Skip to content

Version 1.2 – Published 31st May 2022.

North Product Design Limited & NPD London Limited, trading as “npd“, hereby referred to as npd.

1.0 About this Policy

1.1 Document Control

The document is to be reviewed annually and updated.

1.2 Policy Purpose

The purpose of the npd Privacy Policy and Statement is to ensure that all personnel whom we deal with either as prospective customers, customers, suppliers or employees fully understand the company’s commitment to meet or exceed all the GDPR legislation that is relevant to the company and the services it provides. If you have any questions about this privacy notice or how we use your personal data, please contact us:

1.3 Distribution

Published on this website and available to existing customers and suppliers.

2.0 The Policy

2.1 Introduction

The EU General Data Protection Regulations (GDPR) require all companies to treat personal information collected or handled securely and maintain accurate records as to how this information is stored and used. npd recognise that your privacy is important. This document details the information regarding personal data that npd collects, stores and uses.

npd will comply in full with the principals of the GDPR that requires that personal data shall be:

2.2 How we collect personal information

npd collect personal information via the following means:

2.3 The type of personal information we collect and store

The Type of Information Collected and Stored by npd:

The Type of Personal Information transferred to npd :

The information that is required by npd is often a subset of a much larger data set that may contain a much wider set of personal information than that required by npd to fulfil their services. This information may include:

2.4 How we use personal information

npd may use your personal information to:

npd employs a “need to know” policy of sharing information between its employees, agents or subcontractors and will only disclose sufficient information to allow our employees, agents or subcontractors to complete their objectives and as such these parties will be obligated to use that personal information in accordance with the terms of this privacy statement.

In addition to the uses described above npd may disclose your personal information to the extent that it is required to do so by law, in connection with any legal proceedings or prospective legal proceedings, and in order to establish, exercise or defend its legal rights.

NDA

When approaching suppliers to discuss your project npd has an NDA policy (non-disclosure agreement) all relevant suppliers will sign this before npd disclose any project relevant or personal information. You will also be asked before hand if you are happy for npd to share your information in order to for fill our services.

Direct Marketing Communications

We strive to make sure we provide only interesting and relevant marketing communications. And you can opt-out at any time.

If you have chosen to opt-in to our direct marketing communications, we will use your information to tell you about products and services available from us which may be of interest to you. We may also use your information to tell you about products and services which we can introduce from selected businesses.

To help make our emails more interesting and relevant, we often receive a confirmation when you open an email from npd if your computer supports such capabilities.

You have a right to opt-out of our direct marketing communications at any time. You can opt-out by following the unsubscribe instructions at the bottom of the communication.

2.5 How we insure your personal information is kept secure

npd will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.

All employee information will be kept and stored securely on secure servers and accessed by Password Protected Payroll, Accounting and Time Recording software.

All customer and Supplier details will be kept stored securely on secure servers and accessed by Password Protected CMS, and accounting Software.

Client Website Data

All npd client data for hosted websites, is held by our hosting company suppliers secure servers. Whilst the data held within clients websites is owned, retained and is the responsibility of the client, npd can control and have access to this data. npd will never use this data for any other purpose than in the interest of the client owning the data. If a client wishes to know which hosting company holds the data, where the data is stored and who has access to this data, please email hello@npd.studio or call 0161 974 3201 and our team will give you the details required.

If a client wishes to delete data from their website it is their responsibility as the website owner. If a client wishes to task npd with deleting this data, an hourly charge of £85 will be applied to book this work in and actioned.

This is how we will protect your data

In order to protect the personal data collected from you by npd against accidental or deliberate manipulation, loss, destruction or the access of unauthorised persons, technical and organisational security measures are constantly improved as part of our technological development. In addition, our employees, subcontractors and other support staff are obligated to observe confidentiality and data privacy.

Any access to your data that is stored at our company only takes place through an encrypted connection. By using the most up-to-date firewall systems, we provide the best possible protection for your data. Our website, as well as our internal Customer Management System (CMS) is encrypted using a SSL/TSL (Secure Sockets Layer/ Transport Layer Security) connection. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.

All passwords and usernames allocated to you must be kept secret and must not be disclosed to anyone without our prior written authorisation. You must not use any false identity in email or other network communications and you must not attempt or participate in the unauthorised entry or viewing of another user’s account or into another system.

2.6 What we will do in the event of data being compromised

If at any time we become aware that your data has been compromised, or that a breach of our systems and controls has occurred, which has an impact on the security of your data, we will notify the Information Commissioner’s Office, and you, without undue delay.

2.7 Our lawful basis for processing this data

If the personal information has been collected by npd we will ensure we have your permission to use the data necessary for the fulfilment of services provided or in order to take steps to procuring further orders.

If the personal information is transferred to npd for the purposes of fulfilling a service we will obtain a statement from the transferee that they have the consent of all personnel to which the information refers before entering into a contract.

2.8 Data Retention

All data transferred to us by third parties will be stored in a restricted area.

It will be held there until either the data is no longer required or the transferee has requested us to destroy the data. Data transferred to us will be disposed of using an electronic shredder. Data that has not been used will be destroyed by secure means after a period no greater than 12 months.

All data collected on employees will be held for at least 5 years after employment ceases for archiving purposes unless requested to do otherwise.

All data collected on customers or potential customers will be held whilst ever that data is considered useful or unless requested to do otherwise. The Data will be reviewed at least annually.

2.9 Your rights

All personnel that npd hold personal information on have the following rights:

Subject Access Request

You can request a copy of the data we hold on you at any time and will provide it within 1 month of receiving your request in writing, if not sooner.

You have the right to request access to a copy of the personal information that we hold about you. This is also known as a ‘Subject Access Request’. This information is provided to you free of charge however, we can refuse to respond or charge a ‘reasonable fee’ of £10 Inc. VAT when a request is manifestly unfounded, excessive or repetitive.

We will provide this information in a structured, commonly used and machine-readable forms such as a CSV file or PDF file where possible. This allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. Where possible, we will provide this information via remote access to a secure self-service system, such as our Customer Account area, which would provide you with direct access to your information.

If you would like to submit a Subject Access Request, please contact our team in writing to:

npd
Jactin House
24 Hood Street
Ancoats, Manchester
M4 6WX

2.10 Updating this statement

npd may update this privacy policy from time to time and will ensure that the latest version is held on our web site www.npd.studio/privacy-policy.

You should check this page occasionally to ensure you are familiar with any changes.

2.11 Contacting npd

If you have any questions about this privacy policy or personal information that npd holds please direct your enquiries as follows:

2.12 Making a complaint

If you have a concern about npd information rights practices, you should report it to the ICO by accessing by either e-mailing casework@ico.org.uk or accessing their web site www.ico.org.uk.

We focus on making
good choices together.

We’re a product design agency that helps transform your ideas into tangible, interactive objects. We love the idea of working with like-minded people to make something amazing.