With the introduction of the General Data Protection Regulation coming into force on 25th May 2018 Finnick Group have posted this GDPR Statement in order to provide our clients and future clients transparency on how we collect, store and terminate the data our group holds. This information is applicable to Finnick Group and any Finnick Group companies.
The information we collect
Finnick Group will collect information under 3 separate processing topics. Direct contact, Opt in & Accounting.
The processing topic of direct contact covers when a client, prospective client or supplier contacts Finnick Group in the employment or hopeful employment of services. This information can be collected either over the phone, via our websites contact form or through face to face contact (Networking, Expo’s or Client Meetings). This information will always be relevant to the query at hand and will not be used for Promotional or Marketing (Opt-in) purposes unless permission has been granted by the owner of this information.
The processing topic of Opt-in covers any information gathered for the purpose of Promotion & Marketing. Finnick Group may use multiple ways for this information to be gathered including Newsletter op-in’s on our website, competition entries and contact cards at an Expo or conference. In accordance with the regulations of GDPR the information gathered in this format will be lawfully acquired through the use of opt-in checkboxes on forms and competitions on both the website and contact cards.
The processing topic of Accounting covers the information acquired in the case of any financial transaction. This will be details provided by the client and also provided online via Companies House or other data website. The kind of information you can expect to be stored would be the Name, Address, Telephone, Company Number and VAT number of an organisation and also the Name and Email Address of the main contact at this organisation. This information applies to both Clients and Suppliers.
The information we store
Finnick Group will store information in multiple ways depending on our processing topic.
With direct contact information being acquired in multiple ways we follow certain processes in storage of this information. Direct contact information acquired via email will be stored by our email service providers address book functionality. Direct contact information acquired via a phone call can be stored by either the use of a personal diary, notepad or our email service providers address book functionality. Our email provider Microsoft 365 stores this information on their secured servers and the data is encrypted both on the server and during transfer to and from the server.
Opt-in information is stored in a master database on our internal network and can be distributed to multiple third party locations depending on our marketing requirements. Before using a third party service for marketing we will first check to see if both the storage on this service and transmission to this service is both safe and encrypted.
All accounting information is stored on our third party accounting software Xero. More information on how Xero store this information and the functionality they provide to us a client can be found here https://www.xero.com/content/xero/za/campaigns/xero-and-gdpr.html
The information we terminate
Finnick Group will terminate information in multiple ways depending on our processing topic.
Direct contact information as mentioned above is stored on our third party email service provider. To comply to GDPR we will access this information on a regular basis to make sure that the data that is irrelevant or unneeded is removed.
The data of clients or suppliers that we provide services to or request services from will be stored permanently in our email database until this client no longer requires anymore services. These clients will be informed that their data will be stored during this period of time and on request we can delete this data for the client or they will be deleted if there data is deemed irrelevant by our next assessment date.
Prospective client, Job Application or contact data will be stored by our email server up until the next assessment date. On this date if the client has not been in touch for a lengthy period or the Job Applicant was not successful in employment with us, their details and emails will be deleted from our email server.
Any information collected in a physical format (Notepad or Diary) will be transferred to a securely encrypted online location such as our Network server or Email Server and the physical format will be destroyed professionally by our third party service Print Waste Recycling & Shredding.
Information collected for Opt-in promotion and marketing will be terminated on request of the information owner. This may be by unsubscribing from our marketing services or asking Finnick Group to delete their details.
All accounting data will be stored for a period of 6 financial years as per the Government’s “Running a limited company” requirements. Any prospective client who has requested a quotation through our accounting software but have not moved forward with the service will have their details and quote deleted from Xero in the next assessment period.