Last updated: 22nd May 2018
Solway Print Limited
11 Catherinefield Ind Est,
whose registered office is at
Farries Kirk & McVean
Dumfries Enterprise Park
Tinwald Downs Road
GDPR Compliance Policy
Solway Print Limited is a print business which handles personal data on an ad-hoc basis and is aware of its responsibilities in respect of complying with GDPR regulations and is fully committed to maintaining information security to protect customers, suppliers and individuals.
We understand the importance of this and have a robust system in place to ensure compliance.
We have informed and educated our employees in respect of how it impacts our business, what process we have to follow and why it is important we do so.
As a data processor we are responsible for the safe handling, transfer and destruction of personal files and have the following in place to ensure this is carried out securely:
- We have conducted an information audit to map information and data flow throughout the business.
- We document all personal data held, its origin, who it is shared with and what purpose we hold it for.
- We have an appropriate data protection policy which is management led and promoted positively
- throughout the business.
- We have implemented appropriate technical and organisational measures to integrate data protection into our processes.
- We have effective controls will which identify, manage and resolve personal data breaches.
- We have provided effective data protection awareness training to all staff.
- We have a robust but flexible process which can respond to the needs of the data controller in respect of supply, retention, back-up and suppression of specific personal data.
- Our systems are protected to the highest level from viruses and Malware using the latest anti-virus software.
- We are committed to continuously improve our data protection management system.
- We have customer and supplier contracts which legally comply with GDPR.
For the purposes of clarification we have expanded on the following:
Solway Print is the data processor and our customer is the data controller or processor. We undertake to carry out personal data services based on our customer having either explicit consent to use this information or having agreed legitimate interest.Therefore the onus is on our customer to have this consent and the controls in place to process the information legitimately and we will not assume liability if this transpires not to be the case.
Data type and purpose:
We require only the relevant information or data and any additional, unnecessary information supplied must be
identified and removed from the database before proceeding unless expressly agreed otherwise in writing with our customer and with them accepting the associated risks.
We may sub-contract the processing of personal data to carefully selected partners that we have dealt with for a number of years. These partners have a long established history of processing this information, have been audited on a regular basis and are GDPR compliant.
We have legal contracts with each of these suppliers which comply with GDPR legislation.
Data subject rights:
Individuals have the right (subject to conditions) to the following under GDPR –
To object to the processing of their personal data
For data portability
To request that their data is updated and corrected
For the erasure of their personal data
To restrict the processing of their personal data
To withdraw their consent to the processing of that data
To lodge a complaint with the data protection authority
We will observe all of the above and facilitate those rights in a timely,
efficient and professional manner within GDPR guidelines.