This policy sets out how Clare Gallagher/Vivid Meaning collects, stores and processes personal data to comply with the EU General Data Protection Regulation (GDPR) 2018. It applies to all users of Clare Gallagher/Vivid Meaning’s site and services, including clients, suppliers and collaborators.
For the purpose of the EU General Data Protection Regulation 2018 (the GDPR), the data processor and controller is Clare Gallagher, 8 Waldron House, London SW2 1PA. I am more than happy to respond to any questions or requests relating to this policy or any of your personal data that I may hold at firstname.lastname@example.org
Who do I collect data from?
I hold data on the following parties for legitimate interests:
– Clients/potential clients
– Other creative businesses I collaborate with/may collaborate with in the future:
What type of data do I collect?
The personal data I collect may include your name, company name, postal address, email address, telephone number, UTI or VAT details, payment and delivery conditions, financial and bank account details, CV and employment history.
Website visitors are not obliged to provide personal data.
I will retain personal data for the duration of our business relationship only, or for the
length of time stipulated to comply with legal and tax obligations.
What do I use this data for?
A certain amount of personal data is collected to establish communication when:
– a potential client is interested in my services
– I approach a potential supplier with interest in their services
– contact is established with potential collaborators
The legal basis for collecting and processing personal data is be able to provide clients with the services they require, to take the necessary steps prior to providing the services and to comply with legal requirements.
How do I store and protect personal data?
I take all the necessary precautions to ensure your personal data is safeguarded.
Personal data are stored on my personal computer, mobile phone and email account. Data are also and backed up on an external hard drive in order to be recovered in the event of loss or damage. All equipment and other storage locations are password protected, updated as frequently as possible, and have anti-virus software installed and regularly updated to prevent theft or destruction of data.
How long do I retain personal data for?
Data needed to create client quotes are retained for up to 6 months. In the event of jobs going ahead and work being carried out, I am obliged to retain personal data for 5 years in compliance with tax obligations. This data will be deleted after 5 years.
Who do I share this data with?
If I share a file containing your data with a collaborator or supplier, I will either any personal data or ensure the collaborator or supplier signs a confidentiality agreement where appropriate. Collaborators and suppliers will be advised of the relevant legal obligations in relation to confidentiality and professional secrecy.
Other parties may require access to your personal data for administrative purposes, including my website and email hosting services. These parties are GDPR compliant.
What rights do you have relating to the personal data I store on you?
I take all precautionary steps to ensure the security, integrity and confidentiality of your
personal data in compliance with the EUROPEAN GENERAL DATA PROTECTION REGULATION
(EU) 2016/679, in relation to the processing of personal data and the free movement of
In accordance with the above-mentioned EU regulation, you have the right to be informed about the personal data I hold, how I store your personal data, as well as rights to access, modify, erase, or contest these data.
If someone asks to see the personal data I hold on them, what is the process?
Anyone I hold data on has the right to request to see this data at any time. I, Clare Gallagher, will provide you the data requested within one month of the request. There will no charge for data requests.
What is the process if there is a personal data breach?
In the unlikely event of a personal data breach, I will inform the affected parties immediately. Where it is likely to result in a risk to the rights and freedoms of individuals I will also notify the ICO of a breach within 72 hours of becoming aware of it,.