Privacy Policy

The following outlines the General Data Protection Regulation Policy for Direct Copiers Service Ltd (DCSL) (Compliance From 25/5/2018)

The overarching principle is that

• All data collected and/or stored by DCSL is done so for the sole purposes of DCSL business and an individual’s relationship with DCSL. This will include, but is not limited to, client & employee communication, internal marketing, notification of promotions and extra services available. Individual’s personal data will not be shared with a third party without prior written consent.
• No member of staff will share any personal data with a third party without the prior consent of the individual. This includes, but is not limited to Name, address, email address and phone details.
• All DCSL Staff will sign to consent form for their business email address, phone number and business contact details to be circulated for the sole purposes of DCSL business.
• All DCSL Directors must agree to allow DCSL Staff to freely use their business contact details but do not agree that they are circulated to external third parties without prior consent on a case by case basis, Staff must avoid using their own personal details for business correspondence.

Data Storage

DCSL will carry out a full IT security audit each quarter.

• Where financial transactional data is retained onsite it will be stored in a locked filing cabinet inside a locked room where access is restricted to the directors, authorized member of staff and the Financial administrator. The data is treated as confidential and is only shared with authorized personal
• Financial transactional data from previous financial years will be held on site in a secure locked room for 7 years which only DCSL staff have access to.
• After their expiry any paper records will be destroyed by an authorized member of staff operating equipment in accordance to the regulation and disposed of appropriately.
• When processing financial information by telephone staff taking the call not must write down or record any of the information given to them and entered only in to the secure client record on the CRM system. They must not repeat back any details and if they require clarification they will ask the caller to repeat the details. The transaction should not be processed on speaker phone.
• Clients who elect to pay by Direct Debit have their bank account and sort code held against their client record. This information should only be inputted by the directors, authorized member of staff of the financial administrator. This data should not be disclosed under any circumstances. If and when cancels their direct debit the financial information will be removed.
• No PC or workstation shall be left unmanned without a suitable password protected screen saver. All PCs and workstations should be closed and password protected overnight.
• All Staff should use only their own login to access PCs and Clients databases and not share their login details with others.

• In order to show compliance to the General Data Protection Regulations all staff will carry out a training program and sign to agree that they understand the implications. (Signing log attached), they will also sign this policy to show they have read and understand their responsibility to personal data.
• From January 2018 the Directors will meet quarterly to conduct a GDPR audit to ensure full compliance.
• ll staff have signed as part of their contract of employment a confidentiality clause.

Clients and Customers

• On becoming a client, each client must be told that the DCSL will not under any circumstances use their data for any other purpose than for processing payments, promotions, services and deliverables. The data will not be circulated to third parties unless members they give their prior written consent.
• From time to time the DCSL is approached to circulate relevant matters on behalf of third parties(equipment Manufactures), this is managed from the DCSL offices and the details are not circulated for any purpose other than safety or operational information on the equipment supplied by DCSL, clients can opt out of third parties mailers.

Data Rights

• The data held by DCSL can only be as accurate as the information supplied to DCSL. It is the responsibility of the individual to ensure their data is accurate.
• Once an individual’s relationship with DCSL has become inactive their personal data will be retained electronically for 3 years before deletion, otherwise requested for immediate deletion by the individual.
• An individual may at any time request the removal of their personal data by contacting mail@directcopiers.net. It should be noted that the removal of all personal data (including email contact details) will result in DCSL no longer being able to carry out the processing promotions and special services the client may require.
• An individual may at any time raise a concern by contacting mail@directcopiers.net