In the simplest terms, GDPR (General Data Protection Regulation) is a new privacy law introduced in the UK on 25th May 2018. It protects users from unauthorised data collection by requiring explicit consent. If data is being collected and stored, the individual providing the information needs to be aware of it and give permission before any action is taken. Along with providing permission to collect data, the GDPR also requires that users can request access to their data and have it removed if requested.
GDPR, the basics
We hold your Personal Data under secure conditions using the following software which is GDPR compliant.
• Sage CRM Database
• Sage Accounts
We are using the grounds of Legitimate Interest to maintain contact with our existing pre-May 25th, 2018 CRM database. All new clients will be asked to positively opt-in after this date.
As required, we will inform contacts of a data breach within a 72-hour window of becoming aware of the occurrence of a data breach.
Right to Access
Active Tools will provide confirmation as to whether personal data concerning you is being processed by us, where the data is being stored and for what purpose. Furthermore, we will provide a copy of the personal data, usually free of charge, in writing.
Right to be Forgotten
The right to be forgotten entitles you to obtain from the controller the erasure of any personal data without undue delay and to stop any further distribution of the data.
GDPR introduces data portability; the right for a data subject to receive the personal data concerning them, which has previously been provided in a ‘commonly used and machine-readable format’, and to have the right to transmit that data to another company or organisation. It’s about ‘transferring’ data between suppliers. e.g. allowing a customer to switch bank or insurance provider easily, without having to set everything up from scratch. Although we are not involved in this type of information sharing, we will only pass your information on for delivery purposes.
Marketing Platforms & Activities
Our marketing platforms and activities are compliant with GDPR going forward.
At Active Tools, we use iContact for almost all our client email marketing communications.
Our iContact signup forms are incorporated into our website; they collect the email address, IP address and timestamp. They are set to require ‘double opt in’ – which emails the user to confirm they would indeed like to join the mailing list. When data is collected via an iContact sign up form, the relevant permission data is then stored within our iContact list and is compliant with the new record keeping regulations. At the point of information collection, we will make it clear to users how and where we will be storing your information and how we will be using it.
The option to unsubscribe is also present inside each email communication sent via the iContact platform and is managed accordingly directly in our iContact list.
• If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to us or emailing us at firstname.lastname@example.org
• If you would like a copy of the information held on you please write to Data Protection Officer, Active Tools, Capital House, Westbourne Street, High Wycombe, Bucks HP11 2PZ or contact us by phone on +44 1494 512487.