Data handling policy
DATA HANDLING POLICY
Print Data Solutions Limited (“We”) take data handling very seriously and are committed to ensuring that personal data is protected.
This notice explains the minimum processes we take when handling personal data on behalf of a customer. This policy sets out the principles governing the usage, retention, and disposal in line with the General Data Protection Regulation (EU) 2016/679 (GDPR) and Data Protection Act.
We are the data processors and will only process personal data in line with the data controller’s instructions. We will never use / sell data in any way other than set out in the data processing agreement. We ask the customer, the data controller, that the following parameters are defined for each data processing project carried out.
- Processing Objective – Scope of the work we are to undertake with the data provided.
- Security – Data Security measures required over and above our standard processing policies.
- Data Retention – Defined process and deletion dates.
If the above parameters are not specifically defined by the data controller, we will adopt the following as a minimum.
Personal data must be submitted in the format requested for processing via a secure manner. Files should be encrypted with a password and sent to the email address firstname.lastname@example.org Passwords should not be included with the file and should be sent separately. Data should not be sent to any other PDS email addresses. Any data sent elsewhere will be deleted immediately.
Any data received will be stored on secure servers. Access to this data will be restricted via password protection, only given to those required to process the data. Duplications will not be made unless essential to the processing of the data.
We only share the data provided as necessary for any third party to provide the services as requested or as needed on our behalf. These third parties (and any subcontractors) are subject to strict data processing terms and conditions in line with the parameters defined by that data controller.
RETENTION & DISPOSAL
Unless defined, the data provided will be held securely for 3 months. After this period, the data will be deleted.
A data breach procedure has been put in place and issued to all senior management. In line with GDPR a data breach will be notified to the data controller without delay, who is responsible to report the breach to the ICO.
UPDATING THESE POLICIES
Questions, comments, and requests regarding this policy are welcomed and should be emailed to email@example.com or addressed to Kate Shelton, Operations Director, Print Data Solutions, 12 Regent Park, Booth Drive, Park Farm Industrial Estate, Wellingborough, Northants NN8 6GR.
This policy was last updated on 14/07/2023