New Star Media :: GDPR Compliance Document
New Star Media Ltd. General Data Protection Regulation (GDPR) Policy and Documentation

Revised 1 May 2018.  Effective as of 25 May 2018.  Please be aware this document is subject to change without warning before the effective date.

1. Terms used within this document

1.1.  New Star Media refers to New Star Media Ltd. (company number: 07206296), it’s services and trading name Engine Room.

1.2. Clients refers to companies contracted to New Star Media for services related to web management, development and/or marketing.

1.3. Individuals refers to users of websites and services provided by New Star Media on behalf of the Client.

1.4. Data refers to personal or identifiable information relating to Individuals.

1.5. Document refers to the most recent version of New Star Media’s General Data Protection Regulation (GDPR) Policy and Documentation .

1.6. Services refers to New Star Media providing website management, development and related online services such as (but not limited to) email management, online marketing, domain and hosting services.

1.7. Third Party Provider refers to external providers of services and tools that New Star Media make available to Clients and Individuals that may collect Individual’s Data.

2. Scope and purpose of Document

2.1. New Star Media provides Services to Clients within various industry sectors that operate or have the potential to interact with Individuals from counties within the European Union (EU).

2.2. The scope of this Document encompasses the Data collected from Individuals via Services provided by New Star Media on behalf of the Client.  This document is restricted to Individuals and does not extend to any business to business activities.

2.3. This document outlines:

2.3.1. The scope of the Document.

2.3.2. Point of contact for GDPR and data protection.

2.3.3. The basis of Individual’s Data collection, management of Data and the Individual’s rights.

2.3.4. New Star Media’s accountability and where responsibility ends.

2.3.5. Third Party Providers.

2.3.6. Privacy policy and the Individual’s awareness.

2.3.7. New Star Media’s breach protocol.

2.4 Availability and changes

2.4.1. New Star Media will ensure that this Document is kept up-to-date and is available in the following ways:

2.4.1.1. By request via New Star Media’s Data Protection Representatives.

2.4.1.2. Online via http://www.newstarmedia.co.uk/GDPR.

2.4.2. New Star Media will ensure that any changes to this Document will be communicated to Clients via email as well as be made available within an archive visible via http://www.newstarmedia.co.uk/GDPR.

3. Company details

New Star Media Ltd.

Paper Mews Place, 290 High Street, Dorking, Surrey, RH14 1QT

Company number: 07206296

3.1. Data Protection Representatives

3.1.1. Company Officer:

Dan Gross (Company Director)

Paper Mews Place, 290 High Street, Dorking, Surrey, RH14 1QT

0845 095 1990

GDPR@newstarmedia.co.uk

3.1.2. Internal data protection advisor and point of contact:
Matthew Hall

Paper Mews Place, 290 High Street, Dorking, Surrey, RH14 1QT

0845 095 1990

GDPR@newstarmedia.co.uk

4. Scope of Data and who it applies to

4.1. The Data referred to in this Document is that of the Individuals using Services provided by New Star Media.  It does not relate to any business to business activities or data collection between New Star Media, Third Party Providers and Clients.

5. Review of activities

5.1. New Star Media track and store Data.  New Star Media take responsibility with regards to gaining consent from Individuals where possible, retaining the information only for as long as is needed and provide the ability amend or remove Data.

5.2. Business functions and purpose.

5.2.1. Much of the Data collected by New Star Media is via contact forms that are provided as part of New Star Media’s Service.  Individual’s Data is required to be submitted and stored for the use by the Client to enable them to respond to the Individual.

5.2.1.1. Lawful basis of data collection: Consent.

5.2.1.2. Individual’s consent is required via opt-in check box on forms and recorded on New Star Media servers.

5.2.1.3. Contact form Data is retained for a period of 90 days.  After this period has passed, all Data related to that Individual and the interaction made with New Star Media’s Services is removed.

5.2.1.3.1. Clients are given the ability to export the Individual’s Data for use in internal systems separate to Services provided by New Star Media.

5.2.1.3.2. Access to an Individual’s Data is only available via secure encrypted credentials.

5.2.1.4. Individuals rights.

5.2.1.4.1. New Star Media respect the Individual’s rights to their Data and can provide Individuals with a copy of their Data contained within New Star Media’s Servers within 2 working days.

5.2.1.4.2. New Star Media provides the ability for both New Star Media and Clients to remove an Individual’s Data held within New Star Media’s Servers instantly.  Requests for removal made via New Star Media will be actioned within 2 working days.  Requests made through Clients will dealt with in accordance with the timeline outlined in the Clients GDPR retention policy.

5.2.1.4.3. New Star Media uses Third Party Providers for services such as finance applications and instant chat within websites.  Data collected from these methods are held by Third Party Providers and the Data is managed and retained by the respective companies GDPR policy.

5.2.1.4.4. Requests made through New Star Media to have Data removed from Third Party Providers will be submitted to Third Party Providers within 2 working days and will be dealt with within the timeline outlined in the Third Party Provider’s GDPR retention policy.

5.2.1.5. New Star Media take all reasonable precautions to ensure that any Third Party Provider adhere to guidelines set out in the General Data Protection Regulation.

5.2.2. New Star Media provides Services enabling communication of an Individual via email.

5.2.2.1. Lawful basis of data collection: Consent.

5.2.2.2. Individuals consent is required via an opt-in check box and recorded on New Star Media servers.  Individuals are made aware of potential frequency of contact made by the Client, however ultimately, the frequency is controlled by the Client.

