Reading UK GDPR policy

Our company Reading UK is supported by the Reading Borough Council ICT platform, managed by Northgate which is General Data Protection Regulation (GDPR) compliant. Within that platform we keep our own electronic filing system.   Our website has also been made GDPR compliant by the web site hosting and management company Tribal.

Audit

We have undertaken an audit of all our databases on our electronic systems containing personal information dating back over 10 years.  Our findings and actions are as follows

1. Any database not used in the last year has been deleted.
2. Personal information about Board Directors for registration at Companies House has been deleted and the Board members notified that the Company Secretary and staff of RBC will only use email, telephone and work addresses for the purposes of delivering the day to day business of the company
3. Our monthly ‘e’ newsletter held about 500 emails addresses. We have sent request seeking agreement to continue sending the email newsletter.  Anyone not responding will be deleted  Anyone asked to be removed will be removed as quickly as possible
4. We manage the retail Business Improvement District for Reading as approved by Reading Borough Council and a democratic vote by the BID levy payers. BIDs were set up under Government legislation.  As such we have access to the BID levy ratepayers’ database, but this does not contain a named contact, only the address of the company and how much BID levy they pay.  This is kept confidential in a password protected file on our computer system accessible to the Executive Director, the BID Manager and the BID Managers Assistant.  The current BID extends to March 31^st 2019; however we are in the process of renewing the BID for a further five years.
5. We have collected personal email addresses of staff in the shops and offices of the BID, through day to day delivery of the BID Business Plan and services. We use these emails to send a newsletter and or invites to events (eg AGM) to the BID levy payers.  The newsletter contains information about the projects and services that they pay for.  As these emails were consented to us for the purposes of providing information about the BID.  If a BID levy payers requests us to stop sending information to the address we have we will remove it from or email address book.
6. We maintain a list of press contacts for the purposes of publicising our work using oppress releases. These contact emails of individuals have been consented to us.  We will review them annually to ensure they are up to date and seek to confirm consent.   

Core policies

1. We understand the data we hold on individuals and what purpose
2. We seek consent to use the information to contact the individual for specified reasons
3. We will make our policy freely available to anyone on our web site and circulate it with anyone we are working with.
4. We will not hold the information in a data base if the reason for holding it is no longer valid or the individual concerned has asked for their details to be removed
5. If an individual enquiries as to whether we hold information on them we will reply within 2 working days to answer the question and take action thereafter as requested by the individual as to whether the information should be kept, deleted or edited.
6. Annual checks and audits will be made of any information we have on individuals
7. Data bases will be kept in password protected files, CRM (for the BID)
8. Further information in our Data Privacy Impact Assessment

Contact Reading UK