KEY DETAILS
- Policy Prepared by: Montmartre Patisserie Directors
- Approved by Management: 09September 2020
- Policy became operational: 10 September 2020
- Data Protection Officer: Gary Ewing
INTRODUCTION
Montmartre Patisserie needs to gather and use certain information about organisations and individuals. These can include customers, suppliers, employees and other people Montmartre has a relationship with and/or needs to contact.
This policy describes how this personal data must be collected, handled and stored to meet the company’s data protection standards, and to comply with the law and GDPR standards.
This data protection policy ensures Montmartre Patisserie:
- Complies with data protection law and follows good practice
- Protects the rights of staff, customers, suppliers and other partners
- Is open about how it stores and processes individual’s data
- Protects itself from the risk of a data breach
GDPR
The General Data Protection Regulations effective 25 May 2018, describes how organisations, such as Montmartre Patisserie, must collect, handle and store personal information. All personal information must be collected and used fairly, stored safely, not disclosed unlawfully and only shared with approved partners and no other organisation or individual
POLICY SCOPE
This Policy applies to
- Montmartre Patisserie Registered offices
- All staff employed by Montmartre Patisserie
- All contractors and suppliers working on behalf of Montmartre Patisserie
This policy relates to all data that the company holds relating to identifiable individuals. This can include:
- Names of individuals
- Postal addresses
- Email addresses
- Telephone numbers
DATA PROTECTION RISKS
This policy helps to protect Montmartre Patisserie from data security risks, including:
- Breaches of Confidentiality. Data will be kept securely and will not be shared with any organisation other than approved partners
- Failing to offer choice. All individuals are free to choose how the company uses date relating to them
- Reputational damage. Cyber security will be of a high standard and kept up to date by our approved IT Provider
RESPONSIBILITIES
The Data Protection Officer is responsible for:
- Reviewing all data protection procedures and policies
- Arranging data protection training
- Handling data protection questions from staff and anyone else covered by this policy
- Dealing with requests from individuals to see the data Montmartre Patisserie holds about them, also called “Subject Access Requests”
- Checking and approving all contracts and agreements with approved partnering organisations that will handle the company’s data
- Approve data protection statements attached to communications such as letters and emails
The partnering IT Provider is responsible for:
- Ensuring all systems, services and equipment used for storing data meet security standards
- Performing regular checks and scans to ensure security hardware and software is functioning properly
- Evaluating any third party services the company is considering using to store or process data, such as cloud services
SUBJECT ACCESS REQUESTS
All individuals who are the subject of personal data held by Montmartre Patisserie are entitled to:
- Ask what information the company holds about them and how to gain access to it
- Be informed how to keep it up to date
- Be informed how the company is meeting its data protection obligations
If an individual contacts the company requesting this information, this is called a “Subject Access Request”. These requests should be made in wiring either by email to sales@montmartre.cc or by post to Montmartre Patisserie Ltd, 386 Sykes Road, Slough Trading Estate, Berkshire SL1 4SP. The data protection officer will provide the relevant data within 14 days.
