G.D.P.R. STATEMENT
Information Held
I, Jonathan Chadwick, Sole Tradeer and data controller, hold business contact information including the names and contact details of individuals. This may include their email address, mobile or landline telephone numbers and business addresses. I do not hold any sensitive information such as sex, religious beliefs or age.
My data base has been established over fourteen years of trading (as of 6th April 2023) supplying illustration commissions, creative artwork and graphic design. The information I store is used solely on the GDPR lawful basis of:
‘(f) Legitimate interests: the processing is necessary for your legitimate interests’
To this extent, I only process personal data for my ‘core business purposes’. This includes advertising, marketing and public relations and for the upkeep of my own accounts and records. This processing of personal information is done solely to support my primary business activity.
The information I store has come from a variety of sources including incoming business enquiries from prospective customers, outsourcing business enquiries to potential suppliers, online searches for publicly available information on prospective business customers and business directories.
The individuals I hold information about are restricted to those I need to process for my own advertising, marketing and public relations – for example past, existing or present customers or suppliers. The information I hold is restricted to that information necessary for my advertising, marketing and public relations – for example, names, addresses and other identifiers. For the purposes of transparency, I advertise and market my own goods and services. If I obtain personal information from a third party, it is solely for the purpose of marketing my own goods and services. I never have or will sell or trade my list of customers.
Additionally, I process this information for the purposes of keeping accounts relating to any business or other activity I carry out; for keeping records of purchases, sales or other transactions to ensure the relevant payments, deliveries or services take place; and in making financial or management forecasts to help me carry out my business or activity.
The individuals I hold information about are restricted to anyone whose personal information needs to be processed for the upkeep of these accounts and records – for example past, existing or present customers or suppliers. Further, the information I hold is restricted to that personal information that is necessary for the upkeep of these accounts and records.
No information relating to any individual under the age of 18 years is or will ever be knowingly recorded.
No portraits or visual identity references to individuals are ever stored in my database.
Data Retention
The information I hold is reviewed annually to make sure that it is accurate and relevant to my ‘core business purposes’. Incorrect or out of date data will be updated when identified. When stored data is identified as being highly unlikely to result in a future potential business transaction (ie. in the event that a company relating to an individual has folded), individual records will be deleted.
Data Sharing
I do not directly share any of the information I store digitally in my database with any third party. Please note however, that hard copies of business to business transactions (invoices) are supplied to my G.D.P.R. compliant accountants (R.Sutton and Co. Chartered Accountants of 25 Park Street, Macclesfield, Cheshire SK11 6SS) who provide a legal service. These documents include the name and business address of the individual who commissioned my services. These documents are returned to my office after completion of my annual accounts and stored in a secured office environment for a period of seven years before being destroyed.
​
Subject Access Requests
Any individual may submit a Subject Access Request at any time. Following verification of their identity, they will be provided in writing via email, a detailed report describing what personal data is held by myself, why it is being held, which individuals or organisation it has or might be shared with and the source of this information (where available), within one calendar month of submission. There is no charge for the supply of this information.
Data Breaches
In the event of a data breach, the risk to individuals on my data base is low and unlikely to affect the rights and freedoms of those individuals that could result in: discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage. However, in the event that exposure to this risk is possible, the ICO will be informed within 72 hours of the breach becoming known, followed by direct correspondence to the individual(s) concerned.
Contacting Jonathan Chadwick
If any individual feels that any aspect of Jonathan Chadwick's activities contravene G.D.P.R. regulations, they are invited to contact myself directly to which I will respond formally within 10 working days. Individuals should be aware that they also have the right to complain to the ICO if they think there is a problem with the way I am handling their data.
Be aware, that in the event of any individual contacting Jonathan Chadwick regarding the possibility of a future collaboration, commission, or other business related activity, I will collect and store the contact data provided as deemed necessary for my legitimate interests. It is taken as understood that they consent to me replying by the method with which they contact me and that they have read and understood the terms laid out in this policy statement regarding how their data shall be used in future.
​
​
​
​
Last Edited on 08.04.2023
​
​
​
​
​
