0333 772 0692

General Information

Company Name
Factotum Ltd

Questionnaire completed by
Graham Abbey (Managing Director)

Date Completed

GDPR Awareness and Readiness

Is your organisation aware of the changes to data protection law under GDPR and how it will impact your business?
Yes, Factotum Ltd have already made the relevant changes to our policies and procedures.

Have you undertaken formal gap analysis / an information audit against requirements under GDPR?

Have you initiated a project to achieve GDPR Compliance?

Do you expect to be compliant with GDPR by 25 May 2018?

Staff Involvement and Awareness

Have you appointed / will you appoint a Data Protection Officer?
Yes (Graham Abbey)

Do you have a training program in place to ensure all relevant staff are aware of GDPR requirements prior to May 25 2018?
Yes (ongoing)

Data Governance

Have you created a record of your processing of personal data?

Please detail the personal data that your service or product collects, stores, processes or has access to.
Factotum Ltd processes and retains details within our Call Handling database, including but not limited to, client name, company name, company contact details (address, email address and phone number/s), contact details (phone number/s and email address) of company personnel, clients bank details (bank, sort code and account number) and DoB.   When taking calls on behalf of our clients Factotum Ltd process and retain the following details, including but not limited to: customer name, telephone number/s, email address, address and any message.   When taking card payments from both clients, and clients customers, Factotum Ltd has access to but does not document or retain any credit card information.

Fair Processing and Privacy Notice

Do you intend to revise your Privacy Notice?
This has been done. A separate email will be sent shortly documenting our new Privacy Policy requesting that you read and sign your agreement.

Do you have a privacy notice on your website?
The privacy notice will be posted on our website prior to the GDPR “Go Live” date of 25th May 2018 – www.ukfactotum.com/PrivacyPolicy

Data Subject Rights

Do you have policies and procedures in place to comply with a data subject’s rights including their rights: to be informed; to access; to rectification; to erasure; to data portability; to object to direct marketing.

Data Transmission and Data Residency

Do you transfer personal data outside of the EU?

If so, what steps have you taken to ensure GDPR Compliance?

Do you have a documented process for storing data and retaining it in line with GDPR requirements?
Yes. All data is stored on our secure servers and located behind our company firewall. We utilise a secure Call Handling database.

Has your organisation considered the GDPR Data Minimisation principle and reflected this in your relevant data retention policies?
Yes. Data held within our Call Handling database is “flushed” monthly with data over 12 months being deleted.

Do you encrypt personal data when you transfer it to 3rd parties?
Messages from our Call Handling database are not routinely encrypted. Personal data including Direct Debit and Payroll information is encrypted prior to being transferred.

Please describe how data that is transmitted is protected.

Data Breach

Have you documented your data breach notification procedures to meet GDPR requirements, and have all relevant staff been given adequate training in this?
Yes. A copy is available on-line at www.ukfactotum.com/FactotumGDPR_Breach_Policy

Have you had any data breaches or large-scale data losses in the last 12 months?

Factotum Limited
6 The old Railway Station
Green Road
In order to support our continued growth Factotum received a grant through the New Anglia Small Grant Scheme, which is part funded by the European Regional Development Fund.
Copyright © 2002 – 2024 Factotum Limited All Rights Reserved
chevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram