As many of you will be aware, the General Data Protection Regulation (GDPR) came into force on 25 May 2018. As we hold personal data about our clients (i.e. names, addresses, phone numbers) we are considered to be a data controller and a data processor under the regulations. We are therefore required to comply with the principles of the GDPR and ensure that your data is held securely, is not processed in a manner that is incompatible with the reason for which it was collected, is kept up to date, etc.
We can therefore confirm that:
- All our clients’ personal data are securely held in a locked cabinet that is under our sole control
- Our mobile phones are secured by a pass code to prevent unauthorised access to clients’ phone details
- We will never pass client details to a third party without their express permission to do so
- We do not send out mailshots or unsolicited emails
- We destroy client records once they are no longer required (eg. the client has moved away and will no longer require our services, or we have not had any contact with a client for a period of 24 months or more): this will include shredding any paper records we hold and deleting contact details from our phones.
If any of our clients wish to clarify any of the above points or discuss this further with us, please do get in touch.
Thank you.