5.2.2.3. An Individual’s Data is retained for a period of 90 days.  After this period has passed, all Data related to that Individual and the interaction made with New Star Media’s Services is removed.

5.2.2.3.1. Clients are given the ability to export the Individuals Data for use with other systems and services separate to Services provided by New Star Media.

5.2.2.3.2. Access to and Individual’s Data is only available via secure encrypted credentials.

5.2.2.4. Individual rights.

5.2.2.4.1. New Star Media respect the Individual’s rights to their Data and can provide Individuals with a copy of the Data contained within New Star Media’s Servers within 2 working days.

5.2.2.4.2. New Star Media provides the ability for both New Star Media and Clients to remove an Individual’s Data held within New Star Media’s Servers instantly.  Requests for removal made via New Star Media will be actioned within 2 working days.  Requests made through Clients will dealt with within the timeline outlined in the Clients GDPR retention policy.

5.2.2.4.3. The Individual also has the ability to remove their Data from this type of communication via an email link sent out in conjunction with any communication made to them.

5.2.3. New Star Media collects Data and places Cookies based on an Individual’s behaviour when using one or more of New Star Media’s Services.  The type of Data collected is outlined within the Privacy Policy made available to the Individual using New Star Media’s Services.  Data collection based on the Individual’s behaviour is anonymous and no personal Data is stored within New Star Media’s Servers.  This Data is used to improve the Individuals experience of New Star Media’s services.

5.2.3.1. Lawful basis of data collection: Legitimate interest.

5.2.3.2. New Star Media assumes implied consent and minimal impact on privacy.

5.2.3.3. Individuals Data is retained for a period of 50 months.  After this period has passed, all Data related to that Individual and the interaction made with New Star Media’s Services is removed.

5.2.3.3.1. New Star Media uses Third Party Providers to track behavioural Data that may associate an Individual with a Third Party Provider account.  New Star Media ensures that where ever possible, any data held by Third Party Providers are removed within the 50 month period.

5.2.3.3.2. Access to and Individual’s Data is only available via secure encrypted credentials.

5.2.3.4. Individual rights.

5.2.3.4.1. New Star Media respect the Individual’s rights to their Data and only stores anonymous data in this business function.

5.2.3.4.2. Requests made through New Star Media to have Data removed from a Third Party Provider will be submitted to Third Party Provider within 2 working days and will be dealt with in accordance with the timeline outlined in the Third Party Provider’s GDPR retention policy.

6. Accountability

6.1. New Star Media takes accountability for any Services wholly provided and managed by New Star Media.  Data requested is the minimum required to fulfil the Service.

6.2. Data held by New Star Media is retained for the minimum time required to fulfil Services provided by New Star Media.

6.3. New Star Media endeavours to be as transparent as possible when it comes the Data collection of Individuals and where possible, consent will be acquired, tracked and managed.

6.4. New Star Media provides Services to Clients that allow for an Individual’s Data to exported by the Client.  Once the Data has left New Star Media servers, it is the responsibility of the Client to manage the Data correctly and in accordance with guidelines set out within the General Data Protection Regulation.

6.4.1. Reasonable effort will be made on behalf of New Star Media to attain Client GDPR policies and practices and ensure both parties are operating in accordance with guidelines set up within the General Data Protection Regulation.

6.5. New Star Media uses and passes on Services to Clients that are provided by a Third Party Provider.  It is the responsibility of the Third Party Provider to manage the Data correctly and in accordance with guidelines set out within the General Data Protection Regulation.

6.5.1. Reasonable effort will be made on behalf of New Star Media to attain Third Party Provider GDPR policies and practices and ensure both parties are operating in accordance with guidelines set up within the General Data Protection Regulation.

7. Third Party Providers

7.1. New Star Media uses Third Party Providers to extend Services available to Clients as well as for usage Data.  See a list of all our Third Party Providers that collect Data on Individuals.

7.2. New Star Media will make reasonable effort to attain Third Party Provider GDPR policies and practices and ensure both parties are operating in accordance with guidelines set out within the General Data Protection Regulation.

8. Privacy policy and awareness

8.1. New Star Media will make reasonable effort to ensure all privacy documents are kept up-to-date and highlight to Individuals in plain English any changes to how their Data is being collected or used.

8.2. New Star Media will make reasonable effort to ensure the Individual is aware of any Data being tracked and gain consent wherever possible.

8.3. New Star Media will make reasonable effort to ensure the Individual is aware of all Third Party Providers used within the Services offered.

8.4. New Star Media will make reasonable effort to ensure the Individual can remove or request their Data and understand how to manage this Data where applicable.

9. Breach protocol

9.1. As part of the General Data Protection Regulation, New Star Media has undergone an internal security assessment on how Data is stored, handled and transmitted.

9.2. New Star Media ensures security measures are in place for all Data.  These measures include:

9.2.1. Firewall policy

9.2.2. Where possible SSL is used to transmit Data

9.2.3. All passwords are encrypted

9.2.4 .Daily incremental back up of data and weekly full back ups are retained for 14 days

9.2.5. Vulnerability checks

9.3. In the unlikely event of a breach of New Star Media Data, the Individual(s) will be contacted within 72 hours and made aware of the potential Data that has been compromised.

Privacy

We take your data seriously - discover how we handle your privacy
Learn more

Changes since last revision

This is the first revision of the Document. Please spend the time to read and understand this document. Any questions should be directed to the Data Protection Representative identified within this Document.

Previous changes

None.