With the introduction of the General Data Protection Regulation coming into force on 25th May 2018 Finnick Group have posted this GDPR Statement in order to provide our clients and future clients transparency on how we collect, store and terminate the data our company holds.
THE INFORMATION WE COLLECT
Finnick Group will collect information under 3 separate processing topics. Direct contact, Opt in & Accounting.
The processing topic of direct contact covers when a client, prospective client or supplier contacts Finnick Group in the employment or hopeful employment of services. This information can be collected either over the phone, via our websites contact form or through face to face contact (Networking, Expo’s or Client Meetings). This information will always be relevant to the query at hand and will not be used for Promotional or Marketing (Opt-in) purposes unless permission has been granted by the owner of this information.
The processing topic of Opt-in covers any information gathered for the purpose of Promotion & Marketing. Finnick Group may use multiple ways for this information to be gathered including Newsletter op-in’s on our website, competition entries and contact cards at an Expo or conference. In accordance with the regulations of GDPR the information gathered in this format will be lawfully acquired through the use of opt-in checkboxes on forms and competitions on both the website and contact cards.
The processing topic of Accounting covers the information acquired in the case of any financial transaction. This will be details provided by the client and also provided online via Companies House or other data website. The kind of information you can expect to be stored would be the Name, Address, Telephone, Company Number and VAT number of an organisation and also the Name and Email Address of the main contact at this organisation. This information applies to both Clients and Suppliers.
THE INFORMATION WE STORE
Finnick Group will store information in multiple ways depending on our processing topic.
With direct contact information being acquired in multiple ways we follow certain processes in storage of this information. Direct contact information acquired via email will be stored by our email service providers address book functionality. Direct contact information acquired via a phone call can be stored by either the use of a personal diary, notepad or our email service providers address book functionality. Our email provider Microsoft 365 stores this information on their secured servers and the data is encrypted both on the server and during transfer to and from the server.
Opt-in information is stored in a master database on our internal network and can be distributed to multiple third party locations depending on our marketing requirements. Before using a third party service for marketing we will first check to see if both the storage on this service and transmission to this service is both safe and encrypted.
All accounting information is stored on our third party accounting software Xero. More information on how Xero store this information and the functionality they provide to us a client can be found here https://www.xero.com/content/xero/za/campaigns/xero-and-gdpr.html