1.1 The company (The Ideas Centre Ltd, or “the Ideas Centre”) is committed to the protection of personal data in accordance with the General Data Protection Regulations (GDPR).
1.2 This Policy will address:
* Holding personal data
* Communicating privacy information
* Individual rights
* Subject access rights
2. Data Protection Officer
2.1 The CEO of The Ideas Centre Ltd will take on the responsibilities of the Data Protection Officer, ensuring:
* that all employees are aware of the requirements of GDPR
* compliance with GDPR
* that there is a single prime point of contact for issues relating to GDPR
3. Holding personal data
3.1 Personal data held on CRM
The company uses a CRM system as the primary storage system for contact with external organisations/individuals. Data held will be limited to:
Name of individual
Name of employer
Position within the company
Direct dial telephone number
Mobile phone number
3.2 Employees holding personal data on local devices
Employees of the Ideas Centre will use Microsoft Outlook to manage external email communications and may retain emails to/from clients within that system (potentially duplicating data held on the CRM).
Employees may also hold limited data in excel spreadsheets which will be stored in the central Dopbox system (held under the account firstname.lastname@example.org).
It is noted that individuals have the right to be deleted from all company systems.
4. Management of E-mail
4.1 E-mails with all clients/potential clients will be undertaken on an “opt-in” basis – where opt-in grants permission for Ideas Centre employees to communicate with information via a very simple, brief, no more than weekly, email with links to:
* top tips and tricks to promote creativity & innovation
* regular (targeting weekly) updates on case studies, with real life examples of issues and creative solutions
4.2 A new external contact may indicate their consent to communicate on a particular issue directly via email e.g. via
* an incoming email
* signing up online with a data capture form
* social media
* a written document
* provision of a business card)
Such contact details may then be held in one or both of the systems in (3) above. However, the CRM record will default to “opt-out” unless explicit consent is given, opting into the regular email system described above.
For the avoidance of any doubt, under no circumstances will any employee of the Ideas Centre communicate via unsolicited emails.