Wigwam Marketing Solutions Ltd – GDPR White Paper
Company registration number: SC385552
ICO registration reference: ZA217903
GDPR Officer: Chris Thorn (Director) – Tel: 07770 604983
Company classification: Data Processor
GDPR Compliance, security and the lawful processing of data is important to us. It is acknowledged that as of 25th May 2018 GDPR contact policy only applies to email data however, we have taken the opportunity to review our processes, procedures and data security measures which are detailed below:
1. Why do we process data?
We process data on behalf of clients who wish us to conduct marketing campaigns on their behalf. This data normally comprises consumer details (name, address and telephone numbers) plus on occasions some product purchase information.
2. Data Compliance
Data is only accepted on the basis that it is GDPR compliant either through granular ‘opt in’ or based on ‘legitimate’ interest. We therefore accept no responsibility whatsoever for the collection processes of the client ‘data controller’. It will also be assumed that the client has conducted their own Privacy Impact Assessment prior to commissioning us.
Where we are alerted to a customer request to ‘opt out’ or unsubscribe, this information will be supplied to the client at the end of the campaign.
3. Data Ownership
Supplied data will always remain the property of the client and will ONLY be used in accordance with written and verbal instructions.
4. Security
4.1 Data ‘in transit’ will only be received or sent via SFTP Server (our preferred provider is ‘WeTransfer’ using encrypted ‘Office 365’ documents which are password protected.
4.2 Data ‘at rest’ will remain encrypted on our servers for the period required to process it. Upon campaign completion client data will be destroyed.
4.3 All computers are password protected.
4.4 Only the staff who are required to process the data have access to it.
4.5 Wigwam do not authorise the use of mobile drives, Thumb/Pen/USB drives to transfer data.
4.6 Our virus software is externally managed by Clearwave Computer Support Services.
4.7 In the unlikely event of a data breach which would have a significant and detrimental effect on individuals, this will be reported to the client and ICO upon detection.

5. Outsourced Services
Where we outsource specialist services (like printing and fulfilment) to third parties in relation to working with data, Wigwam will act with due diligence in seeking professional assurances and documentation commensurate to our own GDPR policies and processes, incorporating any specific terms required by the client.

This policy will be updated as necessary to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments made to GDPR legislation and the Data Protection Act 1998.