Date: 14th May 2018
Report prepared by: Chris Kenny
On behalf of: MyAudience Limited
With the introduction of new Europe wide GDPR MyAudience (the trading name of MyAudience Limited) and its associated companies is committed to ensuring full compliance and confidence to all of their customers.
The General Data Protection Regulations (GDPR) will supersede all existing data protection laws on 25th May 2018. GDPR will affect all.
MyAudience deal with a large amount of data, specifically data that relates to the names, addresses as well as some other personal information that falls within categories, this includes age, marital status, gender, lifestage, household income and length of residence, this information is supplied by a third party Experian.
We may also from time to time receive data from our clients.
As a technology and service provider, we pride ourselves on being secure and compliant, to give our customers the utmost confidence in using our products and services within their businesses.
What data is held and where?
• MyAudience only holds and process information relevant to the services we provide. We store our clients’ data on a secure server that is based within the European Economic Area (EEA).
• Data uploaded to our web-to-print system is held on secure severs based within the European Economic Area (EEA).
• Our Email server. Hosted by Google (See Google & GDPR)
Who has access to this data
Data is strictly accessible by MyAudience employees only, specifically for the purposes of supporting the software and satisfying our customers’ orders.
People who handle customer information within the business fall into 3 categories:
• Data processors – Responsible for processing our monthly feed from Experian who have full access to the data via a secure login.
• Customer Service Employees – Head Office personnel responsible for receiving individual orders for our clients and managing any personal requests for information.
• Print Room Employees – Responsible for printing personalised direct mail which is received within a secure server environment.
How long do we hold your data
Data supplied to us by Experian is updated every thirty days, we hold a back-up of the previous months’ data on a separate secure server, after a further 30 days it is permanently and securely destroyed.
Data stored within our Web-to-print platform is held for 30 days, after which it is permanently and securely destroyed.
Data supplied by our customers is held for 30 days, after which it is permanently and securely destroyed, unless there has been a specific request to delete it in a different time.
How we are complying with GDPR
Members of the public are able to contact us directly if the information we have been supplied by Experian needs to be corrected, we do require that they contact via email at firstname.lastname@example.org. People can contact us via telephone on 0118 936 0123, however, we will require an email or letter confirming their information.
Mail can be sent to MyAudience, Oaklands House, 2 Oaklands Park, Wokingham, Berkshire, RG41 2FD.
• Right to be forgotten – You and your clients can request us to delete any details we hold at any time. If you terminate your account, you will be offered to permanently erase all of your data. After receiving a request to be forgotten, we will permanently delete your account and all data associated with it within 30 days of receiving the request.
Members of the public who ask for their details to be removed will only have their details removed from our system, it is their responsibility to contact any third-party data supplier, if, they wish their details to be removed from their database.
If data is supplied to us by Experian they can be contacted at:
Customer Relations Team
Experian Ltd, PO Box 8000, Nottingham, NG80 7WF
Telephone – 0844 481 0060
• Right of portability – If requested, we will export your data and your clients data so it can be transferred to a third party.
• Right to object – At any time, you may object (via opt out) to your personal data being used for specific purposes such as direct marketing, research, etc..
Clients using and downloading our data are requested to read our Terms & Conditions and the point of order we ask you to review these terms when you place your order. Users are not able to complete their order without agreeing to our terms & conditions.
How MyAudience will help you to comply with GDPR
GDPR expands privacy protections and rights to your customers too. MyAudience will help you comply with requests you receive that fall under GDPR regulations and relate to the data given by yourselves so we can undertake the services you have ordered:
• Right to rectification – You can request that we update client and contact information at any time. Your contacts can contact MyAudience directly and we’ll correct or delete that information from them.
• Right to be forgotten – If you receive a request to be forgotten, you’re able to delete a contact, which permanently removes their information from your account. If your client contacts us directly with a valid request, we will delete their contact’s data from your account, or across all MyAudience accounts, if requested, in order to comply with GDPR.
• Right of portability – If you or your client requests their personal data, to be moved we are able to make it available to you via a secure connection.
• Right of access – If your client requests their personal data, we are able to make it available to you via a secure connection.
What changes we are making for full compliance
• Our 3rd Party data supplier Experian – Personal data supplied by Experian to MyAudience from their ConsumerView product is a fully compliant source of prospect data.
For further information see: https://www.experian.co.uk/gdpr/
• Our systems and processes – Our systems and processes are audited on a regular basis by a 3rd party company. Our servers are regularly stress tested for malicious activity.
• Our staff – have undergone training and have also been checked and approved by a third party DBS check