Communicate with Confidence needs to gather and use certain information about individuals.
These can include customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact.
This policy describes how this personal data must be collected, handled and stored to meet the company’s GDPR data protection standards and comply with the law.
Why this policy exists
This GDPR data protection policy ensures that Communicate with Confidence:
- complies with data protection law and follows good practice.
- protects the rights of staff, customers, and partners.
- is open about how it stores and processes individuals’ data.
- protects itself from the risks of a data breach.
The GDPR describes how organisations, including Communicate with Confidence collects, handles and stores personal information.
These rules apply regardless of whether data is stored electronically, on paper or on other materials.
To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.
The GDPR is underpinned by eight important principles. These say that personal data must:
- be processed lawfully, fairly and in a transparent manner in relation to individuals
- be collected for specified, explicit and legitimate purposes
- be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
- be accurate and, where necessary, kept up to date
- not be held for any longer than necessary
- be processed in accordance with the rights of data subjects
- be protected against unauthorised or unlawful access, including accidental loss, destruction or damage, using appropriate measures
- not be transferred outside the European Economic Area (EEA), unless that country or territory also ensures an adequate level of protection
People, risks and responsibilities
This policy applies to Communicate with Confidence
- All contractors, suppliers and other people working on behalf of Communicate with Confidence.
- It applies to all data that the company holds relating to identifiable individuals, even if that information technically falls outside the General Data Protection Regulation. This can include:
- Names of individuals
- Postal addresses
- Email addresses
- Telephone numbers (mobile and landline)
- Plus any other information relating to individuals
Data protection risks
This policy helps to protect Communicate with Confidence from data security risks, including:
- Breaches of confidentiality. For instance, information being given out inappropriately.
- Failing to offer choice. For instance, all individuals should be free to choose how the company uses data relating to them.
- Reputational damage. For instance, the company could suffer if hackers successfully gained access to personal data.
- Everyone who works for Communicate with Confidence has responsibility for ensuring data is collected, stored and handled appropriately.
Purpose and Lawful basis for processing personal data
The purpose of Communicate with Confidence is to provide coaching and training on public speaking and presentation skills. The services include sending out a summary of each coaching session by email to individual clients.
The maximum contact details we hold in our database of clients, prospects, suppliers and partners are their email address, their physical address, their telephone number (mobile and landline) and their Skype name.
We also hold a marketing database to contact prospects with the intent of turning them into future clients.
We sometimes work with young people, aged 16 – 18, and as with adults, the maximum contact details we hold is their email address, physical address, telephone number (mobile and landline) as well as their skype name.
Our lawful basis for processing personal data are consent, contract and legitimate interest.
People only get added to our marketing database
- when we have met them in person, they have given us their business card and expressed an interest in our services
- when they have contacted us via Facebook Messenger or Linked In or our website, www.communicatewithconfidence.co.uk
How a contact came to be on our database will be clear from the “Source” section in the database.
They may also be asked for specific consent to go on our mailing list and if we may contact them by email or by telephone.
Any contact can unsubscribe from email communications by clicking the unsubscribe button which is present in every email. This automatically takes them off the mailing list, but they will remain in our database.
Any contact can ask to be removed from our database by sending an email to firstname.lastname@example.org with that request.
When prospects become clients, they sign a contract which clearly states that all the information they give us is 100% confidential and complies with GDPR.
All the information we hold is given freely via the pre-coaching questionnaire and during coaching sessions, and after each coaching session is sent to the client in the form of a summary of each session. They will have access to their information at any given time. They can request access simply and free of charge by sending an email to email@example.com.
Data Storage and Security
These rules describe how and where data should be safely stored.
- When data is stored on paper, it is kept in locked drawers or cabinets where unauthorised people cannot access it.
- Client data will be stored until a request for removal has been received because clients can come back many years after their last session and re-start the coaching process.
- Prospect data will be stored until a request for removal has been received, or we find out that the data is no longer up to date.
- We will take every opportunity to ensure the data is updated. For instance, by confirming a customer’s details when they call.
- Data will be updated as inaccuracies are discovered. For instance, if a customer can no longer be reached on their stored telephone number or email address, it will be removed from the database. Equally, when we get notified that someone has left the company, their details will be deleted from our database.
- Paper and printouts will not be left where unauthorised people could see them, like on a printer.
- When data is stored electronically it will be held in as few places as necessary. We will not create unnecessary additional data sets.
- All cloud-based data is password protected to the highest level. Passwords are not written down anywhere and are changed regularly.
- All devices are password protected, to avoid data being accessible in case of theft of devices. This includes mobile phones, tablets and laptops.