|Welcome - you're a guest||LOGIN|
Version 2.0 - August 2018
I use my company, Lets Delight Ltd, to manage data protection compliance and implementation.
Lets Delight Ltd. is registered in accordance with the Data Protection Act 1998.
To protect the privacy of individuals whose personal and confidential data is held whilst ensuring that I have the necessary data to maintain contact with those that I work with or have other connections with.
All Directors and employers of Lets Delight Ltd are aware of this policy and adhere to all data protection procedures relevant to obtaining, using, storing, disclosing and disposal in accordance with the Regulations and reporting and recording any losses of information or breaches of security.
What this Policy Covers
Both myself and Lets Delight are committed to doing the right thing when it comes to collection, use and protection of personal data.
Personal Data held and usage
Myself and Lets Delight Ltd collect some personal data which allows individuals to register, in the form of a name and email address. This is then stored on our CRM system. This is for us to maintain contact and to keep them informed with relevant information.
Lets Delight Ltd also keeps contact details of associates in the property industry and other business owners that we connect with at networking events. This information is obtained either by self subscription on the website or by them handing us business cards or other contact information which are then given to our Personal Assistant to put in our CRM system.
We make first contact with a 'Nice to meet you' email. On this email is a link for consent to contact them and for them to see what information is held about them. This gives them the opportunity to ratify their personal data or unsubscribe from any further contact. To maintain a good relationship, on occasion I may send them information that I beleive to be relevant, which they are welcome to unsubscribe from at any time they wish.
We will never sell details on or make it available to third party suppliers.
Information security, storage & disposal
All personal information is stored securely in one place; on my CRM system. The security of which is commensurate with the nature of the data that is held. Our CRM system is secured by double password protection, backed by random token authentication and is held in the United Kingdom, which means our hosting provider has to adhere to the same data protection laws as myself and Lets Delight Ltd.
We access the personal data with the following hardware:
Emails are password protected and only the individual user has access to their own email account.
We are mainly paperless but any paperwork with personal data on; such as tenancy agreements and business cards, are stored in a locked filing cabinet in the locked Lets Delight Ltd office. They are then scanned and electronically attached to our CRM system. Once this information is checked to be successfully attached, we dispose of it by shredding on the premises. The shreddings are placed in compost bins where they are patrolled by Felix the security cockerel.
Transparency and choice
People have different privacy concerns. My goal is to be clear about what information is collected, so that they can make meaningful choices about how it is used. I aim to provide them with the access to their own personal information that is held. This gives them the opportunity to rectify any data that is incorrect and they can choose what they would like us to hold on them. I strive to give them ways to update it quickly or to put in a delete request - unless it is necessary to keep that information for legitimate business or legal purposes.
Breach Management Strategy
If we are unfortunate to experience a breach of personal information, a full investigation will start as soon as it is discovered and put measures in place to sever that source immediately. We will establish what information was breached, so we can inform the people and organisations involved, so they can take steps to protect themselves. If identified as a serious breach, the Information Commissioner's Office will be notified, including a description of how and when the breach occurred and what data was involved. Finally we will review why this happened and put in place steps of improvement to make sure this is not repeated.
This Data Protection Policy replaces all previous versions.
When solving problems, dig at the roots instead of just hacking at the leaves