What information is being collected, why and how?
When you email or call Hayley Hemmings’ Freelance Services to make an enquiry, either as a result of using my website, via word of mouth, or via any other marketing channel, I will use your email address and or phone number to communicate with you.
If we start working together, you will be issued with a Service Level Agreement. This is a document which may contain your name, email address, address and phone number. Your personal data as set out above may also be used on my invoices too.
If for any reason I wish to use your data for any other purpose, such as sending you a newsletter or updates about my business, I will request your express permission before doing so.
Which legal basis is being used for collecting and processing your data?
The legal basis for processing your personal data falls under “contract” – I need to process your data in this way to communicate with you before we enter into a contract and during the time the contract is in place to deliver the work required.
I also have a “legal obligation” to process your personal data to keep my business records and accounts as set out by the HMRC.
Where will your personal data be stored?
Your data will be stored on my PC within my email system and in my smartphone. Once our contract is underway, I will continue to keep your personal data in my email account and my phone. I am able to access my emails from my phone, this allows me to respond to enquiries as quickly as possible.
Your personal data will also be stored electronically on an external hard drive, on a backup memory stick and as a paper copy too (for example, within invoices and our Service Level Agreement).
Who will your personal data be shared with?
Your personal data will not be sold or passed on to third parties unless required by law or unless you have specifically asked me to do so.
An example of this would be if you ask me to pass your details onto any of my business contacts that offer services you might be interested in e.g. a web designer, photographer or bookkeeper. An example of where I might be required to share your details by law would be if I need to provide my business records to my accountant or the HMRC for tax investigation purposes.
How will your personal data be protected?
The systems I use for work comply with the General Data Protection Regulation (GDPR). For example, Microsoft Office 365 for Business complies with the EU-U.S. Privacy Shield.
In addition, I have a sufficient antivirus package installed on my PC and on my smartphone. This identifies any potential threats through regular scans and alerts me when any software I’m using requires an update, therefore reducing the risk of cyber-attacks.
My smartphone is protected by fingerprint authorisation technology and a pin. The antivirus I have installed has a tracking feature to enable me to locate my phone in the event it is lost or stolen.
Any personal data contained in paper format or on the external hard drive and memory stick are kept in a locked filing cabinet at my home, from where I operate my business.
How long will your personal data be retained for?
If we don’t end up working together, your details will be deleted within one month. If we do start working together, I will use your personal data throughout the time our contract is in place.
Once our contract has ended, I will keep our email correspondence for one year afterwards before deleting, in case you wish for us to carry on working together or in case you need copies of files (work files will be kept for up to three years).
However, I will need to keep an electronic and paper record of your personal data for a period of 5 years from 31 January following the tax year for which the tax return is made. This is to comply with the UK law of keeping accounts and records on file for tax purposes. After this time, electronic copies of your personal data will be deleted and any paper copies shredded.
How will collecting this information affect you?
The information I collect about you will enable me to provide you with my services. As the data I’m collecting is not classed as sensitive and is not being routinely shared, this shouldn’t affect you in any negative way.
Your personal data rights
You have a right to access and amend your data and you also have a right to be forgotten. If you wish to see what data I’m holding about you, you can do so at any time. Simply email me at the above email address and ask for a copy of your data.
As I require your personal data to provide you with my services and to comply with UK law, it may not be possible for me to remove all of your personal data from my systems, without ending our agreement and in the case of accounts and record keeping, until the required length of time has passed.
Links to external websites and a note about this website’s cookies
This site may link to external websites, for example to social media platforms to allow you to connect with me, or to sites where you can see examples of my work.
Please note that I have no control over external websites. If you provide information to a website from which this site has linked to, I am not responsible for its privacy or protection. Please be wary when submitting your personal data to any website. Always read a website’s privacy statement to fully understand how your data will be used.
How to make a complaint
I’m collecting your personal data so that I can provide you with my services. I only process the personal data that I believe is necessary for me to carry out my services. However, if you’re unhappy about the way I’m using your data, or if you believe I’m holding unnecessary data, please contact me in the first instance with your concerns. I will do my best to oblige you.
If after discussing your concerns with me, you’re still unhappy, you may contact the UK Information Commissioners Office here.