Privacy Notice (in line with the GDPR)
Bigday Designs Limited (hereafter known as ‘Bigday’ in this document) is very conscious of how it should deal with Personal Data that it holds on behalf of its Customers and Staff. The GDPR (General Data Protection Regulations) that come into force on 25th May 2018, detail the requirements that must be met by all organisations that hold Personal Data. Bigday takes its responsibilities very seriously and is pleased to inform you that it has created this Privacy Notice to show its adherence to the GDPR.
This Notice refers to Personal Data, which is defined as information concerning any living person (a natural person who hereafter will be called the Data Subject) that is not already in the public domain.
The GDPR seek to protect and enhance the rights of Data Subjects. These rights cover the safeguarding of Personal Data, protection against the unlawful processing of Personal Data and the unrestricted movement of Personal Data within the EU.
The Privacy Notice Details follow below:
Client (and Guests) Personal Data
Bigday acts as a Data Controller and uses the information collected from you to provide quotations, make telephone contact and to email you. It also acts as a Data Processor in order to produce the Goods that you have requested. When you make initial contact you are consenting to Bigday maintaining a dialogue with you to enable the eventual production of the Goods that you require for your event or your business. When working exclusively as a Data Processor, Bigday will be acting on your instruction and will do its utmost to ensure that you are fully covered in the GDPR area.
The Personal Data we collect to enable us to deliver your completed order usually contains the following:
Client: name, address, telephone number, email address.
Guests: names and addresses
Some of your Personal Data will be collected from you initially as mentioned above to allow a dialogue to be set up. When guest lists are created and sent to Bigday they contain personal information relating to your guests, which is required to create your goods. We will hold this data securely until your event or your client’s event is complete and you have no further requests of us which would require the use of this data. This data will then be removed from our system.
We will remove your own Personal Data from our system, when we have no further lawful requirement to use it. (Such as invoicing, debt collection and dispute reconciliation). For Inland Revenue purposes we have to maintain details of invoices for six years. This means that we will be holding your name and address for that time in a secure area. Any other personal details, such as data referring to guests at your event will be removed from our System once your event is finished.
Bigday will never use your Personal Data or any Personal Data supplied relating to your clients or guests for any other reason other than that agreed, which is for the production of goods to satisfy your order.
Legal basis for processing and retaining any Personal Data
To meet Bigday contractual obligations to clients.
To address any situations where legal action may be required.
Through agreeing to this Privacy Notice you are consenting to Bigday processing your Personal Data for the purposes outlined. You can withdraw consent at any time, however that will mean that you are releasing Bigday from its contractual obligations.
Bigday may on occasions pass your Personal Data to third parties exclusively to process work on its behalf, in line with your requirements. Bigday requires these parties to agree to process this information based on Bigday instructions and requirements. These third parties must only act in a manner consistent with this Privacy Notice (and GDPR) and agreed to this when they were contracted for the work.
Bigday Designs Limited may disclose your Personal Data to meet legal obligations, regulations or valid governmental requests.
Bigday will process Personal Data during the duration of any contract and will continue to store the Personal Data needed for six years after the contract has expired for the sole purpose of meeting legal obligations. After six years all Personal Data will be deleted. If there is no legal requirement to retain the Personal Data, it will be deleted once the Customer’s event is completed and the customer has no further requirements from Bigday which would necessitate the use of this Personal Data.
Data is held in The United Kingdom using different servers. Bigday does not store Personal Data outside the EEA. Where data is transferred to ‘cloud databases’, Bigday has made sure that it is transferred securely and is encrypted in its destination databases (by conversation and confirmation with the Data Processors of the destination databases).
Data Protection Officer
In line with the GDPR, Bigday has appointed a Data Protection Officer. The responsibilities of this position include:
Regular auditing of the actioning of all the rules of GDPR at Bigday and associated companies (Data Processors and Controllers)
Resolving any shortfalls from the above
Responding to SARs from clients and staff
Ensuring that Personal Data is protected at all times
Your rights as a Data Subject
At any point whilst Bigday is in possession of or is processing your personal data, all Data Subjects have the following rights:
Right of Access – you have the right to request a copy of the information that Bigday holds about you.
Right of Rectification – you have a right to correct data that Bigday holds about you that is inaccurate or incomplete.
Right to be Forgotten – in certain circumstances you can ask for the data Bigday holds about you to be erased from Bigday records.
Right of Use Knowledge – Bigday must confirm to you the reason why it is using the Personal Data and how it is processing that Personal Data.
Any request linked to Personal Data must be made in writing on a SAR (Subject Access Request). Personal Identification will be required. In the event that Bigday refuses your request, they will provide you with a reason as to why, which you have the right to legally challenge.
You can request the following information:
Contact details of the person or organisation (Bigday and others) that has determined how and why your data will be processed
Contact details of the Data Protection Officer, where applicable
The purpose of the processing as well as the legal basis for processing
The categories of Personal Data collected, stored and processed
How long the Personal Data will be stored
Details of your rights to correct, erase, restrict or object to such processing
Information about your right to withdraw consent at any time
How to lodge a complaint with the supervisory authority (Data Protection Regulator)
The source of Personal Data if it wasn’t collected directly from you
All SARs should be emailed to firstname.lastname@example.org or by phoning 01442 828100 in the first instance, or by writing to us at the address below:
The Data Protection Officer
Bigday Designs Limited
The Haystack Press
6a Northbridge Road
If you are not satisfied with Bigday’s response to any query you raise with them, or you believe that Bigday is processing your Personal Data in a way which you believe is inconsistent with the law, you can complain to the Information Commissioner’s Office at