Elite Signs Privacy Policy

At Elite Signs & Graphics Ltd, we are committed to protecting and respecting your privacy.
This policy explains when and why we collect personal information, how we use it, the conditions under
which we may disclose to others and how we keep it secure.

Any queries regarding the policy and our privacy practices should be sent by email to
hello@elitesigns.co.uk or by writing to Elite Signs & Graphics Ltd. 2320 Central Park, Western Avenue,
Bridgend Industrial Estate, Bridgend, CF31 3RH.

Who are we?
We are Elite Signs & Graphics Ltd, a South Wales based family run sign company with over 20 years’
experience in the signs and graphics industry.

What information is being collected?
• We obtain basic information from you when you contact us about our products and services
either in person, over the phone or via email. The type of information we collect may include
but will not be limited to: Your name, company name, address, telephone number, email
address and details of the product you have enquired about.
• We store your information securely on-site, and access restrictions are enforced to
author ised personnel only. Computerised records are maintained with restricted access with
automated backup and monitoring by our IT service providers. We do not store customer bank
or payment card details.
• We will also keep your details such as name, contact details, photographs of location, deposits
paid etc electronically on our PC’s in customer named folders in our Signlab software. Signlab
is a specialised computerised design and production software product. Our PC’s are password
protected.
• We use photographs from the work we have completed for customers on our social media
channels to promote Elite Signs and also your (the customer) business.

Who will your details be shared with?
• Where we feel appropriate after discussing your needs with you (the customer), we will seek
permission from you (the customer) to pass on information to business partners such as
marketing consultants, graphic designers who we feel will assist you with your business needs.
• We may occasionally contact suppliers to ask for advice to fulfil your (the customers) bespoke
signage needs.
• We take photographs of the work that we create and manufacture for you (the customer) and will
use these on social media sites such as (but not limited to): Facebook, Twitter, Instagram, Pinterest,
Linkedin, Google+ and our Elite Signs website.
• Our accountants have access to our Xero bookkeeping software which have customer contact
details and invoice details but we do not store bank details on Xero.
• We may on occasions use a safe approved installation contractor to fit signage. The information
we pass to the 3rd party will include, customer contact details and address of where the signage is
to be fitted. The information will not be used for any other purpose.
• We may on occasions use a courier service to delivery goods to you that you have ordered.

How and where is your information stored?
• We use Xero accountancy software and input your contact details, email address and the work
required so that invoices etc can be automatically generated.

Xero’s GDPR policy states:
Similar to many SaaS providers, Xero uses a top-tier, third-party data hosting provider (Amazon Web
Services) with servers located in the U.S., to host online and mobile services. For more information about
AWS’s approach to compliance with the GDPR, see https://aws.amazon.com/compliance/gdpr-center/.
Protecting our customers’ data is fundamental to everything we do.
To better understand our security practices, you can refer to our Security Pages:
www.xero.com/accounting-software/security
www.xero.com/about/security

Xero has also completed a SOC 2 Type 2 report. The report covers the Trust Services Principles and Criteria
for Security, Availability, and Confidentiality. SOC 2 audits are carried out by Ernst and Young, so it’s an
independent assessment of Xero’s control environment against an internationally recognised assurance
standard. You can request a copy of Xero’s SOC 2 report at www.xero.com/about/security/soc-report.

• We may occasionally use Mailchimp which is a marketing automation platform and an email
marketing service to contact you (our customers) by sending out Christmas newsletters, special
offers etc. The contact information is accessed by Elite Signs from Xero contacts and downloaded
onto our Mailchimp profile. Mailchimp’s privacy policy can be found:
https://mailchimp.com/legal/privacy/

• Hard copies of customer invoices are sometimes kept and these are stored in a secure
environment.
• Our IT systems are monitored and maintained by a specialist provider (ITCS), who provide onsite
and remote support and maintenance. Our current hardware is compliant with current security
standards and is maintained to ensure that antivirus solutions are updated daily, and software
and operating security updates are installed in accordance with best practice. Critical updates are
installed on next re-boot after release; other updates are installed within 14 days of release.

Access to your personal information
Under both the Data Protection Act 1988, and GDPR 2018, you are entitled to access any personal
information we may hold on you. In order for us to ensure that we do not release this information to
unauthorised individuals, we require that you make this request in writing and we may require
authentication before we release any personal information. Where the information we hold is found to
be inaccurate or incomplete, you are entitled to have this information corrected. You may also be
entitled to have any information we hold securely erased, however, we reserve the right to retain enough
information to comply with legal obligations and to provide legal defence in the event of disputes or
warranty claims.

Changes to this Privacy Notice
We may update the policy from time to time so please check this page occasionally to ensure that you
are happy with any changes.