c.j.TAZZ ENTERTAINMENTS GDPR Policy as from 25th May 2018
c.j.TAZZ ENTERTAINMENTS is committed to the General Data Protection Regulation (GDPR) and the protection of personal data, in line with the GDPR collection, usage, storage and security requirements.
This policy implements the requirements by all our staff to be GDPR compliant.
This policy applies to all our staff including the managing director and employees.
c.j.TAZZ ENTERTAINMENTS is the Controller.
c.j.TAZZ ENTERTAINMENTS collects and uses personal information relating to organisations booking events and private customers – names, telephone numbers, addresses and e mail addresses.
All personal data is handled with GDPR compliance to legal requirements.
It is important all c.j.TAZZ ENTERTAINMENTS staff understand the key definitions.
This is Information that relates to a real person.
This refers to Part/Full Time with/without contracts and temporary employees
This refers to the person/ joint persons/ organisation who determines the
purposes and the processing of personal data.
This refers to another organisation involved in the use/transfer of the
personal data – this is not applicable to c.j.TAZZ ENTERTAINMENTS – We do not transfer information to a third party.
Contact is made to hospitality and educational organisations and private customers.
Identifiable Natural Person
We identify a natural person using name and location factors.
This is the individual to whom the personal data refers.
‘Any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to him or her.’ (MetaCompliance)
This is the person/persons, or organisation, that processes personal data on behalf of the Data Controller.
This is the collecting, recording, storing, erasure of personal data, automatically or otherwise.
Personal data is stored on hard copies in secure files and in electronic files.
Personal data no longer used for a specified purpose will be shredded.
Personal Data Breach
This is the unlawful loss, destruction, unauthorised disclosure of personal information.
How Will Our Policy Be Monitored?
All our staff who collect and process personal information will understand the requirements of the GDPR and the need for compliance.
Meetings will be held, minuted and electronically/manually filed, so the whole team has a clear understanding.
Staff must be aware of The Six Principles:
- Lawfulness, Fairness and Transparency
Personal data will be processed lawfully (purposeful), fairly (the process should be the same as communicated to the Data Subject and transparently (the Data Subject knows what processing will occur).
- Purpose Limitation
The purpose of dealing with data will be clearly specified and restricted to that use.
- Data Minimisation
Only data required will be stored.
Personal data will be accurate and up to date. Procedures will be in place to identify unneeded data.
- Storage Limitation
Data will only be stored for the time required for the purposes specified.
- Integrity and Confidentiality
Security of the data will be maintained at all times.
c.j.TAZZ ENTERTAINMENTS is responsible for the data and will be able to show compliance.
c.j.TAZZ ENTERTAINMENTS will show that all 6 Principles are adhered to when collecting, holding and storing data.
Data Collection: Data Sources
c.j.TAZZ ENTERTAINMENTS collects personal information from various organisations; managers and their staff.
Data Subject Consent
The managers and their staff will give consent by sending us their personal information.
Data Subject Notification
c.j.TAZZ ENTERTAINMENTS notifies all data subjects that their personal information is being used and for what purpose.
Data Use: Data Processing
c.j.TAZZ ENTERTAINMENTS processes personal data for the following reasons:
c.j.TAZZ ENTERTAINMENTS processes data to create:
Methods of communication
This information is collected via telephone, e mail, social media and website.
If the personal data is sensitive then this will be identified and the data subject will consent to this data.
c.j.TAZZ ENTERTAINMENTS will ensure the quality of the personal data by keeping it accurate and up to date.
c.j.TAZZ ENTERTAINMENTS will not hold data for longer than is necessary to fulfil the purpose specified.
If hard copies are held and no longer used then they will be shredded.
Only those staff members authorised will access personal data.
Passwords lock the computers.
The Data Processors will work under instruction from the Data Controller.
Any data used for different reasons will be processed separately.
Any data transfer must be given consent by the data subject.
Any breaches will be reported to the Managing Director and treated seriously.
A breach may be the result of theft, equipment failure or accidental loss.
This policy is available for all staff.
There are 4 stages when considering managing a breach:
- Containment and Recovery – A recovery plan would be set in motion and an aim for damage limitation.
- Assessing the Risks – In response to the breach, a risk assessment would be carried out to note the risk to the person/persons or business.
- Notification of Breaches – Relevant people would be notified of any breach in security.
- Evaluation and Response – Any breach would be fully investigated and systems reviewed, along with the policies and procedures.
The requirements of this policy are mandatory for all c.j.TAZZ ENTERTAINMENTS managers and staff.
Effective Date: 25th May 2018
Revisions: This document will be reviewed every 6 months by the Managing Director.