Goal of the data protection policy
The goal of this data protection policy is to depict the legal data protection aspects in one summarising document. It can also be used as the basis for statutory data protection inspections, e.g. by the customer within the scope of commissioned processing. This is not only to ensure compliance with the European General Data Protection Regulation (GDPR) but also to provide proof of compliance.
Procreation UK Limited provides video and event production services for companies around the world. Procreation does not provide any services for individuals and therefore the GDPR is of limited effect/influence. Procreation fully accepts that it has responsibility relating to the personal details that are held or used in relation to any client/supplier company. The following document outlines how this limited data is treated, monitored and updated.
Security policy and responsibilities in the company
The following statements clearly describe how data is used;
- Ongoing day to day communications with clients
- Ongoing day to day communications with suppliers
- Direct telesales to a very limited list of potential client companies.
- Ongoing day to day communications with employees
Procreation don’t do;
- Blanket email campaigns
- Blanket telesales campaigns
- Blanket mail campaigns
- Hold any personal information that is not employee company related, such; D.O.B, home address, personal telephone number, personal email, etc.
Determination of roles and responsibilities
- Matt Francis is the Controller
- Jo Francis is the Processor
Procreation will immediately remove an individual’s contact details, if requested. The removal will take place as soon as a replacement contact has been provided for the company so that business can continue.
Procreation have a CRM of potential company clients. Prior to any contact being made, the telephone number of the potential company will be checked against the Corporate Telephone Preference Service and the result will be captured against the company record. If the potential company has registered with CTPS then Procreation will not make contact.
Only two people within Procreation have access to personal data, via the company CRM. Any other personal details held on company behalf are for the operations of projects only. These details are never used for unsolicited sales.
Legal framework in the company
- Industry-specific legal or conduct regulations for handling personal data
- Requirements of internal and external parties
- Applicable laws, possibly with special local regulations
- Conducted internal and external inspections
- Data protection need: determination of protection need with regard to confidentiality, integrity and availability
- Controller and processors informed in writing of duties and responsibilities • Updated database to manage personal details and consents
- GDPR policies received and checked from CRM supplier and external data gatherers.