GDPR Compliance 2018
Focal Point Schools Ltd are always working to stay within the current guidelines for Data protection and are currently GDPR compliant. General requirements All staff are DBS checked and trained in data protection guidelines All images taken by us are stored on secure password protected computers, access is only available via secure passwords and only by relevant staff. Any images transferred to suppliers is via secure means and are deleted from those means within a month.
We will retain your Personal Data only for as long as is necessary to supply a service and comply with our legal obligations. Any surplus printed items containing images or data produced whilst producing orders are destroyed. Online and third party service providers Data is collected, by our partner companies and service providers as part of our business activity to supply a pack printing service to customers. All systems are developed along industry standard best practice guidelines.
The web based architecture is PCI DSS compliant and subject to stringent quarterly external penetration testing. Digital access to our systems is governed by sophisticated Firewall configuration, independently audited quarterly via external specialists. Data and images on school systems will be held online for a maximum of 18 months, a period we deem acceptable for our business activities related to the data subject, a record of the deletion is kept at our offices. Onsite servers are held in a locked and secure location accessible by authorised personnel only.
The development of our private cloud based architecture is limited to authorised personnel via MFA access and audited monthly via our third party specialist support company. We continually strive to reduce storage of any information not required for our business activities. As part of our existing PCI DSS accreditation we do not store and credit card information for orders on our systems. Parental access to individual images via our online service is limited to a unique key, these keys are non-sequential, unique to each individual, photographer and event.
All staff are contractually obliged to confidentiality and are trained in the safeguarding of information, this is documented in our work handbooks and procedure manuals. Any marketing data will be done in accordance with GPDR as an opt in only. Digital image purchases made online are delivered via download from within your clients secure area under https encryption. Sims and other schools software In the case of schools requiring images to be uploaded to their internal computer systems. The data we request is deleted (and a record kept) after completion.
All barcode identifying cards are left with the school to destroy after the photo session. All orders via school are collected by one of our DBS checked staff and never via courier.
Focal Point Schools Ltd is fully registered, Notification number ZA423897 Please do not hesitate to contact us if you require any other information.