Introduction
DDM sets out in this Privacy Notice how it protects client data. DDM will collect, use and store the personal information that you give us, in accordance with this Privacy Notice and in line with current data protection regulations (GDPR).
We know what data we have, and why we have it
DDM collects, stores and processes personal data given by its clients, past clients and potential clients. (all collectively known as clients). We use this data pursuant to our matching contract with you or for taking steps to enter into a contract with you . This may include some or all the following:
- Name, address, phone, email, mobile
- Client personal information: gender, age, height, hobbies, etc
- Client photo
- Client ID
- Client matching preferences
- Client contract
- Financial Information
- IP Address
- Other relevant data
We may also use the health, political and religious data that you give us with your permission in the matching process.
You may request the deletion of your personal data at any time by contacting your personal matchmaker or the DDM Office Manager.
We understand and comply with individual’s rights
DDM Clients have the following rights:
- Clients have the right of access to their data (NB this does not apply where it includes data of a third party such as feedback received from a match)
- Clients have the right to have inaccurate personal data rectified
- Clients have the right to have their data erased (but this will only apply in relation to your own account and will not include where a third party has given feedback)
- Clients have the right to request the restriction or suppression of their personal data
- Clients have the right of data portability in relation to images or digital content which they have supplied to DDM
- Clients have the right to object to the use of their data where we are using it on the basis of our legitimate interests and your interests outweigh our own legitimate interests
- Clients have the right to be notified if a data breach occurs in certain circumstances where it may cause them harm or possibility of serious harm
We manage client data in a structured way
Client data is gathered from clients by DDM matchmakers and continually updated using client reviews and match feedback by phone, face to face, email, in writing or other medium.
Client data will be used:
- During the client matching process
- To keep records as required of clients
- To comply with the Law and/or our Matchmaking Regulator’s requirements
- To verify client identity by searching publicly available records
- To keep track of financial transactions
- With your permission or lawfully to update you by phone email etc on our events, products and services and those of our Group Companies
- For our legitimate business purposes for internal business analysis
Your personal data will be retained only for as long as
necessary to fulfil the purposes for which we collected it and in relation
to certain data, for example, relating to the services provided and billing
transactions, for a period of approximately 6 years from the end of the
contract.If there is continued contact with the client/potential client on
an ongoing basis (minimum once every 2 years), the personal data will
continue to be retained.
We know who is responsible for the data we have
DDM has a Data Protection Officer, who, together with DDM Matchmakers are responsible for data analysis, input and retrieval. Only key people involved in the matchmaking process have access to this data.
Our IT and data storage are managed outside the EEA in Canada which has been granted adequacy for handling EU data. These 3rd party companies we deal with are not allowed to sell, share or use our clients’ data for their own purposes.
We have a data security awareness and culture
- Our staff receive data protection training and they are all briefed on DDMs Privacy Notice and practices.
- We will never sell, share or permit use of clients’ data out-with DDM’s group companies own processes except when required by law, legal proceedings , or to protect you or a third party’s safety.
We have data security processes and procedures
- The main client database is backed up daily
- The local database backup is regularly backed up and stored securely within the UK with restricted access
- Computers and access are password protected
- Only key DDM personnel have access to allow download or deletion of client records
- Client records will be archived or deleted after there is no interest in the record for the client or DDM
- Client records will be archived or deleted after there is no interest in the record for the client or DDM
- DDM offices are kept locked when unoccupied and hard copy documents are stored in locked cabinets
We have a process for how and when we contact clients
DDM in contract clients
- DDM will be in contact by phone, text, email, in writing and in person with in-contract clients to fulfil their contract.
DDM out of contract & potential clients
- From time to time, DDM will be in contact by phone, text or email or in writing.
- DDM may be in contact if there is a potential suitable match for them or to ask if they wish to start a new contract with DDM, to check on the progress of a relationship or to check whether they would like to remain on the DDM database.
We have a process for how we delete client records
If requested by the client, a client record will be entirely deleted from the DDM database except in the following case:
When complete deletion of a client record on the database would also delete the record of matches completed with other DDM clients, DDM may decide that the entire client record should not be deleted. However, phone number, email address and correspondence addresses will be deleted. Client name will be anonymised.
Entire deletion of a client record will be made on the authority of the CEO.
We have a process for client requests for their personal data
DDM is committed to giving people access to their personal information. Clients can make a “Subject access request” under GDPR for their personal information.
Requests for personal information must be made in writing to the Office Manager at Drawing Down the Moon. You will not need to pay a fee for this. We will aim to respond to your request within 30 days, but if this is not possible due to the nature of the request, we will inform you of this as soon as possible, giving you an estimated timeframe for sending you the information requested. Data may be sent electronically or by hard copy
Clients do not have the right to other people’s data, or data that has been produced about them through either meeting with or analysis by the matchmaker or personal feedback from other clients they have been matched with.
We understand our lawful basis for processing your data
Under GDPR, DDM uses Contract and Legitimate Interest as the basis for lawful processing of client data.
Contract (in contract clients)
In contract clients will have the information and data freely provided by them (para1) processed as necessary to allow fulfilment of the contract with DDM.
Potential clients who have been in contact with DDM but not yet entered into a contract with DDM will have the information and data freely provided by them (para1) processed as necessary.
Legitimate Interest (in contract clients/lapsed clients and lead/enquiries/potential clients)
In contract clients and where a lapsed client or potential client has submitted or had their details submitted to DDM demonstrating their interest in DDM or finding a partner or to be matched, that is considered a legitimate interest. DDM may contact that client/potential client regarding: updating their details, availability of or for a match, changes to product and service, promotional material.
Visitors to our website
When someone visits our website, drawingdownthemoon.co.uk, we use a third-party service, Google Analytics to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not allow Google to make any attempt to find out the identities of those visiting our website.
Changes to the Privacy Notice
DDMs Privacy Notice may be updated from time to time. DDM will not reduce your rights under this Privacy Notice without your explicit consent.
How to contact us
To contact us regarding your personal information or request information about our privacy policy, you can email or write to:
Bey Ali
Operations Manager
Email: [email protected]
Tel:
020 7224 1001
16 April 2018