GDPR and Privacy
Written: August 2018. Updated March 2019.
We understand that Privacy/GDPR/Data Protection policies can be difficult to digest, so in a nutshell:
- Lauren Saunders Art Ltd takes any details held about you really seriously
- Any information held about you is kept as safe as possible under lock and key and/or on heavily restricted IT systems and isn’t (and never will be) shared about without your consent
- Lauren Saunders Art Ltd mindfully destroys any information about you once it’s no longer needed
- If you want to know what Lauren Saunders Art Ltd knows about you, just ask!
The EU General Data Protection Regulation (“GDPR”) came into force across the European Union on 25th May 2018 and brings with it the most significant changes to data protection law in two decades. Based on privacy by design and taking a risk-based approach, the GDPR has been designed to meet the requirements of the digital age.
The 21st Century brings with it broader use of technology, new definitions of what constitutes personal data, and a vast increase in cross-border processing. The new Regulation aims to standardise data protection laws and processing across the EU; affording individuals stronger, more consistent rights to access and control their personal information.
Lauren Saunders Art Ltd (‘we’ or ‘us’ or ‘our’) are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. Lauren Saunders Art Ltd is dedicated to safeguarding the personal information under our remit and has thus developed a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the GDPR regulations.
What we do to ensure compliance:
- Information Audits – identifying and assessing what personal information we hold on an ongoing basis, where it comes from, how and why it is processed and, if and to whom it is disclosed.
- Policies & Procedures – we revised data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including: –
○ Data Protection – Accountability and governance measures are in place to ensure that we understand and adequately disseminate and evidence our obligations and responsibilities; with a dedicated focus on privacy by design and the rights of individuals.
○ Data Retention & Erasure – We meet the ‘data minimisation’ and ‘storage limitation’ principles and that personal information is stored, archived and destroyed compliantly and ethically. We have erasure procedures in place to meet the ‘Right to Erasure’ obligations and are aware of when this and other data subject’s rights apply; along with any exemptions, response timeframes and notification responsibilities.
○ Data Breaches – We have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time.
○ Subject Access Request (SAR) – SAR procedures accommodate the 30-day time frame for providing requested information and for making this provision free of charge. We verify the data subject, what steps to take for
processing an access request, what exemptions apply and direct communications with data subjects are compliant, consistent and adequate.
○ Legal Basis for Processing – Where applicable, we maintain records of processing activities, ensuring that our obligations under Article 30 of the GDPR and schedule 1 of the Data Protection Bill are met.
○ Privacy Notice/Policy – All individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.
○ Obtaining Consent – We ensure that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information. We have developed stringent processes for recording consent, making sure that we can evidence an affirmative opt-in, along with time and date records; and an easy to see and access way to withdraw consent at any time.
○ Direct Marketing – we have revised the wording and processes for direct marketing, including clear opt-in mechanisms for marketing subscriptions; a clear notice and method for opting out and providing unsubscribe features on all subsequent marketing materials.
○ Third Party Processing – where we use any third-party to process personal information on our behalf (i.e. Recruitment, Hosting etc), we have checked to ensure that they too are GDPR compliant.
- Data Subject Rights
In addition to the policies and procedures mentioned above that ensure individuals can enforce their data protection rights, we provide easy to access information via our website of an individual’s right to access any personal information that Lauren Saunders Art Ltd processes about them and to request information about: –
– What personal data we hold about them
– The purposes of the processing
– The categories of personal data concerned
– The recipients to whom the personal data has/will be disclosed
– How long we intend to store your personal data for
– If we did not collect the data directly from them, information about the
– The right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
– The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
– The right to lodge a complaint or seek judicial remedy and who to
contact in such instances
- Information Security & Technical and Organisational Measures
Lauren Saunders Art Ltd takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures, including heavy restriction, secured IT systems and authentication.If you have any questions about our response to the GDPR, please contact Lauren Saunders.
Environmental, Ethical and Sustainability
Written: August 2018
Lauren, and in turn, Lauren Saunders Art, cares deeply about the environment as is proud to work ethically and sustainably whilst delivering top quality art and artworking services within her business, Lauren Saunders Art (LSA). Environmental values are embedded within the business plans and underpin the way the company operates across all areas of business.
