General Data Protection Regulation (GDPR)
Data Protection Registration Number is 00010078868
Due to the new extended European General Data Protection Regulation, as of 25th May 2018 changes will be made to the way personal data is held and processed by CV Publishers Ltd, which trade as Des Pardes Weekly.
In order to comply with this regulation, we need to ask your permission to use your contact data for marketing purposes (none of which will be passed on to any third parties), as well as storing your personal data on file. If we do not receive a reply from you, we will no longer be able to send marketing information to you or if you are a company, to individuals at your company. This will include new brochures, promotions and any other advertisement material.
We therefore ask if you could please complete the attached sheet and return by email to: – firstname.lastname@example.org.
Alternatively, please complete and return to: –
Mr. Sarabjit Singh Virk,
Data Protection Officer,
8 The Crescent Southall, Middlesex, UB1 1BE.
The personal information that you provide to us in this form will only ever be used by CV Publishers Ltd, trading as Des Pardes Weekly (as the Data Controller) for the following specifically defined purposes:
- to email you content that you have requested from us
- with your consent, occasionally email you with targeted information regarding our service offerings
- continually honour any opt-out request you submit in the future
- comply with any of our legal and/or regulatory obligations
Name: Mr. Sarbjit Singh Virk,
Data Protection Officer of: CV Publishers Ltd. (Trading as Des Pardes Weekly)
Tel: 020 8571 1127.
Do hereby consent to by CV Publishers Ltd, trading as Des Pardes Weekly to hold, store and use my data (above) and as detailed below and in line with CV Publishers Ltd. Privacy, Data Retention and Cookie Policies (available upon request): –
- Information that I provide when contacting CV Publishers Ltd. through their website/s (including name, address, email address, direct dial phone number, mobile phone number company/organisation name and job title);
- information that I provide to CV Publishers Ltd for the purpose of requesting information, including sales and marketing communications, subscribing to your email notifications or newsletters (including name, address, email address, direct dial phone number, mobile phone number company/organisation name and job title);
- information contained in or relating to any communication that I send to CV Publishers Ltd or send through their website/s (including the communication content);
- information I provide to CV Publishers Ltd when entering a contractual agreement (including billing details and signature);
- any other personal information that I choose to send to CV Publishers Ltd.
Data Retention Policy
This data retention policy sets out the obligations of CV Publishers Ltd trading as Des Pardes Weekly hereinafter referred to as (“us/we/our”) and the basis upon which we shall retain, review and destroy data held by us, or within our custody or control.
This policy applies to our entire group (CV Publishers Ltd.) and all of its subsidiaries including its officers, employees, agents and sub-contractors and sets out what the retention periods are and when any such data may be deleted.
It is necessary to retain and process certain information to enable our business to operate.
We may store data in the following places:
• our own servers;
• any third party servers;
• potential email accounts;
• employee-owned devices (BYOD);
• potential backup storage;
• our paper files.
This policy applies equally to paper, electronic media and any other method used to store personal data. The period of retention only commences when the record is closed. We are bound by various obligations under the law in relation to this and therefore, to comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully in respect of their personal data under the General Data Protection Regulation hereinafter referred to as “the Regulation”.
The Regulation defines “personal data” as any information relating to an identified or identifiable natural person (a data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
This Policy sets out the procedures that are to be followed when dealing with personal data and how we aim to comply with the Regulation in so far as it is possible. In summary, the Regulation states that all personal data shall be:
a) processed lawfully, fairly, and in a transparent manner in relation to the data subject;
b) collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay;
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the Regulation in order to safeguard the rights and freedoms of the data subject;
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
The Fourth and Fifth Data Protection Principles require that any data should not be kept longer than necessary for the purpose for which it is processed and when it is no longer required, it shall be deleted and that the data should be adequate, relevant and limited for the purpose in which it is processed. With this in mind, this policy should be read in conjunction with our other policies, which are relevant such as our Privacy, Cookie and Terms and Conditions Policy.
Security and Storage
All data and records are stored securely to avoid misuse or loss. We will take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data. We will put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. Personal data will only be transferred to a data processor if there is agreement by them to comply with those procedures and policies, or if there are adequate measures in place.
Examples of our data storage facilities are as follows:
– On our Client Relationship Managers (Infusionsoft and Zoho)
– Our Web Server (Hosted by Heroku)
– Our accounting software (Xero)
– Our custom time and cost tracking app (cost tracker)
– Our contracts software (docusign)
Check the above with your website designer Manchester Parking
We will maintain data security by protecting the confidentiality, integrity and availability of the personal data, defined as follows:
(a) Confidentiality means that only people who are authorised to use the data can access it.
(b) Integrity means that personal data should be accurate and suitable for the purpose for which it is processed.
(c) Availability means that authorised users should be able to access the data if they need it for authorised purposes. Personal data should therefore be stored on our central computer system instead of individual PCs.
Data retention is defined as the retention of data for a specific period of time and for back up purposes. We shall not keep any personal data longer than necessary but acknowledge that this will be dependent on the different types of documents and data that we have responsibility for. As such, our general data retention period shall be for a period, which is outlined in the table below. Our specific data retention periods are set out below:
|Type ofdata||Type of Data Subject||Type ofProcessing||Purpose ofProcessing||Retention period|
|Zoho||First Name, Last Name, Email Address, Telephone number, Address, Website, Company Information||Stored on ZohoStored on Infusionsoft||Database to manage all our contacts and send emails, newsletters and surveys.||Inactive for 5+ years*|
|Heroku||First Name, Last Name, Email Address, Telephone number, Address, Message Sent Via Website,||Stored on Zoho, Heroku||To respond to enquiries.||Inactive for 5+ years*|
|Power BI||First Name, Last Name, Email Address, Telephone number, Address, Company Information,||Stored on Power BI||For production of company reports||Inactive for 5+ years*|
|Sharepoint/One Drive||First Name, Last Name, Email Address, Telephone number, Address, Website, Company Information||Stored on OneDrive||Records of contracts and projects||Inactive for 5+ years*|
|DocuSign||First Name, Last Name, Email Address, Telephone number, Address, Company Information||Stored on Sharepoint and Docusign||Records of contracts/variation orders||Inactive for 5+ years*|
|Xero||First Name, Last Name, Email Address, Telephone number, Address, Website, Company Information, Payment Information, Payment Dates||Stored on Xero||Record of Customer payments||Inactive for 5+ years*|
|Cost Tracker||First Name, Last Name, Email Address, Telephone number, Address, Website, Company Information, Payment Information||Stored on Cost Tracker and Xero||Records of projects live/completed||Inactive for 5+ years*|
Check the above with your website designer Manchester Parking
*Inactive meaning they have not interacted (opened, clicked, replied emails, answered phone calls, responded to text messages) that we have sent them. From time to time, it may be necessary to retain or access historic personal data under certain circumstances such as if we have contractually agreed to do so or if we have become involved in unforeseen events like litigation or business disaster recoveries.
Destruction and Disposal
Upon expiry of our retention periods, we shall delete confidential or sensitive records categorised as requiring high protection and very high protection, and we shall either delete or anonymise less important documents.
The destruction of confidential, financial, and personnel-related records shall be securely destroyed electronically or by shredding if possible. Non-confidential records may be destroyed by recycling.