Use of Private Information Policy (GDPR)
Last updated: 25th May 2018
We respect the EU’s General Data Protection Regulations (GDPR) and this policy explains how we collect and treat any information you give us. You won’t find any complicated legal terms or long passages of unreadable text. We’ve no desire to trick you into agreeing to something you might later regret.
Our policy covers
- Why we value your privacy
- How we collect information
- What information we hold
- Where we store your information
- What we use your information for
- Who’s responsible for your information at our company
- Who has access to information about you
- The steps we take to keep your information private
- How to complain
- Changes to the policy
Why we value your privacy
We value your privacy as much as we do our own, so we’re committed to keeping your personal and business information safe. We’re uncomfortable with the amount of information many organisations keep on file, so we have only ever asked for the bare minimum of data from our customers. We’ll never use your personal information for any reason other than why you gave it, and we’ll never give anyone access to it unless we’re forced to by law.
How we collect information
We obtain information from web searches, exhibitions and some organisation of which we are members.
We collect your email address when you sign up for one of our newsletters.
We ask for your account, shipping, and contact information when you buy something from us to enable fulfilment of the contract
What information we hold
- When you contact us by email or through our website, we collect your name and email address.
- If you sign up for a newsletter, we only collect your email address.
- When you buy something from us, we collect your name, email address, phone number, and a delivery address.
- If you do business with us, we also collect your business name and keep records of the invoices we send you and the payments you make.
Where we store your information
Internet based storage
When you contact us by email or through our website, we store your your information in vTiger/coreBOS, our Customer Relationship Management (CRM) software.
If you sign up for a newsletter, we store your email address in phpList, which is the marketing platform we prefer and which links to our CRM.
When you buy something, we store your information in our accounts software, Iris.
We chose these systems partly for their commitment to security.
We store copies of artwork and other documentation relating to processing your order on our local servers. Backups of the Internet based data is backed up to local storage. Data and backups are synchronised between our servers in the UK and Spain.
What we use your information for
We occasionally use your contact information to send you details of our products and services. When we do, you have the option to unsubscribe from these communications and we won’t send them to you again. We might also email or phone you about our products and services, but if you tell us not to, we won’t get in touch again. We will use your information to send you invoices, statements, or reminders.
Who’s responsible for your information at our company
John Crisp, our IT Manager, is responsible for the security of your information. You can contact them by email at it at impamark.co.uk or by phone on 01621 783550 if you have any concerns about the information we store.
Who has access to information about you
When we store information in our own systems, only the people who need it have access. Our management team have access to everything you’ve provided, but individual employees have access to only what they need to do their job.
For completion of contract we need to pass your delivery details to our suppliers. They are subject to the same GDPR restrictions as us and will not use your information for any other purpose than delivering your order.
Our accountants manage and have access to our accounting system to assist us with our accounts.
The steps we take to keep your information private
Where we store your information in third-party services, we restrict access only to people who need it.
Where we store information on our own systems this is restricted to our employees only.
All systems are password protected.
All communications between servers are via secure services including https, VPN and ssh. Management systems are only available via VPN.
Our local servers are firewall protected and only required services are available.
Our emails are checked for viruses, and file stores scanned regularly.
To reduce the attack vectors we do not use any Microsoft software.
How to complain
We take complaints very seriously. If you’ve any reason to complain about the ways we handle your privacy, please contact John Crisp at Impamark by email at it @ impamark.co.uk or by phone on 01621 783550. If you’re the letter writing type, send your envelope to:
Unit 1 Dammerwick Farm
Essex CM0 8NB
Changes to the policy
If we change the contents of this policy, those changes will become effective the moment we publish them on our website.