also have to keep our records for Tax purposes and this also means we have to keep data historically for a number of years after your booking. This is all pretty standard data collection and something we'd expect the majority of our competitors also do.
Where Do We Keep Your Information
Thankfully our past choices have really helped us tick the box of data security. All of our booking information is held in 2 locations and both have advised us that they are complaint for GDPR. All your actual booking forms come into our G-Suite email account and on our Client Management System, DJ Event Planner. We have been advised in an email from Google recently that they are happy that they meet the requirements for Data Protection. We keep all of your booking forms in an online mail folder. We keep these because its where you agree to our terms and conditions and are the basis of the price and services we have quoted for, they are the basis of the contract we form.
DJEP is also secure and access is limited to just myself. On here we keep a copy of the information gathered in the booking forms because it allows us to manage your booking better. This system is how we manage our workflow on a daily basis and removes the need for anything to be stored locally on our PC, using a paper diary or online calendar.
What Information Do We Keep
The hard information we collect includes; name, address, contact number, email address and facebook account (if contacted via facebook). There is also some information that could be extrapolated from your event details, we deem these to be marital status, rough birth date and employment status. For example if we have a wedding booking it would be fair to assume you will be married after that date, or if you have a 50th Birthday Party, you will be 50 around that date.
We also hold images taken during your event which we use for our website, social media and publications. Your face is also considered a method of identification in this policy hence the term Photo ID.
What Are Your Rights
The GDPR includes the following rights for individuals:
the right to be informed;
the right of access;
the right to rectification;
the right to erasure;
the right to restrict processing;
the right to data portability;
the right to object; and
the right not to be subject to automated decision-making including profiling.
We will of course accept any Subject Access Request so if you ever want to know what data we hold of yours, please just email us with the subject SAR and your request.
Your Consent To Hold Your Information
We are looking to add another step to our booking process which seeks permission to record, manage and use your information under the governance of the GDPR. There has to be what is called a positive opt in, which cannot be inferred by silence, pre-ticked boxes or inactivity. We have to make you clearly aware that we are holding this information.
Lawful Basis For Processing Information
We have chosen Contract from the 6 lawful bases for processing.
Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
We form a binding contract with our clients to provide a service as per their requirements which are stated during our quotation process. We expect there may be ramifications if we do not provide the service as expected or if the client tries to change this contract without our knowledge or permission. The contract ties the client into our terms and conditions of hire which are there to protect both parties.
Data Protection Officer
I will be the named Data Protection Officer for Disco Couture and will pop my contact information beflow. It will be my responsibility to manage your data, keep it secure and report any breaches or losses of data to both the Ico and clients affected.
Andy Przybyla - Info@discocouture.co.uk - 07962143680 - 1A Bradford Ave, Sunderland SR5 4LB,
As always DIsco Couture aims to stay above the trend and is keen to demonstrate we really care about our clients, something that you don't find with budget companies. Of course there are some pretty stiff fines if your non-compliant and imagine if your supplier was hit with a hefty fine which caused them to go out of business before your party... As always thanks for reading and hope this puts your mind at ease.
We hope to publish our new policy and amended booking forms in the next couple of weeks, then we plan to purge any old data we can, and send out all current clients an email asking them to opt in to us holding their personal data. For more information on GDPR please visit the ICO website https://ico.org.uk/