Privacy Policy 

Data Controller

Robert James White

 

Collected Personal Data 

                                                            Newton & Noss Security respects your privacy.

Any personal information you provide to us including and similar to your name, address, telephone number and e-mail address will not be released, sold, or rented to any entities or individuals outside of Newton & Noss Security.

 

Purpose of collecting data

 

I have read the Information Commissioner’s Office guidelines for compliance with the new General Data Protection Regulation (GDPR) rules. This page explains how I comply. If you have given me your email address (by emailing me or agreeing to paperwork) you should read this to reassure yourself that I am looking after your data extremely responsibly.

I value the security of your information extremely highly and will never intentionally breach the rules. However, the rules are designed for organisations and us sole traders just doing our best to keep up.

I used the ICO booklet, “Preparing for the General Data Protection Regulation – 12 Steps to Take Now.”.

Awareness

I am a sole trader so there is no one else in my organisation to make aware.

The information I hold

  • Email addresses of people who have emailed me and to whom I have replied are automatically saved in email software.
  • Email addresses, physical client addresses and names of people who have bought services from me. Orders are saved by default on my computer, which is securely password-protected.

I do not share this information with anyone. Ever.
No one else has access to my website data or to any of my passwords.
If someone randomly asks for another person’s email address, unless both are known closely to me, I always check with the other person first.

Communicating privacy information

  • I have put this Privacy Policy on my website
  • I have added a link to this page from my contact page.

Individuals’ rights

On request, I will delete data.
If someone asked to see their data, I would take a screenshot of their entry/entries.

Subject access requests

I aim to respond to all requests within 24 hours and usually much sooner.

Lawful basis for processing data

If people have emailed me, they have given me their email address. I do not actively add it to a list but my email software will save it. I will not add it to any database or spread sheet unless someone asks me to or gives me explicit and detailed permission.

If people have bought a service from me, their postal and email addresses are saved in my orders folder in two places: an excel spread sheet on my computer and the orders folder behind my website. This is standard practice but I do not use their data for anything other than contacting them about a problem with the Services as agreed. I will delete their email addresses and postal addresses after one year, unless requested not to.

Consent

Once I’ve contacted everyone with a reminder about the T&C of my holding their data, I regard this consent as confirmed for a year, or until the person asks me to remove the data. I have never harvested email addresses, nor would I. Anyone on my lists has contacted me.

Consent is not indefinite, so I will make sure that I remind subscribers that they can unsubscribe or ask for their data to be removed.,

Data breaches

I have done everything I can to prevent this, by strongly password-protecting my computer, website login and email account.

Data Protection by Design and Data Protection Impact Assessments

I have familiarised myself with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and believe that I am using best practice.

Data Protection Officers

I have appointed myself, Robert James White, as the Data protection Officer.

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.