Skip to content

Handling Your Data

Purpose 

Avidity ensures that data remains under the client's control and is not transferred, stored, or processed outside their environment. Below is a detailed data framework tailored to this requirement:

This policy applies to Avidity Marketing Limited. This policy also relates to all employees, including part-time, temporary, or employees on zero-hour contracts, volunteers and any third-party contractors and consultants, that handle and process Personal Data on behalf of the Avidity Marketing Limited. Please refer to Our Data Protection Framework Policy

Working with Your Data

  • Data Collection:
    • Data collection must be limited to what is necessary for the agreed-upon purpose.
    • Clients must be informed of what data is processed and accessed.
  • Data Storage:
    • Client data must be stored exclusively within the client's system or designated environment.
    • No backups or copies of client data may be created outside the client's environment.
  • Data Transfer:
    • No client data may be transferred outside the client's system unless explicitly authorised by the client in writing.
    • If authorized, data transfers must be encrypted and logged.
  • Data Processing:
    • All data processing must occur within the client's environment.
    • No third-party tools or services may be used to process client data unless approved by the client.
  • Data Deletion:
    • Upon the client's request, all client data must be permanently deleted from the client's system.
    • A certificate of deletion must be provided to the client upon completion.
  • Access Controls:
    • Implement role-based access controls (RBAC) to restrict access to client data.
    • Use multi-factor authentication (MFA) where applicable for all accounts with access to client data.

Core Principles

  • Data Residency:
    • Client data must remain within the client's system or designated environment at all times.
    • No client data may be transferred, copied, or stored on external systems, including cloud services, third-party servers, or employee devices.
  • Data Access:
    • Access to client data is restricted to authorised personnel only.
    • Access must be granted on a need-to-know basis and logged for audit purposes.
  • Data Processing:
    • All data processing must occur within the client's system or environment.
    • No data processing may occur on external systems or devices unless explicitly authorised by the client in writing.
    • If data is processed on an external system, for testing purposed by way of example, all elements of the data will be permanently deleted.  
  • Data Security:
    • Robust security measures must be implemented to protect client data from unauthorised access, breaches, or leaks.
  • Compliance:
      • The policy must comply with applicable data protection laws and regulations (e.g., GDPR, DPJL, etc).

Avidity Marketing Limited is a data processor and does not store or house any of our clients business data outside of your infrastructure.  Our Data Protection Framework sets out the requirements and compliance with Article 20 Data Protection (Jersey) Law 2018. 

Jersey Office of the Information Commissioner:

Data ControllerR / Processor:  Avidity Marketing Limited 

Registration No:   101422 

Expiry Date:   31/12/2025