Purpose 

This policy explains how Impact Sign Solutions Ltd. collects, manages, and protects personal data.
Specifically, we do this in line with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. 

We treat all personal and sensitive information with care.
To remain compliant, we follow GDPR principles across all areas where data is used. 

GDPR Principles We Follow 

  1. Lawful and Fair Processing:
    We process all personal data lawfully, fairly, and with full transparency.
  2. Purpose Limitation:
    We only collect data for clear, specific, and valid reasons.
    Additionally, we never use it for unrelated purposes. 
  3. Data Minimisation:
    We collect only what is needed for business use.
    This includes information that is adequate and relevant. 
  4. Accuracy:
    We aim to keep all personal data accurate and up to date.
    If needed, we will correct or delete incorrect data quickly. 
  5. Storage Limitation:
    We store data only as long as necessary.
    After that, we securely delete or anonymise it. 
  6. Integrity and Confidentiality:
    We protect data against loss, misuse, or access by unauthorised parties.
    To do this, we use both technical and organisational safeguards. 

Responsibility for Data Privacy 

Currently, we are not required to appoint a Data Protection Officer because: 

  • We are not a public authority. 
  • Our core services do not involve large-scale monitoring of individuals. 

Instead, Andy Borrow, our Managing Director, oversees data privacy.
Each quarter, he reviews the policy, audits internal practices, and updates procedures when necessary.
You can contact him at andy@impactsignsolutions.co.uk.  

Data Definitions 

Personal Data:
Any detail that identifies an individual, such as names, photos, emails, bank information, or medical records. 

Sensitive Data:
This includes details like religious beliefs, medical history, sexual orientation, and biometric or genetic data. 

 

Employee Data 

How We Use Employee Data 

As an employer, Impact Sign Solutions Ltd. processes staff data for normal HR and business functions.
Primarily, we use this data to manage recruitment, employment, and post-employment matters. 

We also use it to comply with employment contracts and legal rules.
For example, it may support payroll, benefits, or compliance.
Occasionally, we process employee data to prevent fraud or assist in investigations.
However, we do not use data if it conflicts with your privacy rights.  

Where Data Comes From 

Most data comes directly from employees.
Sometimes, managers or referees may provide information.
This ensures that employment records are accurate and complete. 

What Data We Store 

Here is the type of employee data we may hold: 

  • CVs and references 
  • Date of birth 
  • Right to work documents (e.g. passport) 
  • Contact information (personal and work) 
  • Employment contracts and changes 
  • Payroll and expense records 
  • Emergency contact details 
  • Absence and holiday records 
  • Appraisals, training, and disciplinary records 
  • Communications with or about employees 
  • Company mobile or computer use logs 

Naturally, staff names may appear in company documents created during regular work.  

Health-Related Data 

We sometimes collect health data.
This includes, but is not limited to, sick leave notes and GP reports.
We use this information to meet workplace health and safety duties.
In some cases, it helps assess fitness for work or arrange adjustments.
It also supports the management of sick pay systems. 

Data That Requires Consent 

Two types of staff data need clear consent: 

  • Photographs of employees 
  • GP reports and health referrals 

Importantly, employees can withdraw this consent at any time.  

Sharing Employee Data with Third Parties 

We share data only when required by law or contract.
For instance, we may share it with payroll services, pension providers, or insurance partners.
Otherwise, your data remains confidential.  

Data Retention 

We keep employee records for six years after employment ends.
After that period, we securely destroy all records. 

If we need to use your data for a new purpose, we will inform you in advance.
This includes the reason and any additional details.  

Customer Data 

How We Use Customer Data 

Impact Sign Solutions Ltd. collects customer information to support day-to-day business needs.
This includes providing services, maintaining records, and managing ongoing relationships.
In addition, we use this data for administrative tasks and legal compliance. 

To put it simply, your information helps us operate smoothly and responsibly. 

What We Store 

We may keep the following customer details: 

  • Name and company name 
  • Phone numbers, email addresses, and postal addresses 
  • Notes and summaries from meetings or discussions 

In some cases, this data comes directly from you.
At other times, we may gather it through emails, calls, or internal records.  

Sharing Data with Third Parties 

Sometimes, we must share certain customer information with external providers.
For example, we may give courier companies your contact and delivery details.
However, this only happens when necessary to fulfil a service. 

We do not share your data for marketing purposes.
Furthermore, we never release your details if it could violate your rights.  

