Privacy and Data Protection Policy, including GDPR Compliance

Date Effective: from April 2018

David Morley Computer Services (DMCS) is committed to the protection and confidentiality of customers’ data. This policy details how DMCS handles and protects customer data and for what purpose any personal data is used.

Customers’ Personal Data

The personal data held by DMCS relating to customers is usually limited to their contact details (for the purpose of providing any requested services to the customer) or their website and email access details for website design and email hosting customers. In addition there is some temporary storage of data from customers’ computers, where necessary, in order to carry out relevant services – e.g. data recovery, transferring data between computers, etc.

Contact details are usually limited to name, phone number and address. In some cases an email address is also held.

Purpose of Data Held by DMCS

The limited personal data held by DMCS is purely used for fulfilling any service to the client. No data is passed on to third parties at any time unless by express permission of the customer and only to fulfil the service the customer has requested – e.g. to use a third party data recovery company or provide cloud hosting services.

Data Storage and Principles

Customer data is primarily stored electronically either locally or on the cloud. Any paper copies of contact details etc are shredded after the requested service has been provided. Secure software is used to store encrypted passwords for website access, cloud storage access, etc. Appropriately strong passwords are used as standard.

If customers’ data from their computers is required to be stored in the process of moving computer, data recovery, etc, this is done on encrypted external storage or on an encrypted computer. The use of encrypted data prevents data loss in the event of theft or loss of the device on which the data is stored.

Data Retention and Deletion

Customer contact details may be retained in order to help with providing future services. These are not used to solicit new work – e.g. through mail shots, newsletter distribution.
Access details for customer websites are retained in order to provide support if required in future.

Customers’ computer data, where stored may be retained for a short period to cover the event of failure of a newly set up computer or where some data may have erroneously not been transferred to a new computer. Data will not be held for more than 2 weeks from the invoice date for the original work done. Customers will be informed of this retention and will be able to request deletion of data earlier if they choose.

Website Cookies

I use Google Analytics code to track visits to my websites in order to evaluate the usage of the site and review its efficacy. No personal data is collected by Google Analytics, but the type of data collected includes your rough location (at city/town level, e.g. Bournemouth, Southampton), how you got to my site (direct, referral, organic search, etc.), how many pages you visited, how long you visited for, etc.