Data & Fair Processing Policy

Page Bros is committed to upholding our responsibilities under General Data Protection Regulation (GDPR) EU 2016/679. GDPR requires that this Privacy Policy that is jargon-free, and in plain language.

1. What GDPR-applicable Data We Hold
Our employees collect and hold the following categories of personal data, in the following formats:

1.1. Customer Data: comprising names, roles, organisation, contact details. This information is held on our: Customer Relationship Management system, Business Management System, Financial Management System, Personal Information Management and Email System.

1.2. Supplier Data: We hold supplier data comprising names, roles, organisation, contact details. This information is held on our: Business Management System, Financial Management System, Personal Information Management and Email System.

Sub-contractors: In addition, we hold personal data for individual sub-contractor employees, to confirm they are safe and eligible to work on our sites.

1.3. Employee Data: comprising names, roles, contact details, personal details.

This information is held:
– In hard-copy format, held in secure filing and accessed only by the company HR Manager
– Payroll Management System
– Contact details are held in our Email and Contact System, Microsoft Office 365 Exchange system.

1.4. Office and Site Visitors: Visitor’s information is recorded for health and safety purposes. (I.e. ensuring safe evacuation.)

1.5. Back Up Data: held by our IT department.

2. Lawful Basis
There are six lawful bases that can be applied for processing your data: Consent; Contract; Legal Obligation; Vital Interests; Public Task; Legitimate Interests. The data we hold complies with this requirement:

2.1. Customer Data:
– Legitimate interest
– For quotation, tendering, and project purposes: Contractual

2.2 Supplier and Subcontractor Data
– For quotation or tendering purposes: Contractual
– For project management purposes: Contractual

2.3. Employee Data
– Legal obligation

3. Data Processors
We use third parties to process legitimate personal data. The third parties fall into the following categories:

3.1. Our IT service providers, who develop, maintain, and back up our systems
3.2. CRM service provides: Data processors who provide or process within our CRM software
3.3. Our website provider
3.4. Personal Information Manager/Email service provider
3.5. Financial Management Syste

4. Keeping Your Data Secure
We commit to ensuring the data we keep is secure. Our premises are secured, and our IT systems are secured with relevant protection suites. Our systems are proactively managed by our by our in-house IT department supported by our IT Consultants. The data processors we use have demonstrated their safe handling of data.

5. Keeping Your Data Relevant
We will only keep data that is relevant. We will delete any data that is redundant, and we will not keep data without good reason. Our CRM database is managed to ensure it is current, and staff access is limited.

6. Use of Data for Marketing
Legitimate Interest: We may contact our business customers with details of products, services, notices relevant to the supply and management of print related services. If you do not wish to receive such communications, we will remove you from our communication lists.

7. Data Requests
You can ask us what personal data you hold, and we must give you that information free of charge, within one month of your request.

8. Deleting Data
If you ask us to delete your data, we must do so immediately.

9. Data Breaches
We have standard operating procedures in place to ensure data breaches are identified and remedied.

10. Buying or Selling Data
If we choose to buy personal data, we will ensure that the seller is GDPR compliant, and that all persons whose data is sold, has explicitly consented to their use of that data. We will not sell your data.
Should our organisation be sold to another person or business in the future, your data may also be transferred to the new organisation. However that data may only be used for its original lawful basis. You can still opt out, request information, or request the deletion of your data.