Your Data Rights 

You have rights under the GDPR and Data Protection Act 2018.
These rights allow you to control how your data is used. 

You may: 

  • Access your personal data 
  • Request changes to incorrect information 
  • Ask for your data to be deleted (when allowed) 
  • Limit how your data is processed 
  • Object to how it is used 
  • Receive a copy of your data in a readable format 

If you would like to exercise any of these rights, please email: info@impactsignsolutions.co.uk 

Data Subject Access Requests (DSAR) 

Want to know what data we hold about you?
In that case, you can send a DSAR to our Managing Director, Andy Borrow. 

We’ll share this data at no cost.
That said, if the request is excessive or repeated, we may charge a fee.
We aim to respond within one month.
If it’s complex, we may need up to two months — but we will keep you informed.  

Your Right to Complain 

If you feel your data hasn’t been handled correctly, please email: info@impactsignsolutions.co.uk.
We’ll investigate your concern and reply as soon as possible. 

Still not satisfied?
You can contact the Information Commissioner’s Office (ICO): 

Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Email: casework@ico.org.uk 

Right to Erasure 

You also have the right to request data deletion.
This is often called the “right to be forgotten.” 

You can ask us to erase your data if: 

  • It is no longer needed 
  • You withdraw your consent 
  • No valid reason exists to keep it 
  • The data was used illegally 
  • A legal rule requires deletion 

Please note: In some cases, we may keep the data for legal or business reasons. 

Data Security 

We treat your data with care.
For protection, we use secure servers and password systems.
Moreover, our internal access is limited to trained staff. 

We also use SSL encryption for all web pages that collect sensitive data.
As a result, your credit card or personal info remains hidden from other users.
Only masked digits will display if you revisit the page. 

Data Breaches 

If a data breach occurs, our Data Privacy Committee will act quickly.
They will report it to the ICO according to GDPR and DPA rules.
This ensures full transparency and compliance. 

Impact Signs Privacy Policy 

Who Collects and Uses Your Personal Data? 

Impact Sign Solutions Ltd. acts as the data controller for any personal data you share with us.
We process your data under the terms set by the UK Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR). 

Please note:
If you choose not to provide your personal information, we may not be able to offer quotations, process orders, or enter into any contracts for services or products. 

Why We Collect Your Personal Data 

We collect your information to support communication and carry out essential business activities.
For example, we need your data to deliver services, reply to enquiries, and manage our relationships with customers and suppliers. 

We store this data to help us work more efficiently and stay compliant with legal requirements. 

We may store the following types of information: 

  • Your name and company name 
  • Contact details (phone numbers, addresses, email addresses) 
  • Notes and records from meetings or discussions 

In all cases, we use your data only for service delivery and administrative tasks.  

Our Legal Basis for Using Your Data 

We rely on the following legal reasons to use and store your data: 

  • Contractual obligations — such as providing quotes, creating artwork, and responding to your enquiries. 
  • Legal compliance — as outlined in the Data Protection Act 2018. 

In short, we use your data when it’s necessary to carry out our services or meet legal duties. 

Who We Share Your Data With 

In some situations, we may need to share limited data with trusted third-party providers.
For instance, courier companies may receive your name and address so they can deliver your order. 

We do not share your data for marketing or promotional purposes.
Moreover, we will only share your information if it supports legitimate business operations and never puts your privacy at risk.  

How Long We Keep Your Data 

We regularly review the data we store.
When it is no longer needed, we delete it securely. 

However, we may keep certain information longer to support warranties or product servicing.
For instance, we might refer to past job details — such as the font, colour, material, or size used in a sign. 

To make this easier, we store your data in a searchable format.
We can find records using your company name or, if needed, your personal name.  

Your Data Rights 

You have several rights under the Data Protection Act 2018, the Freedom of Information Act 2000, and the GDPR.
These rights give you control over your personal information. 

You have the right to: 

  • Access the personal data we hold about you 
  • Request corrections or deletions 
  • Object to how your data is used 
  • Request a machine-readable version of your data 
  • Withdraw consent if it was the basis for data processing 

To make a request, email: info@impactsignsolutions.co.uk 

Keep in mind, we review each request individually based on the law and our obligations.  

Your Right to Complain 

If you believe we mishandled your data, contact us at the same email: info@impactsignsolutions.co.uk 
We will look into the matter and respond under our internal complaints process. 

Still not satisfied?
You can file a complaint with the Information Commissioner’s Office (ICO): 

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF 

Email: casework@ico.org.uk