See No Evil

"I only store information about individuals that is relevant for conducting business to business correspondence. I don't hold any sensitive information such as your race, gender or religious beliefs. You can request to see what information I hold about you at any time."
Information Held
---------------------
Trading as (The Illustrated World of) Mr.Chadwick, I, Jonathan Chadwick, the data controller and sole employee, hold business contact information including the names and contact details of individuals. This may include their email address, mobile or landline telephone numbers and business addresses. I do not hold any sensitive information such as sex, religious beliefs or age.
My data base has been established over nine years of trading (as of 6th May 2018) as a sole trader supplying illustration commissions, creative artwork and graphic design. The information I store is used solely on the GDPR lawful basis of:
‘(f) Legitimate interests: the processing is necessary for your legitimate interests’
To this extent, I only process personal data for my ‘core business purposes’. This includes advertising, marketing and public relations and for the upkeep of my own accounts and records. This processing of personal information is done solely to support my primary business activity.
The information I store has come from a variety of sources including incoming business enquiries from prospective customers, outsourcing business enquiries to potential suppliers, online searches for publicly available information on prospective business customers and business directories of Illustration commissioners purchased from my trade organisation, The Association of Illustrators.
The individuals I hold information about are restricted to those I need to process for my own advertising, marketing and public relations – for example past, existing or present customers or suppliers. The information I hold is restricted to that information necessary for my advertising, marketing and public relations – for example, names, addresses and other identifiers. For the purposes of transparency, I advertise and market my own goods and services. If I obtain personal information from a third party, it is solely for the purpose of marketing my own goods and services. I never have or will sell or trade my list of customers.
Additionally, I process this information for the purposes of keeping accounts relating to any business or other activity I carry out; for keeping records of purchases, sales or other transactions to ensure the relevant payments, deliveries or services take place; and in making financial or management forecasts to help me carry out my business or activity.
The individuals I hold information about are restricted to anyone whose personal information needs to be processed for the upkeep of these accounts and records – for example past, existing or present customers or suppliers. Further, the information I hold is restricted to that personal information that is necessary for the upkeep of these accounts and records.
No information relating to any individual under the age of 18 years is or will ever be knowingly recorded.
No portraits or visual identity references to individuals are ever stored in my database.
Hear No Evil

"You will only ever hear from me through those channels which you have agreed to. For example, if you've opted in to subscribe to this newsletter, or in direct relation to business between ourselves."
Data Retention
------------------
The information I hold is reviewed annually to make sure that it is accurate and relevant to my ‘core business purposes’. Incorrect or out of date data will be updated when identified. When stored data is identified as being highly unlikely to result in a future potential business transaction (ie. in the event that a company relating to an individual has folded), individual records will be deleted.

Subject Access Requests
-----------------------------
Any individual may submit Mr.Chadwick with a Subject Access Request at any time. Following verification of their identity, they will be provided in writing via email, a detailed report describing what personal data is held by myself, why it is being held, which individuals or organisation it has or might be shared with and the source of this information (where available), within one calendar month of submission. There is no charge for the supply of this information.

Data Breaches
-----------------
In the event of a data breach, the risk to individuals on my data base is low and unlikely to affect the rights and freedoms of those individuals that could result in: discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage. However, in the event that exposure to this risk is possible, the ICO will be informed within 72 hours of the breach becoming known, followed by direct correspondence to the individual(s) concerned.

Speak No Evil
 
"I NEVER share, sell or distribute any content from my database. The only external parties who are privy to this information are those GDPR compliant organisations that provide a business service which my customers have opted in to receive. For example, subscription to this Mailchimp newsletter or having made a purchase from my WIX online store via STRIPE or Paypal."
Data Sharing
----------------
I do not directly share any of the information I store digitally in my database with any third party. Please note however:
Hard copies of business to business transactions (invoices) are supplied to my G.D.P.R. compliant accountants (R.Sutton and Co. Chartered Accountants of 25 Park Street, Macclesfield, Cheshire SK11 6SS) who provide a legal service. These documents include the name and business address of the individual who commissioned my services. These documents are returned to my office after completion of my annual accounts and stored in a secured office environment for a period of seven years before being destroyed.
The names and email addresses of subscribers to Mr.Chadwick’s Illustrated News newsletter, who have opted in to receive this are stored within the G.D.P.R. compliant third party online software ‘Mailchimp’. No individual’s details are ever added to this mailing list without their express written consent to ‘opt-in’.
When making a purchase through my online store (www.mrchadwickstore.co.uk) the names and delivery addresses of customers are processed by my G.D.P.R. compliant online store provider (www.wix.com) for the purposes of fulfilling the order. Financial details are taken and handled by one of two online e-commerce providers (the customers choice of either STRIPE or PAYPAL). No personally sensitive financial details are provided to or stored by myself. Digital records of orders and invoices are stored within the (www.wix.com) software for a period of seven years before being deleted. No hard copies are stored.​​​​​​​
Contacting Mr.Chadwick
------------------------------
If any individual feels that any aspect of Mr.Chadwick’s activities contravenes G.D.P.R. regulations, they are invited to contact myself directly to which I will respond formally within 10 working days. Individuals should be aware that they also have the right to complain to the ICO if they think there is a problem with the way I am handling their data.
Be aware, that in the event of any individual contacting Mr.Chadwick regarding the possibility of a future collaboration, commission, or other business related activity, I will collect and store the contact data provided as deemed necessary for my legitimate interests. It is taken as understood that they consent to me replying by the method with which they contact me and that they have read and understood the terms laid out in this policy statement regarding how their data shall be used in future.