The following page outlines the Market Avenue Limited (MAL) policy in compliance with the Data Protection Act 2018 (DPA) and the General Data Protection Regulation (GDPR).
The policy ensures good practice in data handling and the protection of business and personal information. Data is processed fairly and lawfully and covers the implications for staff, clients and suppliers.
Under GDPR personal data is defined as information that can be used to identify someone, directly or indirectly. This includes IP address, cookies, location data, name, and email address.
MAL is considered to be ‘controllers’ and ‘processors’ of data:
We store contact data on our business operating systems (CRM) such as name, email address, telephone number, company address, website and social media profiles (if applicable).
Stored information is electronic only and is maintained within a secure and encrypted online storage facility and a GDPR compliant cloud-based project management system.
Sensitive information such as website and social media profile logins are securely saved on a two-level password protected document within a secure access-only online storage facility.
If you alter your data after providing it to us, please inform us. From time to time, we may contact you to check the information is correct.
All data is retained for as long as you use our services. We may retain some data after you have ceased using our services to comply with legal obligations (including law enforcement requests), to meet regulatory requirements, maintain security, prevent fraud and abuse, resolve disputes, enforce our business terms, offer new features you may be interested in. If none of these obligations apply, personal data will be deleted within 24 months of our contract end.
The lawful basis for processing client data is for ‘Contract’ purposes and thereby necessary. Data is used to ensure that we are efficient in our working practices and online platforms we use to deliver services.
Existing clients are contacted by their preferred/accepted means of communication (aside from face to face meetings) such as email, telephone call, text message or an instant chat platform. Communication is to keep you informed of project related developments and news of services that may suit your business.
The lawful basis for processing non-client data is also ‘Consent’ because the individual has given clear consent for us to process their personal data for a specific purpose. Our data is added to a CRM system that confirms where and when the data was added.
Consent is always voluntary, specific and informed, and unambiguous.
We may have been passed personal data such as a name or telephone number from a mutual contact if the person felt there was a legitimate interest or reason for us to discuss business. Any such information will not be held on our business file unless a ‘contract’ is issued or ‘consent’ given.
We do not collect the data of anyone under the age of 16 years. If work requires the usage of personal data, such as photographs of children, the client will need to provide proof of consent to use.
Please read our standard client Terms and Conditions here.
Consent to receive information can be withdrawn at any time via email preferences or by contacting us here. All information will be removed from our systems in accordance to our debrief process.
You have the right to access the data we hold for you and to request its deletion, rectification, restriction and portability.
Any access requests will be fulfilled within 30 days. MAL has the right to refuse access with full written details as to why within 30-days. You have the right to complain against such a refusal.
Every client will undergo an onboarding process in order for us to gather sufficient information to conduct services professionally and effectively.
Should a project come to an end, a debrief process is followed to remove data from our daily storage facility and project management boards.
Project work and data will be stored on an external backup hard drive for up to ten years. Personal data will be kept on file, in accordance to any ‘contract’ or ‘consent’ implications for up to five years. During this period, you can still request all data to be removed.
We use a number of third party systems to deliver client facing services and internal business processes. All data input is added by MAL personnel or clients (via an online portal if they sign up to an email list, download a PDF or make a payment to MAL). All policies have been reviewed by us before any contract has commenced. You can request a copy of the systems and their respective privacy policies by contacting us.
Employed MAL personnel have access to all client data that is specific to the projects they work on. Personnel have been trained on the requirements of GDPR and adhere to the necessities of company cyber insurance policies.
The designated person, responsible for data protection compliance is Anna Woolliscroft, MAL owner and sole shareholder.
MAL work with a small number of trusted external colleagues and freelancers to enhance our creative service offering. Non Disclosure Agreements are issued to all external organisations. Colleagues do not have the same access to client data as employed personnel and all work is filed, proofed and distributed by MAL employees.
We store information through a third-party provider to securely file and process information. All third party privacy policies have been consulted prior to investment.
Processes in place to guard against data breaches
Our website is secured and SSL certified.
All devices are password protected, encrypted and backed-up. Anti-virus, anti-spyware and firewall protection systems are installed on all computers systems with daily system checks, and required system updates are installed immediately. Equipment is insured and used on private property or during client meetings.
Client data is stored within the cloud and not on a desktop. All mobile devices have a remote wipe feature if lost or stolen.
Sensitive data is encrypted when sent via email.
MAL has the following insurance policies in place:
Cyber and data risk insurance specifically relates to good practice for data processing and IT.
MAL has a duty to report certain types of data breaches to the relevant supervisory authority within 72 hours, unless the breach is harmless and poses no risk to the individual. If a breach is concluded to be high risk, we will inform the individuals impacted.
If MAL are involved in a structural reorganisation, merger, acquisition or sale, your information may be transferred as part of that deal. We will notify you by email or formal letter of any such change and outline your choices before the event.
Should you wish to contact us over any concerns you may have about our services or policy, please email us here. We hope that you would reach out to us first, but you also have the right to contact the Information Commissioner’s Office too.
Our full details:
Market Avenue Limited
Registered business address: 319A Uttoxeter Road, Blythe Bridge, Stoke on Trent, ST11 9QA
Contact details: 01543 897121
info [at] marketavenueltd.co.uk
Company Registered No. 6820331
VAT No. GB 946795265.
Business owner: Anna Woolliscroft