DATA PROTECTION POLICY

Goal of the data protection policy
The goal of this data protection policy is to depict the legal data protection aspects in one summarising document. It can also be used as the basis for statutory data protection inspections, e.g. by the customer within the scope of commissioned processing. This is not only to ensure compliance with the European General Data Protection Regulation (GDPR) but also to provide proof of compliance.

Introduction
NeosCreative Limited designs and project manages exhibition stands for companies around the world. NeosCreative does not provide any services for individuals and therefore the GDPR is of limited effect/influence.
NeosCreative fully accepts that it has responsibility relating to the personal details that are held or used in relation to any client/supplier company. The following document outlines how this limited data is treated, monitored and updated.

Security policy and responsibilities in the company
• The following statements clearly describe how data is used;
o Ongoing day to day communications with clients
o Ongoing day to day communications with suppliers
o Direct telesales to a very limited list of potential client companies. (The list only comprises of companies who require our unique services within the regular international exhibition industry)
o Ongoing day to day communications with employees
• NeosCreative do not ever;
o Blanket email campaigns
o Blanket telesales campaigns
o Blanket mail campaigns
o Hold any personal information that is not employee company related, such; D.O.B, home address, personal telephone number, personal email, etc.
• Determination of roles and responsibilities
o Ian Chinnock is the Controller
o Emma Everett is the Processor
• NeosCreative will immediately remove an individual’s contact details, if requested. The removal will take place as soon as a replacement contact has been provided for the company so that business can continue.
• NeosCreative have a CRM of potential company clients. Prior to any contact being made, the telephone number of the potential company will be checked against the Corporate Telephone Preference Service and the result will be captured against the company record. If the potential company has registered with CTPS then NeosCreative will not make contact.
• Only two people within NeosCreative have access to personal data, via the company CRM. Any other personal details held on company behalf are for the operations of projects only. These details are never used for unsolicited sales.

Legal framework in the company
• Industry-specific legal or conduct regulations for handling personal data
• Requirements of internal and external parties
• Applicable laws, possibly with special local regulations

Documentation
• Conducted internal and external inspections
• Data protection need: determination of protection need with regard to confidentiality, integrity and availability
• Controller and processors informed in writing of duties and responsibilities
• Updated database to manage personal details and consents
• GDPR policies received and checked from CRM supplier and external data gatherers.

Write a comment

Your email address will not be published. Required fields are marked *