UK GDPR POLICY of Empowering your Staff, Registered Office 268B Chase Road, Southgate, N14 6HF. Phone: 07914 170411, email address: hazel@lempoweringyourstaff.com
A. Type of Data held
- The data held by Empowering Your Career is for clients and the only data collected is the clients’ full name, address, email address and any contact phone numbers. Independent employee details may also be provided and kept in relation for training purposes.
- The above data is held for use of communication regarding training sessions and invoicing.
B. How Data is stored
- Data is stored securely both on a business laptop which has a secure password, only known by Hazel Theocharous, owner of Empowering your Staff and on phone owned by Hazel Theocharous, which has a password only known by Hazel.
- If any work is carried out for a client, it is held in a client folder with client initials within the Empowering your Staff main folder. Both folders are password protected.
- A paper based diary is kept and all training sessions are diarised in the diary with client’s initials and address but no phone number or email address. This diary is locked when not in use.
- In line with setting up a new GDPR policy, new systems have been put in place so that each new client will need to sign an agreement form to accept training session, amount and that I can hold data securely during the time of a contract and then archived for 6 years. These contracts will be stored within client folders online in the main Empowering Your Staff folder.
- Data will only be held as current if I am working with a client, otherwise any contract data will be archived for a period of 6 years.
- Any information held on a CRM for clients will also be deleted if no longer a current client except for a name so that a reminder is set to delete archived content after 6 years.
C. Who has access to client data
- Data is controlled and processed by Hazel Theocharous, the owner of Empowering your Staff.
- Third party software programs used are:
Outlook
OneDrive
Paypal
Eventbrite
Third parties have been checked to ensure they are GDPR compliant by Hazel Theocharous.
D. How data is processed
- When a client contacts Empowering your Staff by phone, a phone number and email address plus requirements are recorded in a notebook and an email is sent as a follow up with information on fees and if a training session has been agreed, this is sent as an appointment through Outlook. At this point with the new GDPR policy in place, a pdf of the GDPR policy will be forwarded to the new client. The information recorded in the notebook is shredded as no longer required.
- Should a client contact Empowering your Staff by email, Empowering your Staff will respond by email providing the same information as advised in 1 above.
- If a client should contact Empowering your Staff via social media, Empowering your Staff will follow the same procedure as in 1 and 2 above.
- Should any work be carried out for a client, any work which may be undertaken is saved as either a Word, Excel, PowerPoint, Publisher, PDF file and is stored in a file as per point B2 above and emailed to the client.
E. Marketing
- The current marketing/database lists held in Mailchimp have been deleted. Any new subscribers will need to double opt-in to a new list via the Empowering your Staff website or Facebook page.
F. Subject Access Request
- Client can request access to data held by Empowering your Staff, which will be provided within the designate one month period either by email or post.