In May 2018 a huge change comes in which affects businesses large and small. The General Data Protection Regulation (GDPR) has been developed to protect your personal information from being misused or sold without your knowledge or consent. It affect us because we keep your information that is collected from the booking process and any images we take during your parties.
Why do we collect your information?
As a client we want to be able to keep in touch with you which is why we collect your phone number and email address. We also may from time to time send very limited email offers, reminders, and keep in touch so we can retain your custom. We collect your address as part of our contract process in case there is ever a need to send you something physical or for legal proceedings.
We also have to keep our records for Tax purposes and this also means we have to keep data historically for a number of years after your booking. This is all pretty standard data collection and something we’d expect the majority of our competitors also do.
Where do we keep your information?
All your actual booking information and forms come into our Client Management System, DJ Event Planner. We keep all of your booking forms in an online email folder. We keep these because its where you agree to our terms and conditions and are the basis of the price and services we have quoted for, they are the basis of the contract we form.
DJ Event Planner is also secure and full access is limited to just myself. On here we keep a copy of the information gathered in the booking forms because it allows us to manage your booking better. This system is how we manage our workflow on a daily basis and removes the need for anything to be stored locally on our PC, using a paper diary or online calendar.
What information do we keep?
The information we collect includes; name, address, contact number, email address and facebook account (if contacted via facebook). There is also some information that could be extrapolated from your event details, we deem these to be marital status, approximate birth date and employment status. For example if we have a wedding booking it would be fair to assume you will be married after that date, or if you have a 60th Birthday Party, you will be 60 around that date.
We also hold images taken during your event which we use for our website, social media and publications. Your face is also considered a method of identification in this policy hence the term Photo ID.
What are your rights?
The GDPR includes the following rights for individuals:
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and
- the right not to be subject to automated decision-making including profiling.
We will of course accept any Subject Access Request so if you ever want to know what data we hold of yours, please just email us with the subject title; SAR, and your request in the main email body.
Your consent to hold your information?
We are looking to add another step to our booking process which seeks permission to record, manage and use your information under the governance of the GDPR. There has to be what is called a positive opt in, which cannot be inferred by silence, pre-ticked boxes or inactivity. We have to make you clearly aware that we are holding your information.
Data Protection Officer?
I will be the named Data Protection Officer for Devon DJ, Paul Radmore. It will be my responsibility to manage your data, keep it secure and report any breaches or losses of data to both the ICO and clients affected.