We are called ‘The Data Processors’, we process data sent to us by you our Clients. Our Clients are called ‘The Data Controllers’ , who’s Data is for the sole purpose of producing Photo ID cards or Photo ID Badges.
- Data we hold remains the sole property of our individual Clients ‘The Data Controller’ at all times.
- Castlemount Ltd will keep Data secure for use with replacement, updated or new Photo ID cards.
- Clients can request that the Photo ID Card Data is returned, or securely destroyed after a given period has expired.
- Clients can withdraw consent for us to hold any information on them, their Employees or their Clients.
- Your Data is split between the individuals information (text) and images (pictures) and stored separately, never together.
- The Data is stored locally on our Secure Server and backed up to a Secure Cloud Server each day.
- Castlemount Ltd does not and will never share any of our Client’s Data with any 3rd party.
- We will never use ‘Sub Processors’ (3rd Parties) without the written consent of The Data Controller (our Clients).
- Free copy of ‘The Data Controller Agreement’ available to use between us to ensure your GDPR compliance.
- We are registered with the Information Commissioner’s office Reg No: Z5762981 at www.ico.org.uk
- All our policies are transparent and we will always be available to answer questions about security from our Clients.
- External IT company manages the safety and security of our IT Network & installs regular essential updates.
- The security of our business premises is paramount, this is reviewed, upgraded and tested regularly.
- We securely shred all sensitive paper documents, photographs, ID Cards returned to us and any machine misprints ID Cards.
If you have sent us any information to produce ID Cards, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
We welcome the opportunity to discuss Data Security with you and the 2018 GDPR changes we have made to ensure both we and our Clients comply with the new Data Protection Law, our contact page link.
Paul Bignell – Director / Data Protection Officer