GDPR Policy

What is the GDPR

The General Data Protection Regulation (EU) (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and of human rights law, in particular Article 8(1) of the Charter of Fundamental Rights of the European Union. It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR’s primary aim is to enhance individuals’ control and rights over their personal data and to simplify the regulatory environment for international business.[1] Superseding the Data Protection Directive 95/46/EC, the regulation contains provisions and requirements related to the processing of personal data of individuals (formally called data subjects in the GDPR) who are located in the EEA, and applies to any enterprise—regardless of its location and the data subjects’ citizenship or residence—that is processing the personal information of individuals inside the EEA. The GDPR was adopted on 14 April 2016 and became enforceable beginning 25 May 2018. As the GDPR is a regulation, not a directive, it is directly binding and applicable

Definition taken from Wikipedia

About Hi Wildflower

Hi Wildflower is a small local publishing business delivering cost effective print, and media solutions to a growing range of businesses and organisations.

Policies and Procedures

Awareness

Under the legislation that came into place on May 25, 2018, Hi Wildflower have made all their staff aware of the change, the date the change takes place and the implications of not complying with the law over the GDPR. This document should cover the steps that have been taken and the policies and procedures that have been put in place.

Information we hold

Hi Wildflower are in contract with their suppliers who provide them with the products to enable them to adhere to the sales contract made with their customers.

Hi Wildflower do not share their suppliers or customers details with anyone else, without prior consent from the senior manager of that company. The data we hold on record is company name, address, telephone number, email address, contact name and title.

All contacts which have been sourced from either direct contact with the company listed, business cards handed to a member of staff of Hi Wildflower at a meeting or business event, local telephone directories or other sources of media advertising and in the general domain of the world wide web (internet). This database contains the company, contact, address, telephone number and email address. We do not hold any other data on the company.

All our databases are regularly updated after each mailing has been completed and all returns, unsubscribed or blocked requests are actioned with 72 hours of being received.

Communication and privacy information

The data that is held under the Hi Wildflower umbrella for use by Hi Wildflower Magazines is for the sole purpose of either requesting information of news and events, job vacancies etc for the two magazines, and then also to send out details of the final publication of the magazine. It is also used to also invite companies to advertise within the for mentioned publications.

All our data has been compiled from data that is available in the public domain ie telephone directories, world wide web (internet), business cards, out of office replies etc.

Do you share or sell my data?

We will not put any information about you on general release nor will we sell such information.

We may share personal information with business partners including:, couriers and magazine distributors, IT service providers who assist with internal IT issues. Marketing analytics companies that give us insight into our products and how to be more effective. Payment providers that process information on our behalf. Lawyers representing us in the event of a legal claim Regulators and law enforcement agencies (if there is a legal reason to share data with them). Search engine operators that help us understand how to improve our visibility online.

Should you wish to contact us regards your privacy:

The Data Protection Officer is: Barbara Santini. [email protected]

Individual Rights

To ensure that the recipient has the choice to stay on the mailing list, or opt out of the mailing list, for any of our publications, we make sure that there is an ‘unsubscribe’ phrase on the base of all emails that are sent out.

  • If you wish to unsubscribe from these emails, please mark ‘Unsubscribe’ in the subject line and return the email. Under the latest GDPR rules, your data will be removed from the mailing list.
    Once we have received you email requesting that you are removed from our mailing list for the magazines we will mark your email on our mailing list with ‘Unsubscribe’ , but will keep you on the list to ensure that if we receive a business card or some other form of communication, that we do not add this address again without prior contact with that person.

Subject Access Requests

If you request access to your data, we would action this within 48 hours of receiving the request, unless there are circumstances where the DPO (Data Protection Officer) is unavailable ie holidays, sickness etc, in which case the person monitoring the emails would inform the person or company accordingly, that the request would be actioned as soon as they return.

Lawful basis for processing personal data

In order to promote our magazines, we email information out to our mailing lists. All the data has been acquired over a number of years from business connections, networking events, worldwide web (internet), out of office information and the public domain.

We have not knowingly gathered information unlawfully.

Consent

As stated above in Lawful Basis, all our data has been acquired from business connections, networking events, world wide web (internet), out of office replies or the public domain. If company details are listed on the worldwide web (internet), then they are listed to enable other potential clients/customers to contact them.

Any changes will be actioned within 48 hours of the request being received, unless the DPO is not available as listed above.

