GDPR Data privacy Statement

MAY 2018


LEA Printers

General Data Protection Regulations (”GDPR”)



At LEA Printers LLP (“LEA”), we are committed to being transparent about how we collect and use the data of you as an individual to meet our data protection obligations. The new GDPR Policy comes into effect on 25 May 2018 (replacing the Data Protection Act 1998). This policy sets out our commitment to data protection, and individual rights and obligations in relation to data.

This policy applies to the personal data of individuals or other personal data processed for business purposes.

We have appointed Paul Gill, Director as LEA’S Data Controller (person with responsibility for data protection compliance within the business). He can be contacted at Questions about this policy, or requests for further information, should be directed to him.


“Personal data” is any information that relates to an Individual who can be identified from that information. Processing is any use that is made of this data, including collecting, storing, amending, disclosing or destroying it.

The Data we hold about you is likely to be as follows: –

  • Names / Gender
  • Residential/Work Address
  • Telephone numbers (including mobile numbers)
  • Job Title/Description of what you do
  • Email address
  • Company name and address


Data protection principles

  • Data Security Standards and the use of personal data will strictly conform to GPR May 2018 compliance.
  • We only hold and use information for the purpose of developing and maintaining business trade between our respective companies.
  • We only collect basic personal data about you which does not include any special types of information.
  • We process data lawfully, fairly and in a transparent manner.
  • We only collect your data directly from you where it is relevant and limited to what is necessary for the purposes of processing. We do not engage third parties to provide us with your personal data.
  • We will not share information with anyone unless obliged to by law.
  • Your information will be deleted from the records after six years of your ceasing to be a Client / Supplier / Individual, in line with the UK tax and accounting law and destroyed securely.
  • You have the right to withdraw consent at any time. If you wish to do so, please contact us at
  • You have the right to request a copy of the data we hold about you. If you wish to do so, please contact us at


How do we protect data?

We take the security of your data seriously. We have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. We use a cloud-based system/online system to store your data, that requires 2 factor authentication. Physical documents containing your data are kept under lock and key in filing cabinets.

Data that is held electronically will be encrypted and password protected to minimise the risk of unauthorised access.

Strict security measures are applied for access to any personal data including:

  • To access only data that we have authority to access and only for authorised purposes.
  • Not to disclose data except to individuals (whether inside or outside the organisation) who have appropriate authorisation
  • To keep data secure (for example, by complying with rules on access to premises, computer access, including password protection, and secure file storage and destruction)
  • Not to remove personal data, or devices containing or that can be used to access personal data, from our premises without adopting appropriate security measures. For example, as encryption or password protection, in order to secure the data and the device.
  • No to store personal data on local drives or on person devices that are used for work purposes.

Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate measures to ensure the security of data.


We will provide training to all individuals about their data protection responsibilities as part of the induction process ad at appropriate times thereafter.

Your rights

As a data subject, you have a number of rights. You can:

  • Access and obtain a copy of your data on request (see below).
  • Require us to change incorrect or incomplete data.
  • Require us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing.

If you would like to exercise any of these rights, please contact Jane Wright by emailing


If you believe that we have not complied with your data protection rights, you can complain to the Information Commissioner.  You have a right to lodge a complaint with the ICO (Information Commissioner’s Office) on 0303 123 113. This is a dedicated personal data breach helpline and is available Monday to Friday between 9.00 am and 5.00 pm. Alternatively you can write to:

The Information Commissioner’s Office,

Wycliffe House, Water Lane,


Cheshire SK9 5AF

To make a subject access request, you should send the request to In some cases, we may need to ask for proof of identification before the request can be processed. We will inform you if we need to verify your identity and the documents we require.

We will normally respond to a request within a period of one month from the date it is received. In some cases, such as where we process large amounts of your data, we may respond within three months of the date the request is received. We will write to you within one month of receiving the original request to tell you if this is the case.

You can contact us as follows: –

LEA Printers LLP 0800 888 6511


Alternatively, you can write to us:

LEA Printers LLP, 49 Leesons Hill, Orpington, Kent BR5 2LF