This document is the GDPR (General Data Protection Regulation) and Privacy
Policy for Working Order. It explains what kinds of personal data I collect
from you when you interact with me, how I'll store and process that data,
and how I'll keep it safe.
I, Cassie Tillett, am the founder and owner of Working Order. I am a sole trader. My business trading address is The Vicarage, 10 Crome Road, Norwich NR3 4RQ, and my contact email is firstname.lastname@example.org.
Working Order is
- fully insured for Public Liability and Professional Indemnity.
- registered with the Information Commissioner's Office under the Data Protection Act 1998 [registration number: Z3297985].
Personal Data Collection and Retention
This section explains the types of personal data I collect from you, as well as how and why I use it.
I collect data from clients with whom I work one-to-one (for decluttering and organising, computer training, or other administrative assistance) or in groups (for talks or workshops), either in their homes, in a designated group meeting space, over the phone, or via Skype or other online meeting systems. If you are one of these clients, you will have initiated our contact via email, via my Facebook page, by post or over the phone, and we will have agreed to work together. I may also have been provided with your data by colleagues who have referred you to my services, and this will have been done with your express permission. This category also includes prospective clients, who have initiated contact with me about working together, but who have not yet made any specific appointments.
The personal data that I collect and store about you includes the following.
- Details of your circumstances (such as domestic or health situations) will be noted when taking the initial booking, in order to best understand your needs when we start to work together, but will not be retained after work has commenced.
- Contact details: your full name, your telephone number(s), your physical address(es), your email address(es). We may also share your Skype handle or any other online identities that you wish to share with me if we have chosen to use online meeting systems for our sessions together. I may also keep a note of donor numbers if you donate items to charities under their Gift Aid schemes.
- My business book-keeping records will include copies of invoices, receipts for expenses, and spreadsheets showing services provided and payments received.
I collect data shown in paragraphs 1 & 2 above from you so that we can arrange to meet either virtually or in person so that you can make use of my services, or so that I can meet with you in a group setting to present a workshop or talk; and so that I am able to understand your requirements as a client and provide the most appropriate services and solutions.
I collect this personal data via our chosen method(s) of communication, most likely in our email or telephone conversations. I only collect the minimum amount of information required in order to be able to make appointments with you, visit your home or place of work for a scheduled appointment, make an appointment to meet with your group for a talk or workshop, or meet with you online for a virtual appointment via your meeting system of choice.
Personal Data Access and Disposal
The GDPR requires that personal data be held only for a reasonable amount of time.
- Details of circumstances will be retained only until we have established a working relationship, and then deleted.
- Contact details will be held for 2 full business years after our last communication, after which I will consider you a 'past client', and then I will dispose of your personal contact data. If you wish to work with me again after this, you may contact me and we will resume our working relationship, and I will re-collect the relevant personal data from you at this time.
- Business and book-keeping records (including copies of invoices) will be held (as required by HMRC) for seven years after our last communication. Please be aware that these documents include your name and address and information about the nature of the work undertaken.
If for any reason you require access to the personal data that I hold about you, you are able to request this from me via email at email@example.com. I will respond to your request and give you access to the personal data free of charge within a reasonable time frame.
If you would like to make a request to change or update any or all of the personal data that I hold about you, you are able to request this from me via email at firstname.lastname@example.org. I will respond to your request and make the requested changes and updates free of charge within a reasonable time frame.
If for any reason you wish for me to dispose of any or all personal data that I hold about you, you are able to request this from me via email at email@example.com. I will respond to your request and notify you that I will be deleting the data you have requested me to delete. This will be free of charge and will take place within a reasonable time frame.
Safety and security
Communication may take place (and may be stored) via email, text, social media messaging, social media posting or any other method.
The personal data defined above will be stored electronically. Such data is accessible only by Working Order, and is password and/or fingerprint protected.
Some or all of the above contact details may be stored
- in an electronic database
- on electronic copies of invoices
- in book-keeping records
Please note that Working Order does not use your data for marketing purposes. The information gathered is for contact while work is ongoing; for the issue of invoices; for courtesy follow-up communication; for book-keeping, analysis and other business records; and in case of any dispute arising in the future.
Your personal data is never shared with any third parties, except with your express permission (such as, for example, if you have asked me to source and put you in contact with a supplier).
The only paper record I keep about you is a copy of my Terms and Conditions document signed and dated by you if you are a one-to-one decluttering client. This signed Terms and Conditions document protects both of us and is the information I must present to my insurer, Westminster Insurance, in the case of an insurance claim. The only information on the document relating to you is your name, your signature and the date. These documents are kept in a lock box.
In the case of any of these storage methods being stolen, breached, or hacked, I will do the following within 72 hours of discovering the incident:
- Notify the police if it is a physical theft or loss of my laptop, phone, or iPad.
- Notify my email provider and/or contact database supplier if it is a case of account hacking.
- In any of these cases, report the data theft, breach, or hack to the ICO (Information Commissioner's Office), which is the Regulator for the UK, if the incident has a high likelihood of severity of a resulting risk to the affected clients' rights and freedoms.
- In any of these cases, I would contact all of the clients whose personal data has been compromised and would provide advice in order to help them protect themselves of any effects of the breach.
- In any of these cases, I would write up a report of the breach so it was fully documented.
Testimonials and photographs
As stated in Working Order's Terms & Conditions, you may wish to allow before-and-after photographs, and/or to provide testimonials for the service you have received. These may be used on my website, on social media or in journalistic articles (printed or electronic). Your express permission will be obtained before such items are published, and attribution can be expressed in any way you wish (e.g. Jane Brown, Norfolk; Jane B, Norfolk; JB, Norfolk; Anon, etc.). Once such consent has been given, Working Order reserves the right to repeat use of such photographs and testimonials on other platforms.
Website cookies and Google analytics
If you feel your personal data has not been handled correctly or you are unhappy with any response I have made to you concerning the use of your personal data, you may contact the ICO (Information Commissioner's Office), which is the Regulator for the UK. If you are based outside the UK you have the right to lodge a complaint with the relevant data protection regulator in your country of residence.
Get In Touch
Revised 29 January 2020