GDPR POLICY - Total Design

GDPR Policy by TD Consultancy Ltd (4747868) T/As Total Design, 1 Bedford Road, London N2 9DB.

Type of Personal Client Data Held
The type of Personal Data held by Total Design is currently for clients only and consists of:
Full Name/s
Email Address/es
Phone number/s
Address
Bank Details
Intellectual Property such as logos/fonts/colours etc which are specific to individual clients.

Why is the Client Data held?
Total Design only hold clients’ personal data, as above, for contractual purposes.

Who has access to the Data held
Clare Knowles as the owner of Total Design is the Data Controller and has the overall access to all data
provided by the client and handled by Total Design. A previous director of Total Design has access to
previous client names and phone numbers via an archived password protected server, and access to
contacts via Xero Accounting, which is also password protected. The IT company (Integrating Systems
Ltd) which assists Total Design with their IT requirements, has access to Total Design emails as an Admin
on the account. They also have access to the Data Controller’s computer but only with express consent
by Clare Knowles and she is present while any access by the IT company is carried out.
Third party suppliers sign a Non-Disclosure Agreement or the Total Design Terms and Conditions, which
outlines that any data cannot be shared except between the supplier and Total Design.

How Data is handled by Total Design
On receipt of a phone call or email communication received by Total Design with a potential client, an
exchange of emails via Gmail occurs. On receipt of confirmation that a client would like to receive a
quote from Total Design, details of the client are inputted to Xero Accounting to enable a quote to be
forwarded along with Client Terms and Conditions and a copy of the GDPR policy. The Quote requests
that a client has read the Terms and Conditions, has understood the Total Design GDPR policy and that
he/she is happy for Total Design to hold the data which is being provided to Total Design.
On receipt of a signed Quote from the client, a new client folder is opened within the business computer
(which is password protected) and work is undertaken for the client.
Should any suppliers be required to undertake any work (such as printing or digital), all suppliers need to
sign off on Terms and Conditions provided to them by Total Design. These Terms and Conditions provide
protection for all clients of Total Design as it covers that the clients’ Intellectual Property provided to the
supplier are not shared or used for any other purpose than for the printing or digital (or other) as
required by Total Design. Signed supplier agreements are stored digitally and/or by emails within the
password protected computer.

Once a project requires approval, an email ‘Project Approval Form’ is sent to the client which requires
signature confirmation that the client is happy with the project. This signed form is held digitally within
the client folder and also in the email received from the client.
Invoicing is undertaken via Xero Accounting and on a quarterly basis, the Accountant (RDP Newmans) for
Total Design will access the Xero Accounts to carry out accounting requirements.
While a client is a live client, the information will remain stored within the client folder on the business
computer. Once the client is no longer live, their data is removed from the business computer to a secure
server and archived.
Also to allow ease of running a contract, a client’s details are held on the mobile phone owned by Clare
Knowles, which is fingerprint protected. The details held on the phone are: Name, phone number and
email address. Once a client is inactive, details are removed from the phone.

How data is secured
The business computer is password protected and secured. The phone owned by Clare Knowles is
fingerprint protected. All portable data is encrypted so when offsite, no-one will have access to the client
data held by Total Design. There is also an encrypted server which holds all of the archived data. Any
recent paperwork held within the offices of Total Design which contains any personal client data is
secured and locked. All archived client paperwork is securely stored within a safe room.

Third Parties
Prior to Total Design providing any of its’ clients’ personal data to a third party, Total Design confirms that
it has undertaken necessary steps to ensure that the third party is GDPR compliant and if a supplier, has
signed the necessary Terms and Conditions and/or Non-Disclosure Agreement.

Licence Agreements
Total Design securely holds any of its licence agreements which contains personal data such as a name
and address.

How long is the data held?
Any live client data is held on the business computer until that client no longer requires the services of
Total Design. Once that client has been dormant for a year, this information is then archived to the
encrypted server for 3-4 years and then double archived to an encrypted hard drive which is held off site
in a safe.

Data Access Request
Clients of Total Design can ask to see what data is held about them. They can also ask that their data be
removed and/or changes made. Total Design confirms that they will respond to any Data Access Request
within the required timeframe.