Faire & Fine needs to gather and use certain information about individuals, including clients, suppliers, business contacts, employees, and prospective employees we may need to contact. This policy describes how this personal data is collected, processed, transferred, handled, and stored to comply with data protection law, particularly the General Data Protection Regulation (GDPR). We are dedicated to ensuring fair processing of personal data and demonstrating our compliance with these principles.

This policy provides guidance to our staff and clients in:

• Complying with data protection law and following good practices.
• Protecting the rights of staff, clients, and business contacts.
• Being transparent about how we use and store personal data.
• Protecting Faire & Fine against the risks of data breaches.

This policy applies to all employees and contractors with access to any of our files and computer systems. Collectively, these individuals are referred to as 'users'. All users are responsible for complying with the terms of this policy.

The GDPR regulates how organisations must collect, handle, and store personal data. Personal data includes any information related to an identified or identifiable individual, such as name, address, phone number, email, age, location data, or online and biometric identifiers.

The GDPR outlines several key principles for personal data processing:

• Lawfulness, fairness, and transparency: Personal data must be processed lawfully, fairly, and transparently.
• Purpose limitation: Personal data must be collected for specified, explicit, and legitimate purposes.
• Data minimisation: Personal data must be adequate, relevant, and limited to what is necessary.
• Accuracy: Personal data must be accurate and kept up to date.
• Storage limitation: Personal data must be kept only as long as necessary.
• Integrity and confidentiality: Personal data must be processed securely.
• Accountability: Data controllers must demonstrate compliance with the GDPR.

All staff at Faire & Fine share collective responsibility for ensuring compliance with our data
protection policies and legal obligations.

We process personal data lawfully and fairly, with transparency. We are permitted to process data where one of the following legal bases applies:

• Consent from the data subject.
• Necessary processing for contract performance.
• Legal obligation compliance.
• Protection of vital interests.

Faire & Fine collects, processes, and holds personal data for specific purposes:

• Personal details of employees for employment administration.
• Personal details of clients for communication and marketing.
• Financial details for payroll and tax purposes.
• Personal details of suppliers for communication.

• Electronic personal data is stored securely with password protection and regular updates.
• Personal data on mobile devices requires Founder approval.
• Printouts containing personal information are destroyed promptly.

• Employees must have authority to access personal data.
• Data requests must be formally made to the Founders.
• Personal data must be handled with care and not shared informally.

• Employees, contractors, and third parties are trained and supervised in data handling.
• Data collection, holding, and processing methods are regularly reviewed.
• Contractors are held to the same standards as employees and must make us aware of any policy breaches.

All personal data breaches must be reported to the Founders. If a breach risks data subjects' rights and freedoms, the ICO will be informed within 72 hours, and affected individuals will be notified promptly.

By adhering to these policies and procedures, Faire & Fine ensures the protection of personal data and compliance with GDPR regulations.

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. Any changes will be posted on this page, and where appropriate, notified to you.

Last updated: 28th November 2024