DATA PRIVACY STATEMENT
General Data Protection Regulations (”GDPR”)
At LEA Printers LLP (“LEA”), we are committed to being transparent about how we collect and use the data of you as an individual to meet our data protection obligations. The new GDPR Policy comes into effect on 25 May 2018 (replacing the Data Protection Act 1998). This policy sets out our commitment to data protection, and individual rights and obligations in relation to data.
This policy applies to the personal data of individuals or other personal data processed for business purposes.
We have appointed Paul Gill, Director as LEA’S Data Controller (person with responsibility for data protection compliance within the business). He can be contacted at firstname.lastname@example.org. Questions about this policy, or requests for further information, should be directed to him.
“Personal data” is any information that relates to an Individual who can be identified from that information. Processing is any use that is made of this data, including collecting, storing, amending, disclosing or destroying it.
The Data we hold about you is likely to be as follows: –
Data protection principles
How do we protect data?
We take the security of your data seriously. We have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. We use a cloud-based system/online system to store your data, that requires 2 factor authentication. Physical documents containing your data are kept under lock and key in filing cabinets.
Data that is held electronically will be encrypted and password protected to minimise the risk of unauthorised access.
Strict security measures are applied for access to any personal data including:
Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate measures to ensure the security of data.
We will provide training to all individuals about their data protection responsibilities as part of the induction process ad at appropriate times thereafter.
As a data subject, you have a number of rights. You can:
If you would like to exercise any of these rights, please contact Jane Wright by emailing email@example.com
If you believe that we have not complied with your data protection rights, you can complain to the Information Commissioner. You have a right to lodge a complaint with the ICO (Information Commissioner’s Office) on 0303 123 113. This is a dedicated personal data breach helpline and is available Monday to Friday between 9.00 am and 5.00 pm. Alternatively you can write to:
The Information Commissioner’s Office,
Wycliffe House, Water Lane,
Cheshire SK9 5AF
To make a subject access request, you should send the request to firstname.lastname@example.org. In some cases, we may need to ask for proof of identification before the request can be processed. We will inform you if we need to verify your identity and the documents we require.
We will normally respond to a request within a period of one month from the date it is received. In some cases, such as where we process large amounts of your data, we may respond within three months of the date the request is received. We will write to you within one month of receiving the original request to tell you if this is the case.
You can contact us as follows: –
LEA Printers LLP 0800 888 6511
Alternatively, you can write to us:
LEA Printers LLP, 49 Leesons Hill, Orpington, Kent BR5 2LF