We believe that data compliance and data security are extremely important and that's why they're central to all we do.
Because of this we have taken steps to ensure that all our data is compliant with GDPR (General Data Protection Regulation), PECR (Privacy and Electronic Communications Regulation) and the DPA (Data Protection Act) as well as being within The DMA (Direct Marketing Association) and ICO (Information Commissioner's Office) guidelines.
To demonstrate our commitment to data security we have been accredited to the ISO 27001 Information Security Management Systems standard since 2008. Additionally, we're also accredited to HM Government's Cyber Security Essentials standard and to ISO 9001 Quality Management Systems.
In order to achieve these standards, we are independently audited on a regular basis to ensure our business processes are fully documented and that they are up-to-date and relevant, providing us with a solid foundation for compliance with both the DPA and GDPR.
Finally, as a best practice measure, in 2014 we implemented the higher standard security controls defined by the Centre for Internet Security (CIS).
We licence our data from several reputable 3rd party sources.
All the 3rd party data supplied to us must come with a guarantee that is fully opted-in and compliant with all the laws, regulations and guidelines relating to the use of third party data. When collecting an individual's data, our supplier must clearly show their Privacy Notice which outlines which data is being collected, how it will be processed and who it may be transferred to.
All the data we hold is stored securely in an encrypted format and is held for no longer than necessary. If an individual asks to be removed from our database directly or via one of our clients, we will action this in line with our suppression policy.
We will supress personal data from our database if:
We will also inform our suppliers of the request. This will then be actioned by them in line with their policies.
We receive a small number of queries, deletion requests and SARs each year. Upon receipt, our compliance team will acknowledge the request as soon as possible and will ask for more information if necessary.
GDPR requires that SARs are responded to within one calendar month in normal circumstances. We endeavour to respond as quickly as possible to all requests, although we will sometimes need to request additional information from our suppliers, before we're able to provide a complete response.
You are free to remove your details at any time and even if we do not hold an individual's details, we will add them to our suppression files (Remove My Details) to ensure that we don't make use of them in the future. If the request also involves any of our suppliers, we will inform them and request confirmation of the "stop" or deletion request to both ourselves and to the you directly.
Find out to how to submit a SAR.
The following are links to the Related Legislation, Directives, Guidelines and Codes of Practice:
|PECR, currently being revised to ePrivacy||https://ico.org.uk/for-organisations/guide-to-pecr/|
|The DMA Code||https://dma.org.uk/the-dma-code|