Privacy Policy

See No Evil

"I only store information about individuals that is relevant for conducting business to business correspondence. I don't hold any sensitive information such as your race, gender or religious beliefs. You can request to see what information I hold about you at any time."

Information Held
Trading as bournedesign, I, Matthew Bourne, the data controller and sole employee, hold business contact information including the names and contact details of individuals. This may include their email address, mobile or landline telephone numbers and business addresses. I do not hold any sensitive information such as sex, religious beliefs or age.

My data base has been established over sixteen years of trading supplying graphic design, creative artwork, advertising and printing. The information I store is used solely on the GDPR lawful basis of:
‘(f) Legitimate interests: the processing is necessary for your legitimate interests’
To this extent, I only process personal data for my ‘core business purposes’. This includes advertising, marketing and public relations and for the upkeep of my own accounts and records. This processing of personal information is done solely to support my primary business activity.

The information I store has come from a variety of sources including incoming business enquiries from prospective customers, outsourcing business enquiries to potential suppliers, online searches for publicly available information on prospective business customers.

The individuals I hold information about are restricted to those I need to process for my own advertising, marketing and public relations – for example past, existing or present customers or suppliers. The information I hold is restricted to that information necessary for my advertising, marketing and public relations – for example, names, addresses and other identifiers. For the purposes of transparency, I advertise and market my own goods and services. If I obtain personal information from a third party, it is solely for the purpose of marketing my own goods and services. I never have or will sell or trade my list of customers.

Additionally, I process this information for the purposes of keeping accounts relating to any business or other activity I carry out; for keeping records of purchases, sales or other transactions to ensure the relevant payments, deliveries or services take place; and in making financial or management forecasts to help me carry out my business or activity.

The individuals I hold information about are restricted to anyone whose personal information needs to be processed for the upkeep of these accounts and records – for example past, existing or present customers or suppliers. Further, the information I hold is restricted to that personal information that is necessary for the upkeep of these accounts and records.

No information relating to any individual under the age of 18 years is or will ever be knowingly recorded.
No visual identity references to individuals are ever stored in my database.

Hear No Evil

"You will only ever hear from me through those channels which you have agreed to. For example, if you've opted in to subscribe to a future newsletter, or in direct relation to business between ourselves."

Data Retention
The information I hold is reviewed annually to make sure that it is accurate and relevant to my ‘core business purposes’. Incorrect or out of date data will be updated when identified. When stored data is identified as being highly unlikely to result in a future potential business transaction (ie. in the event that a company relating to an individual has folded), individual records will be deleted.

Subject Access Requests
Any individual may submit bournedesign with a Subject Access Request at any time. Following verification of their identity, they will be provided in writing via email, a detailed report describing what personal data is held by myself, why it is being held, which individuals or organisation it has or might be shared with and the source of this information (where available), within one calendar month of submission. There is no charge for the supply of this information.

Data Breaches
In the event of a data breach, the risk to individuals on my data base is low and unlikely to affect the rights and freedoms of those individuals that could result in: discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage. However, in the event that exposure to this risk is possible, the ICO will be informed within 72 hours of the breach becoming known, followed by direct correspondence to the individual(s) concerned.

Speak No Evil

"I NEVER share, sell or distribute any content from my database."

Data Sharing
I do not directly share any of the information I store digitally in my database with any third party. Please note however:
My yearly accounts are are supplied to my G.D.P.R. compliant accountants (B.A. Rudge & Co. Chartered Accountants of Greenlands Business Centre, Studley Road, Redditch, Worcestershire B98 7HD) who provide a legal service. These documents include the name and business address of the individual who commissioned my services. These documents are returned to my office after completion of my annual accounts and stored in a secured office environment for a period of seven years before being destroyed.
No personally sensitive financial details are provided to or stored by myself.

If any individual feels that any aspect of bournedesign’s activities contravenes G.D.P.R. regulations, they are invited to contact myself directly to which I will respond formally within 10 working days. Individuals should be aware that they also have the right to complain to the ICO if they think there is a problem with the way I am handling their data.

Be aware, that in the event of any individual contacting bournedesign regarding the possibility of a future collaboration, commission, or other business related activity, I will collect and store the contact data provided as deemed necessary for my legitimate interests. It is taken as understood that they consent to me replying by the method with which they contact me and that they have read and understood the terms laid out in this policy statement regarding how their data shall be used in future.