Data Policy and Statement
This policy and statement describes the information we process to support our business. It is based upon good practice set out by the Information Commissioner’s Office and has also been informed by the Chartered Institute of Public Relations.
It was written following an audit of our data undertaken week commencing 23 April 2018.
BakerBaird Communications is committed to protecting your privacy and complies with the principles of the relevant data protection regulations.
In short this policy contains:
• Personal Data we collect
• How we use personal data
• Who we share personal data with and why
• How you can access and update your information
• Your data and your rights
• How you can withdraw consent for us to use your data
• Our Security and your data
I. What kinds of information do we collect?
To provide information that may be useful to you we must process information about you.
The types of information we collect is minimal and only contains your name, email, work phone number(s), and your work organisation.
We do not ask for or retain any other personal information.
You can ask for your details to be deleted at any time.
II. How do we use this information?
We use the information we have (subject to choices you make) to provide you with messages and news items which may be of interest to you, or you have shown an interest in the past about.
We use the information to also inform you about our company news.
We store this data offline but occasionally use Mailchimp for mass distribution and marketing purposes. You can unsubscribe from mailing lists at any time.
III. How is this information shared?
We never share your information with third party suppliers or others unless we have explicit email and verbal consent.
Examples might include where we have to brief suppliers such as venue owners, photographers or graphic designers.
We have written to all our suppliers and partners to ask them to confirm they are also GDPR compliant.
IV. What is our legal basis for processing data?
We collect and use the data that we have in the ways described above:
• as necessary to fulfil our business obligations and those of our clients;
• consistent with your consent, which you may revoke at any time;
• as necessary to comply with our legal obligations;
• to protect your vital interests, or those of others;
• as necessary in the public interest;
V. How can you exercise your rights provided under the GDPR?
Under the General Data Protection Regulation, you have the right to access, rectify, port and erase your data.
You also have the right to object to and restrict certain processing of your data. This includes:
• the right to object to our processing of your data for direct marketing, which you can exercise by using the "unsubscribe" link in such marketing communications; and
• the right to object to our processing of your data where we are performing a task in the public interest or pursuing our legitimate interests or those of a third party.
VI. Data retention, account deactivation and deletion
We store data until it is no longer necessary to provide our services or until you request we delete all information about you - whichever comes first.
VII. How do we respond to legal requests or prevent harm?
We will access, preserve and share your information with regulators, law enforcement or others:
• In response to a legal request, if we have a good-faith belief that the law requires us to do so. We can also respond to legal requests when we have a good-faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards.
• When we have a good-faith belief it is necessary to: detect, prevent and address fraud, or other harmful or illegal activity; to protect ourselves (including our rights, property or products), you or others, including as part of investigations or regulatory inquiries; or to prevent death or imminent bodily harm.
VIII. How to contact us with questions
If you have questions about this policy, you can contact us as described below. The data controller responsible for your information is BakerBaird Communications, which you can contact online, or by mail at:
The Poynt Building
45 Wollaton Street
IX. Reviewing this policy
We commit to reviewing this policy annually unless we suffer a complaint or a data breach in which case an immediate review will be taken within 24 hours.
Date of Last Revision: April 28, 2018