LabelService Limited needs to gather and use certain information about individuals.

These can include customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact.

This policy describes how this personal data must be collected, handled and stored to meet the company’s data protection standards — and to comply with the law.

Personal Information Definition

‘Personal information’ means any detail about a living individual that can be used on its own, or with other data, to identify them.

Why this policy exists

This data protection policy ensures LabelService Limited:

• Complies with data protection law and follows good practice
• Protects the rights of staff, customers and partners
• Is open about how it stores and processes individuals’ data

• Protects itself from the risks of a data breach

Data protection law

The Data Protection Act 1998 describes how organisations — including LabelService Limited, must collect, handle and store personal information.

These rules apply regardless of whether data is stored electronically, on paper or on other materials.

To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.

The Data Protection Act is underpinned by eight important principles. These say that personal data must:

1. Be processed fairly and lawfully
2. Be obtained only for specific, lawful purposes
3. Be adequate, relevant and not excessive
4. Be accurate and kept up to date
5. Not be held for any longer than necessary
6. Processed in accordance with the rights of data subjects
7. Be protected in appropriate ways
8. Not be transferred outside the European Economic Area (EEA), unless that country or territory also ensures an adequate level of protection

Policy scope

This policy applies to:

• The head office of LabelService Limited
• All branches of LabelService Limited
• All staff and volunteers of LabelService Limited

• All contractors, suppliers and other people working on behalf of LabelService Limited. It applies to all data that the company holds relating to identifiable individuals, even if that information technically falls outside of the Data Protection Act 1998. This can include:

• Names of individuals
• Postal addresses
• Email addresses
• Telephone numbers

• …plus any other information relating to individuals

Data protection risks

This policy helps to protect LabelService Limited from some very real data security risks, including:

• Breaches of confidentiality. For instance, information being given out inappropriately.
• Failing to offer choice. For instance, all individuals should be free to choose how the company uses data relating to them.

• Reputational damage. For instance, the company could suffer if hackers successfully gained access to sensitive data.

Responsibilities

Everyone who works for or with LabelService Limited has some responsibility for ensuring data is collected, stored and handled appropriately.

Each team that handles personal data must ensure that it is handled and processed in line with this policy and data protection principles.

However, these people have key areas of responsibility:

• The board of directors is ultimately responsible for ensuring that LabelService Limited meets its legal obligations.
• The Company is responsible for:

• Keeping the board updated about data protection responsibilities, risks and issues.
• Reviewing all data protection procedures and related policies, in line with an agreed schedule.
• Arranging data protection training and advice for the people covered by this policy.
• Handling data protection questions from staff and anyone else covered by this policy.
• Dealing with requests from individuals to see the data LabelService Limited holds about them (also called ‘subject access requests’).

• • Checking and approving any contracts or agreements with third parties that may handle the company’s sensitive data.
• The [Managing Director) is responsible for:

• Ensuring all systems, services and equipment used for storing data meet acceptable security standards.
• Performing regular checks and scans to ensure security hardware and software is functioning properly.

• • Evaluating any third-party services the company is considering using to store or process data. For instance, cloud computing services.

• Approving any data protection statements attached to communications such as emails and letters.
• Addressing any data protection queries from journalists or media outlets like newspapers.

• • Where necessary, working with other staff to ensure marketing initiatives abide by data protection principles.

Data Protection Impact Assessments

From time to time, LabelService Limited will conduct Data Protection Impact Assessments

DPIAs will be conducted, if:

• LabelService Limited conducts extensive profiling using personal data
• Integrates new technologies
• Profiling Individuals on a large scale

A DPIA has been conducted at the time of implementing GDPR in relation to all the personal data of our customers

Data accuracy: Rectification Rights and Quality

The law requires LabelService Limited to take reasonable steps to ensure data is kept accurate and up to date.

The more important it is that the personal data is accurate, the greater the effort LabelService Limited should put into ensuring its accuracy.

It is the responsibility of all employees who work with data to take reasonable steps to ensure it is kept as accurate and up to date as possible.

• Data will be held in as few places as necessary. Staff should not create any unnecessary additional data sets.
• Staff should take every opportunity to ensure data is updated. For instance, by confirming a customer’s details when they call.
• LabelService Limited will make it easy for data subjects to update the information LabelService Limited holds about them. For instance, via the company website.
• Data should be updated as inaccuracies are discovered. For instance, if a customer can no longer be reached on their stored telephone number, it should be removed from the database.
• It is the Marketing Manager’s responsibility to ensure marketing databases are up to date and correct.

