GDPR POLICY (01/01/2024)

Data Protection Controller 
Jecco Digital Marketing will endeavour to ensure that all personal data is processed in compliance with this Policy and the Principles of the Data Protection Act 1998. Woodlands Ltd recognises The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) adopted 27 April 2016, the two-year transition period, and the application date of 25 May 2018, and is now fully compliant with that directive.

The Principles 
Jecco Digital Marketing shall so far as is reasonably practicable comply with the Data Protection Principles to ensure all data is:- 
• Fairly and lawfully processed
• Processed for a lawful purpose
• Adequate, relevant and not excessive
• Accurate and up to date
• Not kept for longer than necessary
• Processed in accordance with the data subject's rights
• Secure

Personal Data
Personal data covers both facts and opinions about an individual where that data identifies an individual. Personal data may also include sensitive personal data as defined in the Act. Processing of Personal Data Consent may be required for the processing of personal data unless processing is necessary for the performance of the contract. Any information which falls under the definition of personal data and is not otherwise exempt, will remain confidential and will only be disclosed to third parties with appropriate consent. 



Sensitive Personal Data 
Jecco Digital Marketing may, from time to time, be required to process sensitive personal data. Sensitive personal data includes data relating to medical information, gender, religion, race, sexual orientation, criminal records and proceedings. 

Enforcement 
If an individual believes that the Jecco Digital Marketing has not complied with this Policy or acted other than in accordance with the Data Protection Act, the member of staff should utilise the grievance procedure and should also notify the ICO (Information Commissioner’s Office).

Data Security 
Jecco Digital Marketing will take appropriate technical and organisational steps to ensure the security of personal data. All clients will be made aware of this policy and their duties under the Act. Jecco Digital Marketing and therefore all clients are required to respect the personal data and privacy of others and must ensure that appropriate protection and security measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to all personal data. An appropriate level of data security must be deployed for the type of data and the data processing being performed. In most cases, personal data must be stored in appropriate systems and encrypted when transported offsite. 

External Processors 
Jecco Digital Marketing must ensure that data processed by external processors, for example, service providers, Cloud services including storage, web sites etc. are compliant with this policy and the relevant legislation.  Ie. Wix, Facebook, OneDrive.
Secure Destruction 

When data held in accordance with this policy is destroyed, it must be destroyed securely in accordance with best practice at the time of destruction.

Retention of Data 
Jecco Digital Marketing may retain data for differing periods of time for different purposes as required by best practices.  Other statutory obligations, legal processes and enquiries may also necessitate the retention of certain data.

Use of imagery 
Jecco Digital Marketing is required to obtain images for the use of specific social media posts and web use, once the imagery has been used Jecco Digital Marketing will delete each image from devices involved to carry out the task. Ie. Mobile Phone, Laptop, Google Drive.

For any questions relating to this policy, please email info@jeccodigital.co.uk