GENERAL DATA PROTECTION REGULATION GDPR General Data Protection Regulations Prepared on Monday, July 3, 2023 Lee Bannister Limited Suite 57, 7 Rossetti Road, London, England, SE16 3EY GDPR Statement Introduction Data protection and your privacy matter to us at Lee Bannister Limited . This document outlines our obligations under the new GDPR Act, and ensures that we treat your personal data with the utmost respect. The EU General Data Protection Regulation (GDPR) act reinforces the 1995 EU Data Protection Directive, strengthening the rights that individuals have regarding personal data. We are committed to taking every step necessary to protecting your data, and have taken measures to ensure that privacy and security protections are built into the service(s) we provide to you. This policy (together with our standard terms of use and any other documents referred to on it) outlines when and why we collect personal data, how we use it, and the conditions under which we may disclose it to others. It governs the manner in which Lee Bannister Limited (‘we’) collects, uses, maintains and discloses information we collect about individuals (‘you’), and applies to all products and services that are offered by Lee Bannister Limited . Should you wish to discuss any part of our GDPR Statement with us, please get in touch with us. Lee Bannister Limited Suite 57, 7 Rossetti Road, London, England, SE16 3EY Privacy – You Right to be Informed An important part of the GDPR is the Right to be Informed about what information we have. The following data types are stored and used by Lee Bannister Limited as part of our normal business activities: Data Type Details Email Addresses Purpose Customer Identification, Marketing Retention Period 2 years Basis for Processing Legitimate Interest Source Website, Social Media Telephone Numbers Purpose Customer Identification, Marketing Retention Period 2 years Basis for Processing Legitimate Interest Source Website, Social Media Personal Addresses Purpose Customer Identification, Marketing Retention Period 2 years Basis for Processing Legitimate Interest Source Website, Social Media Lawful Basis Data Controller/Processor Data Whose Data do we Collect? Lee Bannister Limited needs to collect and use personal data in order to fulfill our obligations as an organisation. This policy describes how this personal data must be collected, handled and stored to meet our data protection obligations – and to comply with the law. We only ask for information about you that helps us to help you, and we don’t ask for any information that has no specific purpose. We store information about: • Customers • Suppliers • Business Contacts • Employees Use of Data for Specific Purposes We may use the personal data you supply for our purposes where we deem it necessary in our legitimate interests. We will need your consent for some of the activities that may not be covered by our legitimate interests, for example the collection of data via cookies and the delivery of direct marketing through digital channels such as email subscriptions. Where we need to obtain consent we do so in an open, transparent and clear way so that you know exactly what you are signing up for, why we need your information and how will intend to use it. If you are not happy with the way we collect your personal data, you have several rights which you can exercise at any time. Please see the section on ‘Your Rights’ in this document. We may use your personal information to help us to exercise or defend any legal claims that may arise. Below are the ways that we may use and process your personal data, although please note that this list is not exhaustive. • For carrying out our obligations and contracts with us and our customers • To comply with our legal obligations, including crime, tax or duties • For marketing purposes • To send details of promotions, offers and events • To communicate with individuals in the course of our business • To enable us to develop and market other services and products • To carry out satisfaction surveys and testimonial requests • To conduct online training • To facilitate our payroll and invoicing procedures Personal Data Types We collect information to help provide our users with better services. The information we collect, and how we use that information you supply, depends on how you use our service(s), and how you manage your privacy controls. We collect and use the following personal data about our staff and/or customers: • Email Address • Telephone Number • Address • Postcode • Job Title • Income • Family Status The Ways we Collect Data Lee Bannister Limited collects a limited amount of personal data to enable us to fulfill our contractual duties to you or to other organisations. Additional items of information may be needed to help us keep our relationship with you working smoothly. In the event that you access our website, read an email, or click on a link in an email we send to you, we may also collect certain data automatically or through providing it to us, including data such as your IP address and cookies, the latter of which make your interaction with our website(s) smoother and more intuitive, providing you with a better, more customised experience. We collect this information from the following sources: • Directly from the individual • From third-party sources • From our website (including cookies) • From individuals emailing us • From the use of social media channels such as Facebook or Twitter Third-Party Data Lee Bannister Limited may buy and use data that has originated from a third-party source. Where appropriate, we may seek more information about you from alternative third-party sources, and always in accordance with any local laws and requirements. This may include market research through a third-party, from delegate lists from events, and other organisations we may employ to collect this data. We have taken steps to ensure that we are compliant with GDPR as follows: • We know how and where this information was compiled • Consent was sought to obtain this information Sharing of Personal Data Lee Bannister Limited does not share any personal data with any other organisation. Children’s Data Lee Bannister Limited does not process any personal data of children under the age of 16. Data Transfer Data Portability Lee Bannister Limited does not transfer data out of the European Economic Area (EEA). Consent Information about individual’s personal or sensitive information has been freely given by the data subject. We also take the following measures to ensure that we obtain explicit consent before using or storing their information: • Consent was freely given at the point of purchase • Consent was sought after the point of purchase • Individuals have the ability to withdraw their consent at any time. Website Data Collection Lee Bannister Limited may collect a limited amount of data from our website users which we use to help us to improve your experience when using our website, and help us to manage the services we provide. We may also use data from your use of our websites to enhance other aspects of our communications (including marketing) with you. Any communications to and from Lee Bannister Limited and you may be reviewed and monitored as part of internal or external investigations or for legal reasons as required to under law. The data we collect may consist of the following information: • IP Addresses • Cookie Information • Name • Age/Date of Birth • Gender • Contact Details (including Email Address) • Education Details • Employment History • Financial Information We may collect information from our website users that include details of the apps, browsers and devices you use to access our services. This information is collected when a device you are using contacts our servers, which could include websites and/or apps. This information includes IP addresses, unique identifiers, browser types/device, and operating system. Data may also include the date, time and referrer URL of your visit. Cookies A cookie is a small file that is sent to your device when you visit a website. It allows websites to recognise you when you next visit the website, and helps to customise the information you see when you revisit. Cookies may store user preferences and other information that helps to provide a better service whilst using the website. You can configure your browser to refuse all cookies, or to display which cookies are being sent to your device. Although you can disable cookies, some features or services may not function properly. Individual Rights Right to Object • We will stop processing personal data upon receiving notification to do so • If there are legitimate grounds which override the interests, rights and freedoms of the individual, we may refuse • If the processing is for the establishment, exercise or defence of legal claims, we may refuse • We inform individuals of their right to object at the point of first communication • We stop processing data for direct marketing right away, and without charge • Personal data may be in the interest of a public interest task, and we may not be required to comply • We offer a way for individuals to object online through our website Right to Access • Individuals have the right to access their personal data • We may store supplementary information, which we will supply when requested to do so • A copy of the data can be provided free of charge • We may charge a reasonable fee to comply with requests for further copies of the same information • We will provide the information without delay, within one month of receipt of the request • We may extend the period of compliance by an additional two months where requests are complex or numerous • We may charge a reasonable fee if a request is manifestly unfounded or excessive • We may refuse to respond if a request is manifestly unfounded or excessive • If we refuse, we will explain why, and inform them of their right to complain • We provide information in a commonly used electronic format • We verify the identity of the person making the request using ‘reasonable means’ • Individuals can access our self-service system to provide the data with direct access to their information • Where we process a large quantity of information about an individual, we may ask to specify the information the request relates to Right to Erasure • We have a policy for how to record requests we receive • We are able to recognise a request for erasure, and understand when the right applies • We may refuse a request, and will provide details to individuals when we do so • We respond to a request for erasure without undue delay, and within 1 month of receipt • We may extend the time limit to respond to more complex requests • We place particular emphasis on the right to erasure if it relates to data collected from children • We inform recipients if we erase any data we have shared with them • We have appropriate methods in place to erase information Security • We take into account the state of the art and costs of implementing security measures • We review our information security policies and measures at regular intervals • We make improvements to our security policies wherever necessary • We understand the requirements of confidentiality, integrity and availability for the personal data we process • We can restore access to personal data in the event of the loss of data • We conduct regular testing and reviews of our measures to ensure they remain effective Security Measures Lee Bannister Limited has implemented adequate security measures to protect personal information from unlawful access, theft, disclosure or loss. If you suspect an loss, unauthorised access or misuse of your personal information we hold about you, please let us know immediately. Our details can be found on this document. The following measures have been implemented: CCTV and Cameras Lee Bannister Limited does not store personally-identifiable video or images from CCTV cameras, body cameras, unmanned aerial systems or other systems that capture information of identifiable individuals or information relating to individuals. Storage Storage Location • Emails • Documents • Limited Access • Photographic If Lee Bannister Limited has no meaningful contact with you (or, our partners) for a total period of time as outlined below, we will delete the personal data we store about you from our systems, unless we have reason to believe that laws require Lee Bannister Limited to retain it, including any anticipated legal action. We delete personal data from our systems after the following period of inactivity: • We delete personal data from our systems after a set period time of ‘inactivity’ • We delete personal data from our systems after a set period of time, regardless of activity and recency • We retain all personal data indefinitely in an archive, separate from ‘live’ data • We delete personal data from our systems after (please state below): Data Breaches Breach Identification • We document all breaches, even if they don’t all need to be reported Data Breach Procedures Lee Bannister Limited has procedures in place to report a breach of data security to the regulator within 72 hours of becoming aware of any breach. We undertake the following procedures: • Breaches are investigated at the earliest opportunity • We may require assistance from data processors • We notify individuals if there is a significant risk to their rights and freedoms Accountability Our Accountable Practices • We adopt and implement data protection policies where proportionate • We take a ‘data protection by design’ approach, putting data protection measures in place from the outset Lee Bannister Limited Prepared on Monday, July 3, 2023 Disclaimer This document has been provided for information purposes only, The contents of this document have not been evaluated by the Information Commissioners Office, and are not intended to replace consultation of any applicable sources, or the necessary advice of a GDPR legal expert where appropriate. This document is not intended to provide specific advice or guidance on GDPR. All content provided is for informational purposes only, in summary form. No warranty whatsoever is made that any of the information contained herein is accurate. Information included in this document may not cover all conditions of GDPR. Contact a GDPR expert should you have any questions. Neither CliqTo Ltd or any person acting on its behalf can be held responsible for the use made of this document. CliqTo Ltd makes no guarantee or warranty with respect to any information provided in this document. CliqTo Ltd or any person acting on its behalf are not responsible for information provided, even if CliqTo Ltd has been advised of the possibility of damages. To the full extent permissible by applicable law, CliqTo Ltd disclaims all warranties, express or implied, including, but not limited to, implied warranties and fitness for a particular purpose. Lee Bannister Limited Suite 57, 7 Rossetti Road, London, England, SE16 3EY Email: Leesbannister@gmail.com