GDPR policy

Gomer Press Ltd – GDPR Policy

Click here to view the policy in Welsh.

This policy was developed in accordance with the General Data Protection Regulation that came in to effect in the UK (replacing the Data Protection Act of 1998) on 25th May 2018. Gomer Press Ltd is committed to operating within the parameters of the law and protecting the personal information supplied to us by individuals.

 Glossary of terms
Consent ‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Data Protection Officer A ‘Data Protection Officer’ (DPO) is an enterprise security leadership role required by the General Data Protection Regulation (GDPR). DPOs are responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements.
Data Controller ‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Data Processor(s) ‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
General Data Protection Regulation (GDPR) This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.
It protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data. The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data.
Personal data ‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing ‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

What personal information is being collected?

Below is a summary of all of the different kinds of personal information we can collect about an individual. We do not hold this information for every contact in our database – the type of personal information collected depends upon the relationship that Gomer Press Ltd has with the individual.

We will never collect unnecessary personal information about an individual.

  • Bank account number and sort code
  • Bank account SWIFT code
  • Credit or debit card expiry date
  • Credit or debit card number
  • Credit or debit card three digit security code
  • Full home address: house number/name, street address, town, city, state/county and postcode, country
  • Full name
  • Full work address: building name/number, street address, town, city, state/county and postcode, country
  • Institutional IP range
  • Job title
  • Personal and/or work email address
  • Personal and/or work telephone number
  • Place of work and/or affiliation

How long is personal data kept for?

Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

We are required by HMRC to retain financial records for the default standard retention period of 6 years plus current, otherwise known as 6 years + 1. This is defined as 6 years after the last entry in a record followed by first review and/or destruction to be carried out in the additional current (+ 1) accounting year. For more information visit the HMRC website >

We are committed to:

  • Annually reviewing stored data
  • Considering the purpose we hold the information for in deciding whether (and for how long) to retain it
  • Securely deleting information that is no longer needed

How do I request to see my personal data?

If at any point you believe the information we process on you is incorrect you can request to see this information and have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).

The Data Protection Officer will verify the identity of the requestor and then arrange a prompt meeting with the Managing Director. Gomer Press Ltd will issue a response to requests within 40 days and without cost to the requestor, and will adhere to ICO guidelines on the handling of requests.

 

Jonathan E Lewis

Managing Director

Gomer Press