• Any individual who wants their personal data to be corrected can contact our office asking for the data controller and a request will be actioned within one month.

• Any data accuracy issues identified will be communicated in learnings to staff on an ongoing basis.

Subject access requests: Rights to access

All individuals who are the subject of personal data held by LabelService Limited are entitled to:

• Ask what information the company holds about them and why.
• Ask how to gain access to it.
• Be informed how to keep it up to date.
• Be informed how the company is meeting its data protection obligations.

If an individual contacts the company requesting this information, this is called a subject access request.

Subject access requests from individuals must be made by email, addressed to the data controller at [info@labelservice.co.uk] with the specific subject request “SUBJECT ACCESS REQUEST”. The data controller can supply a standard request form, although individuals do not have to use this.

Individuals will be charged £35 per subject access request. The data controller will aim to provide the relevant data within 30 days from the date of which the requester has been accurately identified.

The data controller will always verify the identity of anyone making a subject access request before handing over any information.

Individuals have the right to obtain:

• confirmation that their data is being processed;
• access to their personal data; and
• other supplementary information

Disclosing data for other reasons

In certain circumstances, the Data Protection Act allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.

Under these circumstances, LabelService Limited will disclose requested data. However, the data controller will ensure the request is legitimate, seeking assistance from the board and from the company’s legal advisers where necessary.

Erasure Policy, Data Retention and Disposal

An individual has the right to erase, retain or dispose of their personal data in the event that:

• The data is no longer necessary for the purpose it was originally collected or processed
• The individual objects to the processing and there is no overriding legitimate interest for continuing the processing;
• It was unlawfully processed (ie otherwise in breach of the GDPR);
• It has to be erased in order to comply with a legal obligation; or
• It is processed in order to offer information society services to a child.

Erasure Requests from individuals must be made by email, addressed to the data controller at [info@labelservice.co.uk] with the specific subject request “ERASURE REQUEST”.

The data controller will aim to action the request within 30 days from the date of which the requester has been accurately identified.

Right to Restrict Processing

Individuals have a right to block or restrict the processing of their personal data.

When processing is restricted, LabelService Limited are permitted to store the personal data, but not process it further.

LabelService Limited can retain just enough information about the individual to ensure that we respect the restriction in the future.

We may restrict processing on request of the individual in the event that:

• An individual contests the accuracy of the personal data;
• An individual has objected to the processing (where it was necessary for the performance of a public interest task or purpose of legitimate interests), and the controller is considering whether their legitimate grounds override those of the individual;
• Processing is unlawful and the individual opposes erasure and requests restriction instead; and
• We no longer need the personal data but the individual requires the data to establish, exercise or defend a legal claim.

Restrict Processing Requests from individuals must be made by email, addressed to the data controller at [info@labelservice.co.uk] with the specific subject request “RESTRICT PROCESSING REQUEST”.

The data controller will aim to action the request within 30 days from the date of which the requester has been accurately identified.

Right to Data Portability

The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.

Individuals can receive personal data or move, copy or transfer that data from one business to another in a safe and secure way, without hindrance.

The right to data portability only applies:

• to personal data an individual has provided to a controller;
• if the processing is based on the individual’s consent or for the performance of a contract; and
• if the processing is carried out by automated means.

Data Portability Requests from individuals must be made by email, addressed to the data controller at [info@labelservice.co.uk] with the specific subject request “DATA PORTABILITY REQUEST”.

The data controller will aim to action the request within 30 days from the date of which the requester has been accurately identified.

Data will be provided in in a structured, commonly used and machine readable format. Examples of appropriate formats include CSV and XML files.

If the individual requests it, we may transmit the data directly to another business where this is technically feasible.

Right to Object

Individuals have a right to object to the processing of their personal data in certain circumstances. Individuals can object verbally or in writing, however we must receive written communication in order to identify the person making the request.

Right to Object Requests from individuals must be made by email, addressed to the data controller at [info@labelservice.co.uk] with the specific subject request “RIGHT TO OBJECT”.

The data controller will aim to action the request within 30 days from the date of which the requester has been accurately identified.

We have the right to extend this period by a further two months for complex or numerous requests, in which case we will notify the individual and give an explanation.

Individuals have an absolute right to object to any processing (including profiling) undertaken for the purposes of direct marketing.

As soon as we receive a request to stop marketing to an individual, LabelService Limited will make reasonable endeavours to immediately stop marketing.

