General Data Protection Regulation (GDPR) Compliance
By now, I’m sure you’ve heard all about the General Data Protection Regulations (GDPR) and what they mean.
Whilst there are some very funny memes floating around on social media (we love these!) we need to get serious for a minute and let you know what we’ve been doing, and will continue to do to guarantee that your data is always safe with us.
So what have we been doing at ICEtags to prepare for the GDPR?
As ICEtags is a trading style of our company, ID Card Centre (and our customers include universities, the NHS, banks and large corporates), we’ve spent many months studying and planning for the regulations to come in to effect.
Our appointed internal contact for everything GDPR related is company Director, Nicola O’Brien, and she has been working with a legal expert to update and renew all our policies and processes to ensure that they are GDPR compliant. This has also involved putting in some extra steps to ensure that it is easy for you to exercise your rights under the regulation to object to or restrict the processing of your data as well as access or amend the information that we do hold on you.
At ICEtags we have not previously done any direct marketing to past customers so your contact details have not been held on a database unless you have asked us to.
The data you provide us with for printing on the cards is used purely for that purpose and is then deleted from our systems after 30 days. This gives you plenty of time to receive and check your order and report any issues back to us. However, if you’d like your information to be deleted sooner than this, just email email@example.com with your request and it will be actioned within 24 hours.
Finally all of the team here (whether they process data or not) have attended a comprehensive training workshop on data protection and information security so we can be sure that everyone is fully aware of the regulations and data protection and data security best practice.
We also felt it prudent to commission an independent assessment of our internal systems and cybersecurity strategy. Whilst we were pretty confident that everything was super secure – it’s good practice to have this tested by someone who is essentially paid to try and break it - and we’re delighted to report that we passed with flying colours!
How do we protect data that we’re printing on tags?
It goes without saying that we process lots of personal data - most of our products rely on it! All ICE contacts that we’re supplied with are personal data, as well as any medical information that you may provide. For your peace of mind here are a few of the things we do to ensure your data is protected.
- All orders placed online are secured by SSL which enables a secure connection between the browser and web server
- If ordering ICEtags in bulk, we provide a way for you to securely transfer your data to us (please never email it!)
- Your data never leaves our UK based premises
- Your data can only be accessed by our trained members of staff
- Our printing bureau can only be accessed by authorised personnel
- Any misprinted tags are stored in a locked bin on our premises before being securely shredded on site and taken away for recycling
How to access your data
We have installed a GDPR tool on our website that gives you full control of your data. It’s accessible if you are logged in to your account and from here you can view and amend your details, request a full report detailing all the data we hold on you (including a record of past orders) and you can also delete all your data from here too.
A note about bulk orders
If you’re placing a bulk order with us, for example for a running club, you may be responsible for handling a large amount of data on behalf of your members. We appreciate you have a great responsibility to them, as the data controller, so we have processes in place to ensure that you meet all the obligations required of you under the GDPR, including providing you with our third-party processor agreement which covers all of the requirements in detail.
If you have any questions about how we process your data then please email firstname.lastname@example.org with your query and we will get back to you as soon as possible.