Young Writers, social media
|
Young Writers
Young Writers

Feedback Form

Click here if you would like to add a comment.

Thank For your Feedback

Error!

Print PDF

Download GDPR

Download PDF

Download GDPR
DATA
PROTECTION
Here at Bonacia your privacy is our priority,
especially as a lot of our brands deal with the
personal data of children. This document
shows how we protect your data.
As part of your responsibilities you have to make sure that any company that processes
data that you control, adheres to the GDPR. To make life easier for you all the information
you need to know about how we look after your data is below. Please read this then file it
away and relax knowing that your data is in safe hands.
THE FORMAL BITS:
Company: Bonacia Ltd
Company number: 05368980
Brands in the Bonacia Family
Young Writers
Leavers’ Books
Nursery Leavers’ Books
Leavers’ Hoodies
Nursery Resources
School Products
Book Printing UK
Document produced by: Morgan Walton (company director) on 9th May 2018 who can be
contacted at morgan.walton@bonacia.co.uk
Data protection officer: Xynics who can be contacted at
compliance@bonacia.co.uk or on 0843 005372
Data Protection registration number: ZA230462
Number of employees: 95
Address:
Bonacia Ltd
Remus House
Coltsfoot Drive
Woodston
Peterborough
PE2 9BF
Data Protection
Data Protection
The Young Writers team process teachers’ data when
entering competitions; this is usually their name and
their email address. They also process pupils’ names
when editing and typing their amazing poems and
stories.
Leavers’ Books process teachers’ names and email
addresses. They also process pictures and names
of children that will appear in the yearbooks. We
guarantee the safety of your data and all processing
takes place in our building.
When creating your leavers’ hoodies we process
teachers’ names and email addresses but also (if you
are going to personalise with names) we process the
names of pupils as well. We outsource some of the
work to a company called Yazoo Clothing who print the
finished garments for you, however we have made sure
that they care about your data as much as we do and
are GDPR compliant.
Our Nursery Resources department process the name,
address and email address of the person who places
the order.
The main information the School Products team process
is the teacher’s name and email address. If you are
choosing to have a photo on your product, this is also
classed as personal information which is printed in-
house and not shared with any other companies.
The BPUK team deal with orders for print from schools,
publishers and individuals. The data they process is the
name, email and postal address of the person placing
the order or getting the quote.
MAIN PURPOSE FOR
PROCESSING YOUR DATA
L
e
a
v
e
r
s
H
o
o
d
i
e
s
Data Protection
TECHNICAL STORAGE
INFORMATION
All personal data is held within Bonacia’s secure network which uses ‘per user
based access control, or on our secure Amazon web servers.
Each brand within Bonacia has its own dedicated folder structure, which ensures that only
those Bonacia employees that need to see any personal information can.
In the few cases listed on the previous page, where it is necessary to share personal data
outside of Bonacia, we transfer this information using a password protected and encrypted
Zip file sent using ‘We Transfer’ and the passwords are given to the recipient verbally via
telephone. We never send any personal data via email or in an unencrypted form.
We also require any contracts with third parties that we share data with to contain clauses
confirming their compliance with our Privacy Policy and for us to audit them at any time to
confirm this.
TECHNICAL Q AND A
Do you use the illusive ‘Cloud’ to store data or backups, if so how do you keep it safe?
We use Netgear and Amazon platforms for this, they are very reputable companies and
know what they are doing. All data is encrypted using 128 bit SSL secure connection for
transmission and 256 bit AES encryption for the physical data.
All data also hides behind firewalls and is password protected.
How do you look after data on other media - USB, DVD and paper?
Any data stored on USB is transferred to our secure network, then the data is deleted from
the USB. We do not use DVDs to store data.
Each department has their own office so access is restricted for paper documents, also
paper is securely shredded.
Do you have a BYOD (Bring Your Own Device Policy)?
We do not have one of these and have no plans to introduce one.
Data Protection
PREMISES SECURITY Q AND A
Do you have a reception area? If so, how is it controlled?
We have a reception area which is manned at all times.
And can any prying eyes see into the office from here?
They can see staff hard at work but we have a clear desk policy and make sure that all
computer screens cannot be seen from the reception area.
How are the entrances to the building controlled?
Our main entrance is locked with an intercom for visitors to gain access. We have fire exits
which remain closed and are at the back of the premises which cannot be opened from the
outside.
Do staff wear identification?
Yes! We all have name badges which we wear on lanyards.
