Because I store people’s personal data, I have obligations under the General Data Protection Regulation (GDPR). I can be contacted with requests or questions relating to this on:
GDPR is about how people’s personal data is collected, processed, and stored. It requires that the data be collected and processed only for well-defined purposes; stored and processed securely; kept up to date; and retained no longer than necessary.
There are five main purposes for which I collect, process and store personal data. For each one, this document sets out my reasons for doing so, the efforts I take to protect it and keep it current, and how long I retain it. It also notes that my customers can request a copy of the data I store about them.
I use the word ‘customer’ to mean any person who has contacted me in relation to the services I offer.
For each customer, I keep an electronic record of one or more of the following: name, job title, company name, postal address(es), email address(es), and telephone number(s).
- I obtain some of this data ‘implicitly’; for example, in most cases a customer’s phone number will show up when they call me
- I obtain some of the data explicitly; for example, during a phone call I might ask a customer their address in order to visit them
- I obtain a small amount of the data from public sources, usually to fill gaps or verify other information; for example, if a customer gives me their address excluding the postcode, I might use Google Maps to find the postcode
I call the sum of this information my ‘address book’, and its purpose is the legitimate interest of serving customers in a more personal way. For example, when a customer phones me, I can greet them by name, or when they require a visit, I can look up their address rather than ask for it each time. It also enables me to provide invoices.
I keep my address book in G Suite, Google’s cloud productivity software for businesses, protected by a password and two-factor authentication. It is synchronised to my computer’s hard drive, which is encrypted. From there it is backed up to an external hard drive, which is also encrypted, and to the privacy-focussed cloud service SpiderOak. It is also synchronised to my mobile phone, which is encrypted and protected with a passcode and fingerprint, and set to erase after 10 incorrect passcode attempts.
In April each year I compare my address book to my financial records of the year just ended and the two before it, and delete from the address book any customers who don’t appear in those records; in essence, I delete the personal data of customers I haven’t served for at least three years. Customers can also contact me to request that their data in my address book be updated or deleted, or to request a copy of this data. Updates or deletion may take several months to propagate to the backup copies (backup is inherently about preventing the accidental modification or deletion of data).
Many customers contact me via email, and I retain email messages for two legitimate interests. First, it means I can maintain context for subsequent messages – in other words, ‘threads’ or ’conversations’ – as is widely expected in email. Second, I can refer back to information that may help me serve customers better in future; for example, if a customer previously told me details of a problem they were having, and then one day asks for help with the same problem again, I can go back and check the details rather than needing them to repeat themselves.
I keep my email messages in G Suite, synchronise them to my phone, archive them to my computer, and back them up to an external drive and cloud service — all of which are protected as described in the address book section above.
In April each year I delete all email messages older than five years. This deletion may take several months to propagate to the backup copies (backup is inherently about preventing the accidental deletion of data). Customers can contact me to request a copy of my historic email exchanges with them.
Text messages and iMessage conversations
An increasing number of customers contact me by SMS (text messages) or Apple iMessage. I retain these messages for the same reasons as email messages (see above).
The messages are stored on my phone and synchronised to my computer, both of which are protected as described in the address book section above.
My phone and computer are set to delete messages automatically after 30 days. Until they are deleted, customers can contact me to request a copy of my text message or iMessage exchanges with them.
I operate a mailing list to send customers occasional tips or significant IT news that might affect them.
Customers become members of this list only by giving their explicit consent. I periodically ‘refresh’ this consent by reminding customers of their membership and asking them to remain opted in.
I record customers’ membership of the list by adding their entries in my address book to a group. For a description of how I protect this, see the address book section above.
A customer can withdraw their consent (i.e. be removed from the list) by contacting me. They will stop receiving mailings with immediate effect, but because the address book is backed up, it may take several months for the record of them having previously been a member to be fully deleted.
As a business I have a legal obligation to keep financial records, including for self-assessment and payment of income tax. These records include customers’ names, along with the products or services purchased from me, and amounts paid.
My financial records are stored in G Suite and backed up to my computer, an external drive and cloud service — all of which are protected as described in the address book section above.
HMRC requires that I keep financial records for at least five years. After this time, I anonymise customer data in them. This may take several months to propagate to the backup copies (backup is inherently about preventing the accidental modification of data).
I welcome feedback to help me improve both the wording of this policy and the policy itself. I can be contacted on 07837 751985 or firstname.lastname@example.org.