Children

Hi Wildflower does not hold any data for children under the age of 18.

Any information in any of our magazines that is published that contains information or images of children has been sent direct to us and prior consent has been granted from the person, company or school concerned.

Data breach

Hi Wildflower have taken great care to ensure that we do not breach any aspect of data protection.

If we receive a notification of a breach of data (ie that the company or person did not request to be on our mailing list), we would request that the DPO (Data Protection Officer) contact them as soon as possible, give the company an explanation as to how we received their data, and the procedures in place to ensure that it is unsubscribed from our mailing list.

We would follow the procedures as listed in the previous section of the booklet.
Data protection by design and data protection impact assessment
The data that is held in our mailing lists is the property of Hi Wildflowerd, and is not high risk.

The data contains the following information, company, contact, company address, email and telephone number.

We use the data we hold to mail out to potential advertisers of our magazines to promote the magazines.

Data Protection Officer

Hi Wildflower has requested that the above position be allocated to the Company Director, who will be responsible for managing the data that we use.

All data is stored on a secure cloud based system

Hi Wildflower has two full time employees, and three part time employees. All staff are aware of the policies and procedures in place, and are informed of any updates.

 

International

Hi Wildflower does not operate outside of the United Kingdom.

IT Security

As part of our policy and procedures, Hi Wildflower has taken the following steps to ensure that the data we hold is secure.

Assessing the threats and risks to business

As listed above, in order to promote our magazines, we hold a very small amount of business data. None of the data we hold has any financial implications to the Company listed on the mailing list.

This data is not sensitive or confidential

Cyber essentials

To ensure the minimum possible breach of security we utalise a third party IT provider to provide full security back up to our systems.

System configuration/firewalls and gateways

All the computer systems that we use have business anti-virus software installed which is controlled by an external IT company who monitors the risk of virus’s and trojan attacks, and update the software on a regular basis.

 

Access controls

On the system that uses the mailing lists, we have restricted access to this system to one person. The system requires a password to access the system, which is changed on a regular basis. Our broadband system is password controlled by the IT company and is a 15 multi character password.

Should a member of staff resign from Hi Wildflower or be absent for a long period of time, all access rights and password would be cancelled

Malware protection

On the system that uses the mailing list, it has business anti-virus software installed which is monitored by an external IT Company.

Malware protection is installed separately to the anti-virus software and is monitored on a regular basis for updates which are done automatically.

Patch management and system software updates

The system that uses the mailing lists, is a pc running a Windows 10 system which all software updates on automatic.

Securing data on the move and in the office

We have taken all steps possible to ensure that the data we store is secure. Hi Wildflower have agreed that the data will only be stored in the cloud for general use and not on the system using the data. No portable hard drive or usb device will be used to transport the data away from the place of work.

As the broadband system used in the office environment is password encrypted, we do not allow any external untrusted device to connect to the network. In the case of a colleague bringing in a computer to use on our network, they must have anti-virus software installed to ensure that we lessen the risk of a potential threat or trojan attack.

Securing your data in the cloud

All the data we hold is stored on a secure cloud based crm system.

The cloud based system we use is a well know national company which has a base in the United Kingdom.

Backup your Data

Hi Wildflower take every care to ensure that the data we hold is backed up after every use and restored in the cloud. All antivirus software and malware software is running on a weekly basis to ensure the safety of the data.

An external backup of the data will be done on a monthly basis by using the cloud and not transferred data ‘on the move’.

Staff training

All members of staff at Hi Wildflower have had training from our IT company on the potential risks of a cyber attack on their systems.

All staff regularly do ‘housekeeping’ on the systems by emptying the mail bins on the email providers and cleaning up their computers.

We are regularly informed of any potential risk or threat by our IT company and what steps to take should the threat happen.

Checking for problems

As part of the ‘housekeeping’ Hi Wildflower regularly check to ensure that all the software installed on the systems is up-to-date and running correctly. Any potential risk or threat that is shown on either the anti-virus or malware software is actioned immediately and either quarantined or destroyed thought the various software. The software is then run again to ensure that the risk or threat has been removed.

Know what your are doing

Hi Wildflower regularly check the data that we hold to ensure that it is safe and virus free. All security software installed on the pc which uses the data is bought from a reputable certified supplier and is legitimate.

Software is continuously checked to ensure that it is upto date.

Minimise your data

The data we store is used regularly throughout the year.