GDPR

1. Identify the Lawful basis for processing personal data
(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.

Customers understand we take their name, email address, phone number, address to provide them with work related details. No marketing emails will be sent to customers.

(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.

DR Clean Ltd requires client information in order to schedule work.

2. When collecting personal information, we tell people how we will use it
Booking a job / transfer of any monies is acceptance of these terms and conditions.

3. Right to rectification and data quality
Any customer can have their data corrected/rectified within the companies records and email address book.

4. Right to erasure including retention and disposal
All customer data stored can be erased at their request. This process entails:
1. Finding and removing the email address and contact information.

5. Right to restrict processing
Your business has procedures to respond to an individual’s request to restrict the processing of their personal data.
Customer data is not shared with third parties. DR Clean Ltd does not enter into marketing and data stored is only for work related issues.

6. Right to data portability
If a customer requests their personal data. DR Clean Ltd will send it in a simple email or spreadsheet format via email. Allowing them to easily transfer their data to various IT environments.

7. Right to Object
If a customer verbally or written requests to have their personal data removed, Dr Clean Ltd will be informed and act upon it.

8. Rights related to automated decision making including profiling
“Your business has identified whether any of your processing operations constitute automated decision making and have procedures in place to deal with the requirements.” Applicable to DR Clean Ltd.

9. Accountability
DR Clean Ltd has a data protection policy that is explained to all members of staff and available in the office.

10. Processor contracts
DR Clean Ltd operates with manual paperwork.

11. Information risks
As reflected in this document. David & Claire Roberts management team understand the business impacts of data risks and manage them effectively.

12. Data Protection by Design
DR Clean Ltd has implemented measures to protect data. These include:
Passwords are not shared.
Only the management team have access to passwords, payment details and billing.

13. Management Responsibility
The management team demonstrate support for data protection legislation and promote a positive culture of data protection compliance across the business.

14. Breach notification
If anyone suspects a breach of personal data within DR Clean Ltd, the following actions will take place.
1. Director to be informed immediately.
2. Investigation to begin immediately to determine what data has been breach.
3. Fixes/password changes will be rolled out, and the relevant members informed.