Some of the ways in which LSA works ethically and sustainably include:
● Being conscious of water and electricity usage when working in business
or partnered premises
● Switching to an energy company that provides 100% sustainable energy
(who also invests and supports local communities)
● LSA banks with one of the top ethical banks in the UK
● Aiming to ensure sustainability is a important factor when
creating/designing in both personal work and commissioned/community
● Sourcing pre-loved furniture, equipment where appropriate
● Using refillable stationary instead of disposable ones, where appropriate
● Using recycled or FSA approved options for printed literature where available (eg. business cards, catalogues, zines)
● Using existing, recycled or repurposed materials which could be recycled if needed, when and where appropriate
● Reusing, repurposing or recycling as much business waste as possible
● Using low-waste, non-toxic and low energy production methods where possible
● Committing to sustainable procurement; outsourcing/contracting/purchase/specialist service/product preferences will be given to other business (preferably local businesses) with similar and/or ethical aims, or who at least use biodegradable uses
● Business paperwork is kept digital where possible
● The business computer was selected because it can be repaired and upgraded manually in future, saving on unnecessary waste
● Cycling and using public transport for work, where appropriate
● Committing to minimal, plastic-free postage and packaging (using recycled or FSA approved options where available)
● Using cycle couriers, where appropriate
● LSAs marketing strategy is predominantly based online
● Plans to switch to ‘green hosting’ for the LSA website and email
LSA is against ‘greenwashing’ and is committed to a low-impact business model and doing its part in looking after our shared home where and when possible.
Safe Working (Health and Safety)
Written: September 2018
We understand that Health & Safety policies can be difficult to digest, so in a nutshell:
- Although legally Lauren Saunders Art Ltd does not require a H&S policy yet as there are less than 5 employees, it’s still really important to us.
- Lauren Saunders Art Ltd carries out risk assessments on all projects and
considers the health and safety of artists, partners and clients of paramount importance.
This is the Health and Safety policy statement of Lauren Saunders Art Ltd
Director: Date: 11/09/2018
Part 1: Statement of intent
Our statement of general policy is:
- to provide adequate control of the health and safety risks arising from our work activities;
- to consult with our employees on matters affecting their health and safety;
- to provide and maintain safe plant and equipment;
- to ensure safe handling and use of substances;
- to provide information, instruction and supervision for employees;
- to ensure all workers and volunteers are competent to do their tasks, and to give them adequate training;
- to prevent accidents and cases of work-related ill health;
- to maintain safe and healthy working conditions; and
- to review and revise this policy as necessary at regular intervals.
Part 2: Responsibilities
1. Overall and final responsibility for health and safety is that of the Company Director, Lauren Saunders.
2. Day-to-day responsibility for ensuring this policy is put into practice is delegated to the Company Director, Lauren Saunders.
3. All additional workers and volunteers have to:
- co-operate with the Company Director on health and safety matters;
- not to interfere with anything provided to safeguard their health and safety;
- take reasonable care of their own health and safety; and
- report all health and safety concerns to the Company Director, Lauren Saunders.
1. Risk assessments will be undertaken by the Company Director, Lauren Saunders.
2. The findings of any delegated risk assessments will be reported to the Company Director, Lauren Saunders.
3. Assessments will be reviewed every six months, or when the work activity
changes, whichever is sooner
4. Action required to remove/control risks will be approved by the Company Director, Lauren Saunders who will be responsible for ensuring the action required is implemented and will check that the implemented actions have removed/reduced the risks
Part 3: Arrangements
Safe materials and equipment
The Company Director, Lauren Saunders, will:
- be responsible for identifying all equipment needing maintenance.
- check that new materials and equipment meets health and safety standards before it is purchased.
- be responsible for ensuring effective maintenance procedures are drawn up
- be responsible for ensuring that all identified maintenance is implemented
- Any problems with materials/equipment should be reported to the Company Director, Lauren Saunders.
Safe handling and use of substances
The Company Director, Lauren Saunders, will:
- be responsible for identifying all substances which need a COSHH assessment
- be responsible for ensuring that all relevant additional workers and volunteers are informed about the COSHH assessments
- be responsible for undertaking COSHH assessments
- check that new substances can be used safely before they are purchased
- be responsible for ensuring that all actions identified in the assessments are implemented. Assessments will be reviewed every six months or when the work activity changes, whichever is sooner
Information, instruction and supervision
1. The Health and Safety Law leaflets are issued by the Company Director, Lauren Saunders, or can be found online using this link: (correct as of 12/09/18)
2. Health and safety advice is available from the Company Director, Lauren Saunders.
3. Supervision of volunteers will be arranged/undertaken/monitored by the Company Director, Lauren Saunders.
Competency for tasks and training
1. Lauren Saunders will maintain her own CPD and training requirements
2. Induction and job specific training will be provided for all volunteers by the Company Director, Lauren Saunders who will also maintain any training records.
Accidents, first aid and work-related ill health
1. Health surveillance will be arranged by the Company Director, Lauren Saunders.
2. First aid box(es) must be identified when entering a new venue/place of work.
3. The appointed first aider(s) is the Company Director, Lauren Saunders.
4. All accidents and cases of work-related ill health are to be recorded in the accident book. The book is kept digitally online.
5. The Company Director, Lauren Saunders is responsible for reporting accidents, diseases and dangerous occurrences to the enforcing authority
Emergency procedures – fire and evacuation
1. The Company Director, Lauren Saunders.is responsible for ensuring the fire risk assessment is undertaken and implemented at all new venues, checking with the venue if necessary.
2. Escape routes must be checked when entering a new venue/place of work.