1.1 The company (The Ideas Centre Ltd, or “the Ideas Centre”) is committed to the protection of personal data in accordance with the General Data Protection Regulations (GDPR).
1.2 This Policy will address:
* Holding personal data
* Communicating privacy information
* Individual rights
* Subject access rights
2. Data Protection Officer
2.1 The CEO of The Ideas Centre Ltd will take on the responsibilities of the Data Protection Officer, ensuring:
* that all employees are aware of the requirements of GDPR
* compliance with GDPR
* that there is a single prime point of contact for issues relating to GDPR
3. Holding personal data
3.1 Personal data held on CRM
The company uses a CRM system as the primary storage system for contact with external organisations/individuals. Data held will be limited to:
Name of individual
Name of employer
Position within the company
Direct dial telephone number
Mobile phone number
3.2 Employees holding personal data on local devices
Employees of the Ideas Centre will use Microsoft Outlook to manage external email communications and may retain emails to/from clients within that system (potentially duplicating data held on the CRM).
Employees may also hold limited data in excel spreadsheets which will be stored in the central Dopbox system (held under the account firstname.lastname@example.org).
It is noted that individuals have the right to be deleted from all company systems.
4. Management of E-mail
4.1 E-mails with all clients/potential clients will be undertaken on an “opt-in” basis – where opt-in grants permission for Ideas Centre employees to communicate with information via a very simple, brief, no more than weekly, email.
4.2 A new external contact may indicate their consent to communicate on a particular issue directly via email e.g. via
* an incoming email
* signing up online with a data capture form
* social media
* a written document
* provision of a business card
Such contact details may then be held in one or both of the systems in (3) above. However, the CRM record will default to “opt-out” unless explicit consent is given, opting into the regular email system described above.
For the avoidance of any doubt, under no circumstances will any employee of the Ideas Centre communicate via unsolicited emails.
4.3 Legitimate interests
Under the new data protection law we have a number of lawful reasons that we can use (or ‘process’) your personal information. One of the lawful reasons is called ‘legitimate interests’.
Broadly speaking Legitimate Interests means that we can process your personal information if we have a genuine and legitimate reason and we are not harming any of your rights and interests. Any data we have will be used in a legitimate and ethical way, and we will adhere to all European Laws in regards to the right for removal if requested.
Some typical examples of when we might use the approach are for preventing fraud, direct marketing, maintaining the security of our system, data analytics, and determining the effectiveness of our offline direct mail campaigns.
If your email address is available in the public domain then we reserve the right to contact you under the lawful purpose of ‘the processing of personal data is for legitimate interests as pursued by the data controller’ or ‘the processing is of vital interests to the data subject’.
Your data will not be held on our system unless you give us permission but we may hold information about you so that we can respect your preferences for being contacted by us.
4.4 Your interests
When we process your personal information for our legitimate interests, we will consider and balance any potential impact on you and your rights under data protection and any other relevant law. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).