Last Modified – May 2018
ACE Embroidery Ltd respects the privacy of every individual who visits our website and social media platforms. This policy outlines the information we collect and how we use it. This policy applies to information collected through our website and other sources.
We only collect personal information on a voluntary basis. We do not require this information to obtain access to our website or our social media sites.
The GDPR regulates the processing of personal data, and protects the rights and privacy of all living individuals, for example by giving all individuals who are the subject of personal data a general right of access to the personal data which relates to them. Individuals can exercise the right to gain access to their information by means of a ‘subject access request’. Personal data is information relating to an individual and may be in hard or soft copy (paper/manual files; electronic records; photographs; CCTV images), and may include facts or opinions about a person.
The company have obligations imposed on it by the General Data Protection Regulation (GDPR) to ensure that all information about individuals is collected and used fairly, stored safely and securely, and not disclosed to any third party unlawfully. We must ensure that our policies are written in a clear, plain way that everyone will understand.
Individuals have various rights under the legislation including a right to:
- be told the nature of the information we hold and any parties to whom this may be disclosed.
- prevent processing likely to cause damage or distress.
- prevent processing for purposes of direct marketing.
- be informed about the mechanics of any automated decision taking process that will significantly affect them.
- not have significant decisions that will affect them taken solely by automated process.
- take action to rectify, block, erase or destroy inaccurate data.
- sue for compensation if they suffer damage by any contravention of the legislation.
- request that the Office of the Information Commissioner assess whether any provision of the Act has been contravened. We will only process personal data in accordance with individuals’ rights.
This policy outlines the information we collect and how we use it.
Data Protection Officer:
Our Data Protection Officer is Mathew Smart. For further information, subject access requests or complaints please contact firstname.lastname@example.org.
In order to comply with its obligations, ACE Embroidery Ltd undertakes to adhere to the GDPR principles:
1) Process personal data fairly, lawfully and transparently
We will make all reasonable efforts to ensure that individuals who are the focus of the personal data (data subjects) are informed of the purposes of the processing, any disclosures to third parties that are envisaged; given an indication of the period for which the data will be kept, and any other information which may be relevant.
2) Data collected for a specified and legitimate purpose
We will ensure that the reason for which it collected the data originally is the only reason for which it processes those data, unless the individual is informed of any additional processing before it takes place.
3) Ensure that the data is adequate, relevant and not excessive in relation to the purpose for which it is processed
We will not seek to collect any personal data which is not strictly necessary for the purpose for which it was obtained. Forms for collecting data will always be drafted with this mind. If any irrelevant data are given by individuals, they will be destroyed immediately.
4) Keep personal data accurate and, where necessary, up to date.
We will review and update all data on a regular basis. It is the responsibility of the individuals giving their personal data to ensure that this is accurate, and each individual should notify us if, for example, a change in circumstances mean that the data needs to be updated. It is the responsibility of the company to ensure that any notification regarding the change is noted and acted on.
5) Only keep personal data for as long as is necessary
We undertake not to retain personal data for longer than is necessary to ensure compliance with the legislation, and any other statutory requirements. This means we will undertake a regular review of the information held and implement a weeding process.
6) Put appropriate technical and organisational measures in place against unauthorised or unlawful processing of personal data, and against accidental loss or destruction of data.
The Data Protection Officer is responsible for ensuring that any personal data which is held is kept securely and not disclosed to any unauthorised third parties.
We will ensure that all personal data is accessible only to those who have a valid reason for using it.
We will have in place appropriate security measures:
- keeping all personal data in a lockable cabinet with key-controlled access.
- password protecting personal data held electronically.
In addition, we will put in place appropriate measures for the deletion of personal data - manual records will be shredded or disposed of as ‘confidential waste’ Hard drives of redundant PCs will be wiped clean before disposal or if that is not possible, destroyed physically.
From time to time we like to send out communications via email to inform you of any offers we have or any new products. In order to do this, we require your explicit consent. You may unsubscribe to these emails at any time via the unsubscribe button on the bottom of our emails or by contacting a member of our sales team.
We use Mailchimp to store our communication data, which includes name and email address. These details will be deleted if you unsubscribe to our communications.
This information is not passed onto any third party.
Opening an account:
In order to open an account with us you are asked to complete an Account Form which will detail whether or not you wish to receive communications from the company (see above). As a customer you will automatically be added to our Customer Relationship Management (CRM) software which is called Orderwise. Our CRM system is used to place orders, process orders and deliveries.
The Account Form asks for 3 trade references. It is your responsibility to ensure you have the permission of the trade references before you add them to the form and that they are happy for ACE Embroidery to contact them.
The Account Form once processed is not retained by the business and is confidentially shredded.
We back up our CRM system via the cloud twice a day.
If you make a payment via credit or debit card, once the payment has been processed we will confidentially shred your details. No card details are retained.
Your details feed into our accountancy software Sage.
We use Paypal for all of our transactions, no payment details are processed or stored by the company.
If delivery is required, then the company will receive your name and address via Paypal. If you requested collection, then we will receive your email address, which acts as your receipt.
Information Security and Storage:
Our “Mailchimp” account is secure and maintained by our Sales team and Directors.
Our CRM and Sage databases are only accessible by authorised employees and sub-contractors and are password protected.
We do not store details of individuals if an order has not been processed.
We review our security regularly and take all necessary cyber precautions.
The company do not pass your data onto any third party.
Transparency and Choice:
You may at any time contact the company and ask what information we hold on you.
You may ask us to update this information if it is incorrect, which we will strive to do as quickly as possible.
You may ask for your information to be deleted from our communication lists at any time. There is an unsubscribe button at the bottom of all mailings, however you may contact the company directly in order to unsubscribe.