GDPR Privacy policy

Glow has created this policy to ensure its staff and partners are compliant with GDPR.

GDPR overrides the UK DPA 1998 act and it brings consistency. It came into force on May 25^th, 2018. It covers all of Europe and is not affected by Brexit.

This policy outlines what Glow will monitor, action and review annually.

1. Know our data. We will undertake care in understanding the types of personal data (e.g. name, address, email, bank details, photos, IP addresses) and sensitive or special category data (e.g. health details or religious views) we hold, where it’s coming from, where it’s going and how we will use that data.
   

   ---

2. We will look hard at our security measures and policies and implement any changes required.
   

   ---

3. Train our employees. We will train our employees and report a serious breach within 72 hours. We will ensure our employees understand what constitutes a personal data breach. We will also ensure everybody involved in our business is aware of a need to report any mistakes to the ICO.
   

   ---

4. Due-diligence will be carried out on our supply chain and will we request for their GDPR policies.
   

   ---

5. Process map. We have created a process map diagram to enable staff members and clients to quickly and easily understand their and Glow’s obligations for GDPR.
   

   ---

6. Client data. We do not and will not share client’s data with any third-party companies. We will only collect or process data where we believe there is a legitimate interest.
   

   ---

7. Ongoing monitoring. We take GDPR seriously and respect the data we hold on our employees, clients, partners and suppliers. We will review and update our policy map and GDPR actions annually. If new information or advice is issued by the ICO we will do our best to administer this in a timely and accurate manner. Where we are not clear of our actions and obligations, we will seek advice from the ICO.