Data Protection Policy
We at Impress Ipswich take your personal information very seriously and as such adhere to all the new guidelines of the revised Data Protection Act 2017. We will detail below what information will be kept on record and who it will be shared with.
We only gather information from what data has been given to us from yourselves or from a referral.
What Information is Kept on Our System:
- First Name
- Last Name
- Business Name, or current employer
- Email Address (Business or Personal – depending on what is supplied to us)
- Phone Number (Business, Personal or Mobile – depending on what is supplied to us)
- Business Address, in some cases home address if needed to fulfil a delivery obligation.
No sensitive data will be kept on our system, even if supplied to us, and would never be asked for or required (see link to sensitive data definition – https://www.legislation.gov.uk/ukpga/1998/29/section/2).
What data is shared
- First and Last Name
- Delivery Address (can be either Business or Home address, depending on where you would like your goods delivered)
- In some cases, Business Telephone Number – for safe delivery)
This data is only shared to our suppliers in an event of an order and is required to be shared in order to safely deliver your order. Our Suppliers also have strict data protection policies and only share your information if and when required to complete your order. We ensure that your data is mapped so we know exact who we have shared your information with.
If you have expressed interest in receiving our occasional marketing emails or newsletters – your email address, company name, first and last name will be supplied to an online emailing service which is password protected and is only accessed by Impress Ipswich.
If you are not on our mailing list, then we will initially email you one time only, so you have the option to subscribe and input your mailing preferences, if you opt not to receive our marketing emails then you will not hear from us again through our marketing channels, but your data will be kept on our system for future orders.
Credit Card Information
Any Credit Card information supplied to us is directly inputted into an encrypted online virtual terminal to comply with our certificate of compliance for the Payment Card Industry Data Security Standard. We have one point of reference for all credit card payments and no information supplied is manually written down.
Where Data is Stored
Data supplied to us is held in different ways and platforms. Our Main system which holds all data supplied to us is password protected for each office member. Information is normally supplied through email which is backed up via a Cloud Based Service and is also encrypted against the unlikely event of a cyber attack (in this event you will be notified immediately). Each computer is password protected and personal to the user.
If data is supplied over the telephone – Our Policy is to input this directly into our main system, however some details are written down. In this case once the data has been uploaded or has no more use, this will then be destroyed.
We are legally obliged to retain information relating to orders and invoices for 7 years. Some of this information is in paper format in files and kept in secure filing cabinets.
As a general procedure to make sure that our data is as up to date and correct, so we do not hold any invalid or incorrect data, we may contact your place of work for an update – Where necessary this would only happen once a year.
If you would like to review what information of yours is held by us – please contact James Leach who is our Data Protection Officer and responsible for the safekeeping of your data. If you would like this data to be omitted from our systems then we will need a request in writing and we remove any and all information from our system.
In the unlikely event of a data breach or our systems are hacked you will be notified and given further information about if your data was at risk and what data was at risk. Also, to comply with regulations, we will inform the Information Commissioners Office within 72 hours of a data breach. At Impress Ipswich, we have anti-virus software on all our computers along with firewalls to prevent a data breach.