Scope of this Document
This document covers the data we collect and store relating to you personally as an individual.
How we fit into the General Data Protection Regulations
As part of the GDPR regulations that cover personal data for individuals across the EU we act as a data controller (storing and managing information you provide to us) and a data processor (using data provided by our partners / suppliers) to complete required business operations.
This privacy notice documents all data that you supply to us directly or has been supplied to us by GDPR compliant third parties.
Any personal data that you supply to us:
More about the data we collect
More about the information we receive from third parties
How we use your data
We collect the data outlined in the Privacy Notice to be able to operate our business and provide the products and services you require from us. Your data will only be used with your consent, which you can give via digital means, online, by post or verbally. We may also rely on other lawful basis’ for processing data such as legitimate interest, or contractual obligation. The use of this data may include contacting you via email, telephone and post to fulfil the products and services we offer. In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you. You will not be recognisable as a natural living person from this anonymised data.
We regularly conduct data flows and a data inventory or data audit which looks at all aspects of the personal data that we process, including the legal basis for processing and any special requirements that the data needs. Any risk assessments (DPIAs) requirements are identified and completed paying particular attention to privacy risks associated with each processing activity: storage, collection, transmission, access and deletion.
Third-Parties Who Form Part of Our Contracted Delivery Process
To fulfil the products and services we offer your data may be shared with a third party delivery service and/or website management company. The amount of data we share will be minimal to enable the complete of the product or service purchased.
Our third party suppliers may also process your data in the following ways:
Our legal and crime prevention policy
We will share personal information with the relevant agencies and without notice, where we are requested to or suspect fraudulent activities, money laundering, terrorist related activities or where there is another legal requirement to do so.
Children under the age of thirteen
All of our products and services are not intended to be used by children under 16 years old. We will never knowingly collect data from or on children below 13 years old.
We will not store any special category personal data (anything about your body, beliefs, race or sexual preferences as this is not required for our business processes.
Storage of Personal Data
All data that you provide to us or third parties will be stored and backed up securely within the EEA/EU. Any data that is stored outside of the EEA/EU will meet the ‘Privacy Shield’ standard, adequacy findings or binding corporate rules will be in place.
We have procedures in place to deal with any suspected personal data breach and will notify you and any supervisory body of a breach if we are legally required to.
Internet and Postal Data Security
All data once received by us will be stored and backed up securely. All data supplied digitally or by post is at your own risk until it reaches us. We cannot be held responsible for data security on your own electronic devices or the postal service.
How long do we keep your data for?
The amount of time that we store your data depends on the following:
We will keep your data for the term you have specifically consented to, the contracted term between us or where there is a legitimate interest for us to remain in contact with you in for up to 24 months in case of any queries that you may have or for legally required reasons (E.G. HMRC), whichever is the longest period. All in accordance with our Data Retention Policy.
Customer contracts are stored in both paper and digital form. Retention of contracts follows the same time scales and procedures outlined above. Duplicate copies of contracts can be provided in either format but an administration fee will be charged of £25.00 plus vat for a digital copy or £30.00 plus vat for a photocopy of the original, if held, sent by second class post.
Your Data Protection & Privacy Rights
There are various rights that you have as a UK natural living person (individual) under the GDPR. Below are the abbreviated ICO definitions and include:
You can exercise your rights by contacting us using the details set out in the “Contact us” section below.
You have a right to see what information that we hold about you and you can get in contact with our Data Protection Officer using the following details:
Two Plus Two Multimedia Ltd,
Copper Beech Place,
Tel: 01494 730000
Under the GDPR you have the right to request a copy of the personal information that we hold about you and to have any inaccuracies corrected or information deleted. You will need to prove your identity with 2 pieces of approved identification which can be a: passport, driving licence, birth certificate, utility bill (from last 3 months), current vehicle registration document, bank statement (from last 3 months) or a rent book (from last 3 months). We will verify your identity, noting how and when we verified it, then we will immediately delete that data.
If you can advise of the specific information that you require, we can process your request more quickly. We will respond to your request within one month of you providing information that confirms your identity.
We will then give you a copy of your data, why we have it, who it could be disclosed to and it will be in a format that you can access easily. You have the right to clarify and correct the information as necessary. It can be deleted providing that it is not required for legal or public interest reasons.
To Make a Data Subject Access Request
To make a Data Subject Access Request please following this link - https://www.twoplustwomarketing.co.uk/data-subject-access-request/
To make a Data Removal Request
To make a Data Removal Request please follow this link - https://www.twoplustwomarketing.co.uk/gdpr-data-removal-request/
Data Protection Officer Contact Details
If you have any questions about this Privacy Notice or any other data protection queries, our Protection Officer can be contacted at: firstname.lastname@example.org
By post at our office address:
Two Plus Two Multimedia Ltd, Copper Beech Place, Green Lane, Exton, Exeter, Devon, EX3 0PW
Or by e-mail: email@example.com
If we have not been able to help you, you can escalate to the ICO. The full ICO rights under GDPR can be seen at the Internet link below or calling them on 0303 123 1113: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights