Print Junction Limited trading as Xmas4Schools & Mugs4Schools

What data is collected & stored? (Data Flow)

Our projects Xmas4Schools & Mugs4Schools collect information to process orders. In the first instance this starts with collecting and storing information surrounding the organiser of the project, their contact details and the school or nursery address. The exact details we collect and store are:

Full Name, Contact Telephone Number, Email Address, School/Delivery Address, Project Dates, Notes surrounding the job – i.e. phone conversations with specific operational instructions.

When X4S & M4S orders are received, we will collect and store the following:

Childs Name, Child’s Class, School Name, Parents Name, Contact Telephone, Email Address, Order Quantities, Order Image

No other data is collected or stored.

How is the data collected & stored?

Data is collected via telephone, email and the use of a paper order form. Data is stored on an in house secure server that is maintained to the highest standards by MPR-IT and Hewlett Packard. The storage is remotely backed up with snapshot images of the data being taken every 24 hours. Our server is protected by SSL and external firewalls with all unused ports shutdown to prevent server attacks.

Why is the data collected & stored?

We collect data to process printed orders.

How long is the data held for?

Specific job data is held for a period of 6x months before being erased from our servers.

Organisation details are held for a period of 12x months before being erased from our servers – where there is communication with an organisation within this period, our systems are set up to retain this information.

What systems are in place to secure this data?

Data is stored on an in house secure server that is maintained to the highest standards by MPR-IT and Hewlett Packard. The storage is remotely backed up with snapshot images of the data being taken every 24 hours. Our server is protected by SSL and external firewalls with all unused ports shutdown to prevent server attacks.

Physical security – where the server is located it is protected by coded alarm and CCTV systems.

Is Print Junction a Data Controller/Processor?

We control and process data.

Sharing of Data

We will not sell or disclose your data without prior consent - When data is shared to an authorised party, it will be encrypted by way of password and sent via our SSL secured server.

As an organisation, we choose to outsource our data entry. To ensure the security of data we have built a secure system that displays only one record at a time to the input clerk, this stops harvesting of data. It is also not possible to download lists of data by using this system. Where we use external data input companies, we have signed non-disclosure agreements and identification for the companies data protection officer.

Data Breaches

Since incorporation in 2001 we have not experienced a data breach. We review our data protection policy annually to ensure we do everything in our power to reduce the possibilities of a data breach.

In the event of a data breach we will within 7 working days from awareness of the breach, contact all parties involved in the breach explaining what data has been compromised. We have 24hr IT support ready to assist in securing a potential breach.

Consent & Opt In

The only data collected is for participants or interested parties in one of our schools projects, or for persons who have already expressed an interest or are already customers of the company. This data is all given in person either over the phone or using an online form. None of this data is shared with any other organisation and is not used for any other purpose than necessary contact relating to business in progress.

Subject Access Request – Obtaining your information

You have the right to a copy of the personal data we hold about you. This can be requested formally via a Subject Access Request by writing to: Board of Directors, Print Junction, Cobbs Wood House, Cobbs Wood Industrial Estate, Ashford, Kent, TN23 1EP. Upon receipt of this, our company will respond within 28 days in line with ICO Regulations.

Right to be forgotten / Erasure

Any person whose data we store has the right to request erasure. The request for erasure can be made over the phone, via email or in person. All valid requests for erasure will be processed within 7 days of the request. Such data will be permanently deleted from our records.

Right to Object

Any person whose data we store has the right to object to that data to be used for any research or direct marketing purposes. There are no exceptions to this and we will immediately stop using data for these purposes as soon as any objection is received. This is also stated in our Privacy Policy which can be found on all our websites.

Risk Assessment for the transfer of data/data input outside of the EU & UK

The Nature of Personal Data

Child’s Name, Child’s Class, School Name, Parent’s Name, Parent’s Email, Order Quantities

The purposes for which the data is intended to be processed

The data collected is only processed in relation to the orders already placed for personalised printed products

The period during which the data is intended to be processed

The data is only processed during the period during which data entry takes place and the order is being fulfilled

The country or territory of origin of the information contained in the data

UK

The country or territory of final destination of the information

UK

Security Measures Taken in Data Transfer / Sharing

NDA

Risk Assessment

Risk Assessment Conclusion:

Transfer can proceed from the UK to the third country in compliance with the eighth principle.

Privacy Policy

Our Privacy Policy tells you what happens to any personal information that you provide, or that is collected from you whilst you use our site.

The Data We Collect

We may take the following information about you:

1. Data about your use of our website including information about your visits such as the pages you viewed and the resources that you accessed. This information includes traffic data, location data and other communication information.

2. Information you give us voluntarily. So, when you register with us for information, or purchase a product.

3. Data you provide when you communicate with us in any way.

Cookies

Cookies give information about the computer used by a visitor to our site. We might use cookies where it is appropriate to gain information about your computer to assist us in making improvements to our website and to make sure we give you a good customer experience when you visit print-junction.co.uk.

We might collect data about your overall internet use by using cookies. Where we use these, cookies are downloaded to your computer and stored on your computer’s hard drive. This data does not identify you personally. It is purely statistical. This data does not identify any of your personal details at all.

Disabling Cookies

You are free to change the settings on your computer at any time to stop any cookies if you want to. This is easily done by activating the reject cookies setting on your computer. If you carry on using our website without making this adjustment, we will assume that you agree to receive all cookies on our website.

Use of Your Data

We use the data collected from you to provide our services to you. We may also use the information for the following purposes:

1. To give you information you request from us about our products or services.

2. To give you information about other products that you may be interested in. Such information will only be provided where you have agreed to receive it.

3. To tell you about any changes to our services, products or website.

If you have purchased goods or services from us, we may give you details of related products or services, that you may be interested in.

Where you have agreed, we may allow selected third parties the use of your information to provide you with information about unrelated products and services that we think may be of interest to you. Where such agreement has been given it can be withdrawn by you whenever you wish.

Your Personal Data

By providing us with your personal information, you consent to this transfer, storing or processing. We do our best to make sure that all reasonable steps are taken to store your information securely.

Unfortunately sending information via the internet is never totally secure and sometimes this information can be intercepted. We can’t guarantee the complete security of information that you choose to send us in this way. Sending us this data is at your own risk.

Disclosing Your Information

We will not disclose your personal data to any party other than in accordance with this Privacy Policy and in the circumstances below:

1. In the event that we sell any or all of our business.

2. Where we are legally required to disclose your personal data.

3. To assist with fraud protection.

Third Party Links

Sometimes we include links to third parties on our website. Where we publish a link it does not mean that we recommend or approve that site’s policy towards a visitor’s privacy. You must review their privacy policy before sending them any of your personal information.

Access to Information

In accordance with the Data Protection Act 1998 you have the right to access any data we hold relating to you. We reserve the right to charge a fee of GBP 10.00 to cover the costs of providing you with this information.

Right to Object

Any person whose data we store has the right to object to that data to be used for any research or direct marketing purposes. There are no exceptions to this and we will immediately stop using data for these purposes as soon as any objection is received. This is also stated in our Privacy Policy which can be found on all our websites.

Contacting Us Please do contact us regarding any matter surrounding this Privacy Policy on 01233 624462

Further steps to protect Data

We take data protection seriously and review our systems annually.