In order to use some of the paid and free services provided by this site, it is necessary to collect personal data such as email addresses. This data will be used to send out newsletters when requested, provide a means of responding to enquiries by site users, provide further information as requested via a contact form, or for other specific purposes for which users have consented to receive written communication from EwK Services.
The General Data Protection Regulations describe how Kirsty Major, and anyone working for her, must collect, handle and store personal information on behalf of EwK Services. To comply with the law, personal information must be:
- collected and used fairly, stored safely and not disclosed unlawfully.
- obtained only for specific, lawful purposes
- adequate, relevant, and not excessive
- accurate and kept up to date
- deleted if no longer necessary
- protected appropriately.
The primary person responsible for the safe and legal handling of the data covered by this policy is Kirsty Major as the website and business owner. Anyone working for EwK Services with access to data will be given training to ensure that they understand their responsibilities in relation to accessing, using, and storing the data.
Data storage, use and retrieval
- At EwK Services, all data is stored electronically and never printed out, thus eliminating risks caused by paper documentation.
- data should be reviewed regularly and any data that is found to be out of date should be deleted or the central record should be updated as appropriate. This means that any data gathered for one-off purposes will not be stored after it is no longer needed, and data belonging to any site user, which cannot be reached using the information they originally gave, will be deleted.
- Data should not be disclosed to unauthorised recipients.
- When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts.
- If data is stored on removable media (such as a removable storage drive), this should be kept locked away securely when not being used.
- Data should only be stored on designated drives and servers.
- Data should be backed up frequently. Those backups should be tested.
- All servers and computers containing data should be protected by security software and a firewall.
Subject access requests
All individuals who are the subject of personal data held by EwK Services are entitled to ask what information EwK Services holds about them and why.
If an individual contacts EwK Services requesting this information, this is called a subject access request.
Subject access requests from individuals should be made by email. A subject access request form can be made available on request, but it is not necessary for a request to be made using the subject access request form.
It is EwK Services’ intention that all such requests are dealt with within 14 days.
Reasonable checks will be made to verify the identity of anyone making a subject access request before handing over any information.
Disclosing data for other reasons
In certain circumstances, the Data Protection Act allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.
Under these circumstances, EwK Services will disclose requested data. However, reasonable checks will be made to ensure the legitimacy of the request.
Get in touch
If you’d like to contact me or sign up for the monthly EwK Services newsletter, please use this contact form: