(GDPR) came into force on 25th May 2018. As I hold personal data about my clients (i.e. names, addresses, phone numbers) I am considered to be a data controller and a data processor under the regulations. I am therefore required to comply with the principles of the GDPR and ensure that your data is held securely, is not processed in a manner that is incompatible with the reason for which it was collected, is kept up to date.

I can confirm that:

·all my clients' personal data are securely held in a locked cabinet that only I have access too.

·my mobile phone is secured by a pass code to prevent unauthorised access to clients' phone details

·I will never pass client details to a third party

·Any non-returning client's details will be destroyed within 2 years of the last job.

With immediate effect, I will be asking you to sign a copy of this statement to ensure you agree to this information being held.