Scope of this Document
This document covers the data we collect and store relating to you personally as an individual.
How we fit into the General Data Protection Regulations
As part of the GDPR regulations that cover personal data for individuals across the EU we act as a data controller (storing and managing information you provide to us) and a data processor (using data provided by our partners / suppliers) to complete required business operations.
This privacy notice documents all data that you supply to us directly or has been supplied to us by GDPR compliant third parties.
Any personal data that you supply to us:
- Personal data can be shared with us in one of the following ways: Website contact form, newsletter registration form, direct email communication, posted letter or telephone conversation. These methods may include the following personal information: your full name, your home or business address, personal or business email address and telephone / mobile phone number. If a purchase is made online or via the telephone additional information may be collected such as your delivery address, payment provider and additional information to supply the goods in the correct size and specification.
- If you are share information with us on behalf of a third party please make sure you have their prior consent and that they receive a copy of this privacy notice for their personal records.
More about the data we collect
- We may record telephone conversations for training purposes and as a legal record of any conversations that take place.
- Our website will track user data (Google Analytics) to help us understand visitor patterns and preferences, no personal data will be stored during this process other than the unique IP address of the computer used to visit the website.
- Third parties may provide data to us but all information will be supplied by a GDPR compliant source.
More about the information we receive from third parties
- Social Media - If you have used a promotional advert or offer through social media networks such as Twitter, LinkedIn or
- Facebook we may receive your profile information such as your full name, address, telephone / mobile numbers. We will use this information to contact you regarding your interest in this offer / advert if you have given your consent to do so.
How we use your data
We collect the data outlined in the Privacy Notice to be able to operate our business and provide the products and services you require from us. Your data will only be used with your consent, which you can give via digital means, online, by post or verbally. We may also rely on other lawful basis’ for processing data such as legitimate interest, or contractual obligation. The use of this data may include contacting you via email, telephone and post to fulfil the products and services we offer. In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you. You will not be recognisable as a natural living person from this anonymised data.
We regularly conduct data flows and a data inventory or data audit which looks at all aspects of the personal data that we process, including the legal basis for processing and any special requirements that the data needs. Any risk assessments (DPIAs) requirements are identified and completed paying particular attention to privacy risks associated with each processing activity: storage, collection, transmission, access and deletion.
Third-Parties Who Form Part of Our Contracted Delivery Process
To fulfil the products and services we offer your data may be shared with a third party delivery service and/or website management company. The amount of data we share will be minimal to enable the complete of the product or service purchased.
Our third party suppliers may also process your data in the following ways:
- Deliver products to you chosen address.
- Backup previous orders for archive.
- Fault find issues with an on going order.
Our legal and crime prevention policy
We will share personal information with the relevant agencies and without notice, where we are requested to or suspect fraudulent activities, money laundering, terrorist related activities or where there is another legal requirement to do so.
Children under the age of thirteen
All of our products and services are not intended to be used by children under 16 years old. We will never knowingly collect data from or on children below 13 years old.
We will not store any special category personal data (anything about your body, beliefs, race or sexual preferences as this is not required for our business processes.
Storage of Personal Data
All data that you provide to us or third parties will be stored and backed up securely within the EEA/EU. Any data that is stored outside of the EEA/EU will meet the ‘Privacy Shield’ standard, adequacy findings or binding corporate rules will be in place.
We have procedures in place to deal with any suspected personal data breach and will notify you and any supervisory body of a breach if we are legally required to.
Internet and Postal Data Security
All data once received by us will be stored and backed up securely. All data supplied digitally or by post is at your own risk until it reaches us. We cannot be held responsible for data security on your own electronic devices or the postal service.
How long do we keep your data for?
The amount of time that we store your data depends on the following:
- The reason we are using your data, memberships or product warranties may require us to store your data for unto 24 months to allow for customer communications such as renewals or product recalls.
- Legal requirements and where a minimum timescale is set (E.G. Her Majesty's Revenue and Customs (HMRC))
We will keep your data for the term you have specifically consented to, the contracted term between us or where there is a legitimate interest for us to remain in contact with you in for up to 24 months in case of any queries that you may have or for legally required reasons (E.G. HMRC), whichever is the longest period. All in accordance with our Data Retention Policy.
Your Data Protection & Privacy Rights
There are various rights that you have as a UK natural living person (individual) under the GDPR. Below are the abbreviated ICO definitions and include:
- The right to be informed - Individuals have the right to be informed about the collection and use of their personal data
- The right of access - Individuals have the right to access their personal data and supplementary information
- The right to rectification - Individuals have the right to have inaccurate personal data rectified, or completed if it is incomplete
- The right to erasure - The right for individuals to have personal data erased. This is also known as ‘the right to be forgotten.
- Please note this right is not absolute and only applies in certain circumstances
- The right to restrict processing - The right to request the restriction or suppression of their personal data. Please note this is not an absolute right and only applies in certain circumstances
- The right to data portability - The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services
- The right to object - Individuals have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling), direct marketing (including profiling) and processing for purposes of scientific/historical research and statistics
You can exercise your rights by contacting us using the details set out in the “Contact us” section below.
You have a right to see what information that we hold about you and you can get in contact with our Data Protection Officer using the following details:
Two Plus Two Multimedia Ltd,
Sunrise Villa, Seer Green,
Tel: 01494 730000
Under the GDPR you have the right to request a copy of the personal information that we hold about you and to have any inaccuracies corrected or information deleted. You will need to prove your identity with 2 pieces of approved identification which can be a: passport, driving licence, birth certificate, utility bill (from last 3 months), current vehicle registration document, bank statement (from last 3 months) or a rent book (from last 3 months). We will verify your identity, noting how and when we verified it, then we will immediately delete that data.
If you can advise of the specific information that you require, we can process your request more quickly. We will respond to your request within one month of you providing information that confirms your identity.
We will then give you a copy of your data, why we have it, who it could be disclosed to and it will be in a format that you can access easily. You have the right to clarify and correct the information as necessary. It can be deleted providing that it is not required for legal or public interest reasons.
To Make a Data Subject Access Request
To make a Data Subject Access Request please following this link - https://www.twoplustwomarketing.co.uk/data-subject-access-request/
To make a Data Removal Request
To make a Data Removal Request please follow this link - https://www.twoplustwomarketing.co.uk/gdpr-data-removal-request/
Data Protection Officer Contact Details
If you have any questions about this Privacy Notice or any other data protection queries, our Protection Officer can be contacted at: firstname.lastname@example.org
We are registered in the UK and our registered address is Sunrise Villa, Seer Green, Beaconsfield, Buckinghamshire, HP9 2UH
By post at our office address: Two Plus Two Multimedia Ltd, Sunrise Villa, Seer Green, Beaconsfield, Buckinghamshire, HP9 2UH
Or by e-mail: email@example.com
If we have not been able to help you, you can escalate to the ICO. The full ICO rights under GDPR can be seen at the Internet link below or calling them on 0303 123 1113: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights