Manuscript Pen Company Ltd is the ‘data controller’, under the terms of all relevant legislation, and is committed to complying with UK GDPR in the following ways:

• Personal data is processed lawfully, fairly, and transparently.
• Data is collected only for specified, explicit, and legitimate purposes.
• Only the minimum necessary personal data is collected and processed.
• Personal data is kept accurate and up to date.
• Data is retained only for as long as necessary for the intended purpose.
• Appropriate security measures protect personal data from unauthorised access, loss, or damage.
• A clear and accessible privacy policy explains how personal data is used.
• A lawful basis for processing customer data is established and documented.
• Individuals are informed of their rights, including access, correction, and deletion of their data.
• Employee personal data is stored securely and access is limited to authorised personnel.
• A data retention policy governs the storage and deletion of HR records.
• International data transfers comply with UK GDPR and, where applicable, EU GDPR.
• Data shared with overseas suppliers is protected through adequacy decisions, Standard
• Contractual Clauses (SCCs), or Binding Corporate Rules (BCRs).
• Website cookie usage complies with UK GDPR, and user consent is obtained where required.
• Marketing communications follow GDPR requirements, ensuring consent or legitimate interest before sending emails.
• A data breach response plan is in place to detect, report, and respond to incidents.
• Personal data breaches are reported to the ICO within 72 hours if there is a risk to individuals.
• A Data Protection Lead is responsible for overseeing GDPR compliance.
• Data Protection Impact Assessments (DPIAs) are conducted for high-risk data processing activities.
• Supplier contracts include GDPR-compliant clauses to ensure secure data handling.
• Employees receive regular training on data protection responsibilities.
• Regular audits and security reviews ensure compliance with GDPR requirements.
  
  

For help or advice on any data protection or freedom of information issues, please do not hesitate to contact:

The Data Protection Officer (DPO): Charlie Stockbridge, GDPR lead, gdpr@manuscriptpen.com