Individuals can object to the processing of personal data if:

• LabelService Limited’s legitimate interests are not legitimate as defined by GDPR
• the performance of a task in the public interest
• exercise of official authority.

Individuals can not object to the processing of their personal data if:

• you can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the individual; or
• the processing is for the establishment, exercise or defence of legal claims.

Sub Processors

We do not transfer personal data to any sub processors.

Operational Base

LabelService Limited only operates business inside the EU.

No personal data is transferred outside of the EU

Breach Notification Procedure

It is LabelService Limited’s duty to notify a board director in the event of a personal data breach, immediately.

The company has identification and reporting procedures in place.

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

All LabelService Limited staff have been trained on data breaches and the processes in which they should follow in such an event.

Data Consents

LabelService Limited retains and uses information on customers and staff. Data is only retained and used where we have consent to do so.

Consent means offering people genuine choice and control over how we use the data.

On Going Consent

LabelService Limited continues to review consents on an ongoing basis. Any marketing activity by email and text have an option to update your consents.

Legitimate Interests Assessment

LabelService Limited relies on Legitimate Interests to process 90% of it’s personal data, and have verified this through the LIA from a usage, necessity and balancing perspective. Details are as follows.

We use people’s data in ways they would reasonably expect and which have a minimal privacy impact; or

There is a compelling justification for the processing.

The GDPR specifically mentions use of client or employee data, marketing, fraud prevention, intra-group transfers, or IT security as legitimate interests.

Automated Decision Making

LabelService Limited processes all data manually and is not subject to automated decision making.

Data Protection By Design

Data is stored securely in our cloud based system

Only relevant members of staff have access to information that they require

International Transfer

No personal data is transferred outside of the EU

Here’s the amalgamated version of the two pieces of content, written in British English and combined into one cohesive section for your privacy policy:

Cookie Policy

We use cookies on our website to ensure its proper functionality, improve user experience, and provide personalised content. Cookies are small text files automatically stored on your device when you visit our site. Some cookies are deleted when you close your browser (session cookies), while others remain on your device to recognise your browser upon your next visit (persistent cookies). You can manage your cookie settings in your browser at any time, including choosing to accept cookies individually or block them entirely.

We use the following types of cookies:

– Site Functionality Cookies (Session Cookies): These are essential for navigating our website and ensuring it functions correctly. They are deleted once you close your browser.

– Site Analytic Cookies: These cookies allow us to analyse how visitors use our website, helping us to improve functionality and your overall experience. We use Google Analytics for this purpose. These cookies do not allow us to identify you personally but are used to:

– Provide statistics on website usage.

– Identify and resolve errors encountered by users.

You can opt out of Google Analytics by installing a browser plug-in available at [https://tools.google.com/dlpage/gaoptout?hl=en](https://tools.google.com/dlpage/gaoptout?hl=en).

– Customer Preference Cookies: These remember your preferences, such as language choices, for future visits to enhance your experience.

– Advertising & Marketing Cookies (Third-Party): These cookies deliver relevant advertisements and promotions to you both on our site and across third-party platforms such as Facebook, Google, and Bing. These third parties may use the information to target advertising on other websites.

We may also use cookies for web analysis and optimisation purposes. This includes evaluating visitor behaviour, user interests, or demographic information (e.g., age, gender) in pseudonymous form. Web analysis helps us understand when our services are most frequently used and where improvements are needed. Additionally, test procedures may be employed to trial and optimise various features or versions of our online services.

Managing Cookies

You have control over cookie settings and can adjust them in your browser. Each browser has different methods for managing cookies, and instructions can be found in your browser’s help menu. You may also delete cookies or disable future cookies, but please note that doing so may affect your experience and limit access to certain features of our website.

For more information on managing cookies, see the following links for common browsers:

– Internet Explorer: [https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies](https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies)

– Safari: [https://support.apple.com/kb/ph21411?locale=en_US](https://support.apple.com/kb/ph21411?locale=en_US)

– Chrome: [https://support.google.com/chrome/answer/95647?hl=en&hlrm=en](https://support.google.com/chrome/answer/95647?hl=en&hlrm=en)

– Firefox: [https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences](https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences)

– Opera: [http://help.opera.com/Windows/10.20/en/cookies.html](http://help.opera.com/Windows/10.20/en/cookies.html)

Please note, if cookies are not accepted, certain functions of our website may be restricted.