Cartouche London - GDPR
We wish to assure clients that we are GDPR compliant and that the data we hold is treated securely and in consideration of our privacy terms below.
Data Protection Principles
We ensure that:-
- We are lawful, compliant, open and accountable in our processing
- The data we collect is for the purposes specific to our contracts and business, and lawful
- The data we collect is necessary for the purposes of processing
- The data we hold is accurate and up-to-date wherever possible
- We will not hold clients data for longer than necessary subject client instructions and HMRC tax regulations
The way in which we process data is to ensure appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage.
Types of Data Held
The information we collect and hold about our clients and suppliers is necessary to undertake processes pertaining to our work.
The data relating to job processing is stored electronically on computer servers located at our business premises and supported by remote back-up facility provided by authorised cloud computing consultants. We also access “cloud accounting software” for the preparation of invoices.
When unattended our business premises are secured by separately approved security and fire alarm systems.
The data we hold falls into several categories
(i) Client/supplier data for regular use including;
- Company names and addresses
- Current personnel and contact details
- Management information including bank details
(ii) Client data to be included or applied to publications
e.g. Data provided to prepare company business cards and other publications
(iii) Data sets provided by clients in order to perform a specific task or project.
e.g. Distribution lists, shareholder mailing list and conference delegate badges require the processing of client data.
Legal Basis for Processing
We process data in order to perform work requested by our clients
When and where is dated shared?
Employees of Cartouche in their duties to perform contractual obligations have access to client data.
Generally we do not share client data with third parties, however in some circumstances data is shared with vetted contractors to perform specialist tasks.
e.g. In circumstances were we engage the following:-
- Freelance graphic designer(s) to prepare artwork for client projects
- Specialist printing and mailing vendor(s) to print from data sets
- Courier companies to execute client deliveries
- Accountancy firm engaged to prepare Cartouche company accounts
We are obliged to ensure our client's data is protected against accidental loss or disclosure, destruction and abuse. Consequently we take all reasonable care and precautions.
Data sets performed for specific tasks are deleted once the task has been performed and subject to the clients instructions. Data relating to existing clients, suppliers and potential associates is continuously updated and stored in accordance with HMRC regulations.
Should clients withdraw consent for us to process their data we would cease. However, upon such a request we should draw attention to the implications affecting on-going projects.
If you are concerned about how we manage client data please contact the Company