The General Data Protection Regulation (GDPR) came into force on 25th May 2018. Penrux's data controller gathers and holds personal data from clients and website users (i.e. names, addresses, phone numbers) in the role of data processor under GDPR.
I, Wendy Nutland am therefore required, as Data Controller, to comply with the principles of GDPR ensuring that your data is held securely, is processed in a manner that is compatible with the reason for which it was collected, is kept up to date, etc.
Your personal data security
Any data you pass onto us which is personal to you and can directly identify you, such as your name, email address, phone number, etc, will be dealt with securely. This includes the below points.
All data that we receive and store from our clients or visitors to our website is gathered so for the sole purpose of helping you with the specific inquiry you are making. Under no circumstances will we pass on this data to a third party.
I, therefore, confirm that:
Whenever we ask for the data from you, we will ask for consent by way of a signature. Details given to us via our website are through a positive opt-in checkbox.
When you are sending information through our web forms the data will be encrypted via our SSL certificate. (N.B. Images are not encrypted; we do not collect data by means of images).
Our email accounts also use SSL so any email we receive is also secure on our part. To ensure full security you should also make sure that you are sending from a secure device.
All of my client’s personal data is securely held in a lockable cabinet under my sole control.
My smartphone is secured by a passcode to prevent unauthorised access to the client’s phone details.
I will never pass client details to a third party without their express permission to do so.
My clients have the right to the details I hold on them, I will honour requests to view this information.
Your right to be forgotten
We have in place systems that allow us to quickly identify and remove any data held about you, either two years after the last service or should you wish to be forgotten by us. We comply with the EU specified time limit of one month.
If you would like to proceed with the removal of all personal data, we hold about you please contact us in writing or by email.
If you require any further clarification, please email firstname.lastname@example.org