1. Introduction
Pen Written Post is committed to protecting the privacy and data protection rights of individuals in accordance with the General Data Protection Regulation (GDPR) and other relevant data protection laws. This GDPR policy outlines our commitment to compliance with data protection principles and requirements when processing personal data for handwritten direct mail purposes.
Pen Written Post is committed to protecting the privacy and data protection rights of individuals in accordance with the General Data Protection Regulation (GDPR) and other relevant data protection laws. This GDPR policy outlines our commitment to compliance with data protection principles and requirements when processing personal data for handwritten direct mail purposes.
2. Scope
This policy applies to all personal data processed by Pen Written Post in the course of its handwritten and direct mail operations, including data collected from clients, partners, and individuals who receive handwritten direct mail communications.
3. Lawfulness, Fairness, and Transparency
- Personal data will be processed lawfully, fairly, and transparently, respecting individuals’ rights and the GDPR principles.
- We will provide individuals with clear and concise information about the processing of their personal data, including purposes, legal basis, and their rights.
4. Purpose Limitation
- Personal data will be processed for specific, explicit, and legitimate purposes related to our handwritten direct mail services.
- We will not process personal data for purposes that are incompatible with those for which it was collected.
5. Data Minimisation
- We will only collect and process personal data that is adequate, relevant, and limited to what is necessary for handwritten direct mail campaigns.
- We will avoid collecting excessive or irrelevant personal data.
6. Accuracy
- We will take reasonable steps to ensure the accuracy of personal data and keep it up to date when necessary.
- Inaccurate or incomplete personal data will be rectified or erased promptly.
7. Storage Limitation
- Personal data will be retained for no longer than is necessary for the purposes for which it was collected or as required by law.
- Retention periods for different categories of personal data will be established and regularly reviewed and updated.
8. Security
- We will implement appropriate technical and organisational measures to ensure the security of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction, or damage.
- Access to personal data will be restricted to authorised personnel who need it for the performance of their duties.
9. Data Transfer
- Personal data will only be transferred to third parties, including subcontractors and international recipients, in compliance with GDPR requirements.
- Adequate safeguards, such as standard contractual clauses or binding corporate rules, will be implemented for international transfers of personal data.
10. Data Subject Rights
- We will respect individuals’ rights under the GDPR, including the right to access, rectify, erase, restrict processing, object to processing, and data portability.
- Requests from data subjects to exercise their rights will be promptly acknowledged and responded to in accordance with applicable law.
11. Data Protection Impact Assessment (DPIA)
- We will conduct DPIAs for high-risk processing activities that may impact individuals’ privacy and data protection rights.
- Mitigation measures identified in DPIAs will be implemented to minimise risks to personal data.
12. Documentation and Accountability
- We will maintain comprehensive documentation of our data processing activities, including data processing agreements, data protection policies, and records of processing activities.
- A Data Protection Officer (DPO) will be designated, and personnel will receive appropriate training on GDPR compliance.
13. Compliance Monitoring and Review
- Compliance with this GDPR policy will be regularly monitored and reviewed to ensure ongoing adherence to data protection laws and regulations.
- This policy will be reviewed and updated as necessary to reflect changes in business practices or legal requirements.
14. Contact Information
For inquiries or concerns about our GDPR policy or data protection practices, please contact our Data Protection Officer (DPO) at daniella@penwrittenpost.co.uk.
This GDPR policy serves as a framework for Pen Written Post to ensure compliance with data protection laws and regulations governing its handwritten direct mail operations. All employees and stakeholders are expected to comply with this policy and support its implementation.