Privacy & Data Protection Policies
Privacy & Data Protection Policies
GuestList is owned and managed by Bluelinemedia Ltd. The privacy policy below refers to our storage of your personal data as the account holder, and the data protection policy refers to our role as Data Processor handling the personal data of clients and candidates you add to your account.
Bluelinemedia Ltd Privacy Policy
GuestList is a product owned and managed by Bluelinemedia Ltd. At Bluelinemedia we take personal data privacy seriously and will never sell or share with third parties. We are registered with the Information Commissioner's Office (ICO), reference Z1799006.
How we use your data
We store your personal data to provide information for a new website enquiry or look after your account on the basis of contract as we need this information to communicate with you about your enquiry and ongoing work. For new enquiries we use your phone and email to contact you. For clients we store your email, phone and postal address for account management and billing.
If you have provided personal data, we will store paperwork and billing information for 6 years as required by the HMRC for tax auditing. We delete or anonymise all personal data when the account or enquiry has not been active for 6 years.
We also occasionally send emails about our services on the basis of consent. In compliance with GDPR from 25th May 2018, this will only apply if you've ticked the relevant box, agreed verbally over the phone, or by email to be added to our mailing list. We include an unsubscribe link in our marketing emails so you can remove your consent at any time.
We will never share personal data with third parties or sell your details. Where we use sub-processors such as Clook hosting, Google emails and Campaign Monitor & MailChimp email marketing, these providers are GDPR compliant and handle our data securely.
Your rights
As an individual supplying your personal data, you should know your rights, which are:
- The right to be informed - what personal data we hold and why, as explained above
- The right of access - you can ask us what information we hold about you
- The right to rectification - we must make changes where you tell us they are incorrect
- The right to erasure - you can ask us to remove personal data where it is not needed
- The right to restrict processing - you can ask us to stop processing your personal data (but not remove it) if it's accurate or you think we are using it unlawfully
- The right to data portability - you can ask for personal data in an electronic format that can be provided to other parties
- The right to object - you can object to certain specific uses including direct marketing
- Rights in relation to automated decision making and profiling - we don't use any automated processes with your personal data
You can find out more information from the Information Commissioner's website at https://ico.org.uk/
If you have a complaint or would like to amend or request removal of your personal data, please email privacy@bluelinemedia.co.uk and we will respond within one week.
Information audit
We have conducted an information audit to identify the data flows, personal data and potential risks. We are also committed to reviewing our processes and data on a regular basis.
We have implemented a number of processes to minimise the personal data we hold, protect it from external access, and regularly remove older data.
Security of our network and premises
Personal data remains within our premises, computer network and sub-processors for email and invoicing. Access to our server and other computers, customer access details and third party services are all protected by secure passwords. No personal data in electronic or hard copy form is taken offsite. We delete emails after 6 years.
Breach protocol
If we become aware of a security breach that could expose your personal data and is highly likely to risk your rights and freedoms, we will notify the Information Commisioner's Office and individuals affected within 72 hours.
Staff awareness and review
All our staff regularly review and agree to our commitment to privacy and the processes outlined above. We regularly review these processes and monitor changes to the GDPR as part of our ongoing commitment to privacy.
Bluelinemedia Ltd Data Protection Policy
We are committed to privacy and appropriate handling of personal data in adherence to the GDPR. As a Data Processor, we handle the personal data provided by you as a client of our services. However you remain the Data Controller and as such should take steps to understand GDPR, review the personal data you currently hold, and implement appropriate processes for your organisation.
Information audit
We have conducted an information audit to identify the data flows, personal data and potential risks. We are also committed to reviewing our processes and data on a regular basis.
As a Data Processor holding and accessing personal data on your behalf, we have implemented a number of processes to minimise the personal data we hold, protect it from external access, and regularly remove older data.
Access to your clients and candidates personal data
In providing the Apricot software, we have access to all data you choose to add to your account, including the personal data of clients and candidates. We also occasionally store these on our local computers for maintenance.
By using our services you give us permission to access this data and store on our computers as needed. We will only store personal data on our server as needed, and regularly delete local copies to ensure we do not store for longer than necessary.
Our data protection processes include encryption of login details, anonymisation of data field labels, and direct access for you to edit and remove personal data. All personal data will be stored in electronic format so that it can be provided for your review, and to allow you to respond to individual requests for removal or correction.
No personal data is ever taken offsite.
Personal data could be temporarily stored in email communication between us and you, or between Bluelinemedia employees. We currently use Google's G Suite with a written contract including relevant data protection elements. We delete old emails on a regular basis.
Sub-processors managing your data on our behalf
Where we use sub-processors such as the hosting company Sub 6 Limited, they have provided a written contract and demonstrated GDPR compliance.
Security of our network and premises
Personal data handled on behalf of our clients remains within our premises, computer network or applicable hosting servers. Access to our server and other computers, customer access details and third party services are all protected by secure passwords. No personal data in electronic or hard copy form is taken offsite.
Breach protocol
If we become aware of a security breach that could expose the personal data managed on your behalf, we will notify you within 48 hours with details of what personal data is affected and any steps you should take.
Staff awareness and review
All our staff regularly review and agree to our commitment to privacy and the processes outlined above. We regularly review these processes and monitor changes to the GDPR as part of our ongoing commitment to privacy.