c.j.TAZZ ENTERTAINMENTS GDPR Policy as from 25th May 2018

 

Introduction

c.j.TAZZ ENTERTAINMENTS is committed to the General Data Protection Regulation (GDPR) and the protection of personal data, in line with the GDPR collection, usage, storage and security requirements.

This policy implements the requirements by all our staff to be GDPR compliant.

This policy applies to all our staff including the managing director and employees.

c.j.TAZZ ENTERTAINMENTS is the Controller.

c.j.TAZZ ENTERTAINMENTS collects and uses personal information relating to organisations booking events and private customers – names, telephone numbers, addresses and e mail addresses.

All personal data is handled with GDPR compliance to legal requirements.

 

Key Definitions

It is important all c.j.TAZZ ENTERTAINMENTS staff understand the key definitions.

 

Personal Data

This is Information that relates to a real person.

 

Employee

This refers to Part/Full Time with/without contracts and temporary employees

 

Data Controller

This refers to the person/ joint persons/ organisation who determines the

purposes and the processing of personal data.

 

Third Party

This refers to another organisation involved in the use/transfer of the

personal data – this is not applicable to c.j.TAZZ ENTERTAINMENTS – We do not transfer information to a third party.

 

Contact

Contact is made to hospitality and educational organisations and private customers.

 

Identifiable Natural Person

We identify a natural person using name and location factors.

 

Data Subject

This is the individual to whom the personal data refers.

 

Consent

This is:

‘Any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to him or her.’ (MetaCompliance)

 

Data Processors

This is the person/persons, or organisation, that processes personal data on behalf of the Data Controller.

 

Processing

This is the collecting, recording, storing, erasure of personal data,  automatically or otherwise.

Personal data is stored on hard copies in secure files and in electronic files.

Personal data no longer used for a specified purpose will be shredded.

 

Personal Data Breach

This is the unlawful loss, destruction, unauthorised disclosure of personal information.

 

How Will Our Policy Be Monitored?

All our staff who collect and process personal information will understand the requirements of the GDPR and the need for compliance.

Meetings will be held, minuted and electronically/manually filed, so the whole team has a clear understanding.

 

Staff must be aware of The Six Principles:

  1. Lawfulness, Fairness and Transparency

Personal data will be processed lawfully (purposeful), fairly (the process should be the same as communicated to the Data Subject and transparently (the Data Subject knows what processing will occur).

  1. Purpose Limitation

The purpose of dealing with data will be clearly specified and restricted to that use.

  1. Data Minimisation

Only data required will be stored.

  1. Accuracy 

Personal data will be accurate and up to date. Procedures will be in place to identify unneeded data.

  1. Storage Limitation 

Data will only be stored for the time required for the purposes specified.

  1. Integrity and Confidentiality

Security of the data will be maintained at all times.

Accountability

c.j.TAZZ ENTERTAINMENTS is responsible for the data and will be able to show compliance.

c.j.TAZZ ENTERTAINMENTS will show that all 6 Principles are adhered to when collecting, holding and storing data.

 

Data Collection: Data Sources

c.j.TAZZ ENTERTAINMENTS collects personal information from various organisations; managers and their staff.

 

Data Subject Consent

The managers and their staff will give consent by sending us their personal information.

 

Data Subject Notification

c.j.TAZZ ENTERTAINMENTS notifies all data subjects that their personal information is being used and for what purpose.

 

Data Use: Data Processing

c.j.TAZZ ENTERTAINMENTS processes personal data for the following reasons:

c.j.TAZZ ENTERTAINMENTS processes data to create:

Contracts

Invoices

Methods of communication

This information is collected via telephone, e mail, social media and website.

If the personal data is sensitive then this will be identified and the data subject will consent to this data.

 

Data Quality 

c.j.TAZZ ENTERTAINMENTS will ensure the quality of the personal data by keeping it accurate and up to date.

 

Data Retention

c.j.TAZZ ENTERTAINMENTS will not hold data for longer than is necessary to fulfil the purpose specified.

If hard copies are held and no longer used then they will be shredded.

 

Data Protection 

Only those staff members authorised will access personal data.

Passwords lock the computers.

The Data Processors will work under instruction from the Data Controller.

Any data used for different reasons will be processed separately.

 

Data Transfers

Any data transfer must be given consent by the data subject.

 

Breaches

Any breaches will be reported to the Managing Director and treated seriously.

A breach may be the result of theft, equipment failure or accidental loss.

This policy is available for all staff.

There are 4 stages when considering managing a breach:

  1. Containment and Recovery – A recovery plan would be set in motion and an aim for damage limitation.
  2. Assessing the Risks – In response to the breach, a risk assessment would be carried out to note the risk to the person/persons or business.
  1. Notification of Breaches – Relevant people would be notified of any breach in security.
  1. Evaluation and Response – Any breach would be fully investigated and systems reviewed, along with the policies and procedures.

 

The requirements of this policy are mandatory for all c.j.TAZZ ENTERTAINMENTS managers and staff.

Effective Date:  25th May 2018

Revisions: This document will be reviewed every 6 months by the Managing Director.