Do visitors wear identification?
Most certainly, they have lanyards which clearly identify them as a visitor. They also have to
sign in to the visitor’s log so we know they are here and when they have left.
Do you have an alarm system, is it linked to anyone?
Our premises are alarmed with posh motion sensors. At the first sign of trouble we get a call
from Darden Security and they send someone straight here to make sure nothing untoward is
happening.
Do you have windows and how are they secured?
We have lots of windows here at Remus House. All windows on the bottom floor where our
production facility is have window locks, they also have a protective film over them to make
them harder to look through and very hard to smash.
Our offices are based on the top two floors where the windows are fitted mainly with blinds
and also the special film we use on the bottom floor.
Do you have any further security?
We have 24-hour CCTV around the premises and signs to let everyone know.
Data Protection
STAFF AND PROCEDURES
Q AND A
How do you make all staff aware of their responsibilities under the Data Protection
Law?
Although most data protection is common sense, we make it common practice. When we
welcome new people into the Bonacia Family, Data Protection is part of the induction. They
get taken through the dos and don’ts of data protection and once they’re happy they know
what they are doing, they sign to this effect.
With the introduction of GDPR we have overhauled our training on this and have added it as
a programme to our in-house training academy for further training.
How do you make sure your staff are responsible and reliable?
We ask for full references and check these before we employ anyone.
Also every member of the Bonacia Family has been DBS checked… from the directors
and senior managers to the lads and ladies in the print shop – so you really know your data
is in safe hands.
Do you have a Data Protection or Information Security Policy in place?
Do we ever, we have lots! We look after a lot of data for various different brands so each
team have their own policy which is super relevant to how they work. And as a business we
have policies that apply to all departments, mainly IT and email related.
What would happen to a member of staff if they breached Data Protection?
We take Data Protection very seriously, we focus on training and procedures to ensure
this doesn’t happen. Just in case, we do have an internal procedure for Data Protection
breaches and everyone in the building knows that breaching Data Protection could result in
disciplinary action.
Do you use any subcontractors to process data? If so, do you have any safeguards?
We don’t… we like to do things ourselves! Like the saying goes, if you want something doing
properly, do it yourself!
Do you collect data from individuals on our behalf? If so, how do you use it and will it
be shared?
The only brand that processes data on your behalf is Book Printing UK when they are
offering their fulfilment service; but you can rest assured we don’t share this and look after
the data as if it were our own.
All other brands do not.
If individual parents place orders with us (either through Young Writers or the Leavers’ Books
Parent Payment Portal) this opens a relationship with us. We have privacy policies for this and the
only time we will use their data is relating to their order – and of course we’d never share this.
Do you restrict staff in what information they can access?
Certainly, although we trust our staff implicitly we think it makes things a little neater –
employees only have access to the information on the database they need to do their job to
the best of their ability.
Data Protection
So there you have an overview of how we protect your data, which satisfies your
responsibility to make sure we are compliant. You can now relax and know your data is in
safe hands. If you would like any further information on our processes and policies, you can
by all means contact us or check out our individual privacy policies on each of the brands’
websites.
For more information on the GDPR regulations and making sure you are internally compliant,
we recommend looking at the Information Commissioner’s Office at www.ico.org.uk or if you
have any questions our friends at Xynics are GDPR gurus and super helpful, you can speak
to Mike by emailing mike.kilby@xynics.com
DISPOSAL Q AND A
How is paper with personal data on safely and securely disposed of?
We have secure shredding bins in the office, these are locked and secure at all times. They
are picked up monthly and shredded off site. Don’t panic though, the vans are well protected
with CCTV and we get a pick-up note and confirmation when all our waste has been securely
destroyed.
How do you safely and securely dispose of hardware and software which may include
personal data?
Obsolete data drives are formatted (which means data is removed) before being disposed of.
If you store data in the Cloud, how do you ensure this is removed safely?
Processes and protocols are in place for data removal from Cloud storage, managed by our
technology manager in conjunction with Amazon and Netgear who protect our data.