What is GDPR?
General Data Protection Regulation (GDPR) is a new European law to update the Data Protection Act 1998 to incorporate the digital world. Your customers need to be able to trust you to look after and use their personal data properly and safely. Knowing they can trust you is good for your business. The new law comes into affect on May 25th 2018 and if you live in UK/Europe or sell to customers within these countries you are legally bound to adhere to the regulations. More information can be found on the Information Commissioners Office (ICO) website.
Disclaimer: Please note this pack has been compiled following extensive research into the rules regarding GDPR. However, please do your own research as contributors to this pack are not legally trained.
What do I need to do?
- Do an audit of when and how you use/store personal information
- If you have a mailing list you may need to ask everyone to re-subscribe to your list before 25th May 2018 to enable you to continue sending them marketing emails, unless it was made explicitly clear to your customers they were signing up to receive marketing emails from you and you have a record of that. For more information read the GDPR info from MailChimp. You will also need to ensure your method of subscribing new members to your list is GDPR compliant
The following will be relevant for all Crafties
(simply copy and paste and change the text in green to personalise):
1.0 OUR CORE BELIEFS REGARDING USER PRIVACY AND DATA PROTECTION
User privacy and data protection are human rights.
We have a duty of care to the people within our data.
Data is a liability, it should only be collected and processed when absolutely necessary.
We loathe spam as much as you do!
We will never sell, rent or otherwise distribute or make public your personal information.
2.0 RELEVANT LEGISLATION
We comply with the following national and international legislation with regards to data protection and user privacy:
UK Data Protection Act 1988 (DPA)
EU Data Protection Directive 1995 (DPD)
EU General Data Protection Regulation 2018 (GDPR)
3.0 PERSONAL INFORMATION I COLLECT AND WHY I COLLECT IT
3.1 Order Processing
When you place an order via my shop on ConsciousCrafties.com, I receive only the required information in order to process your order (your name, address and email). I do not receive any card or bank details.
4.0 HOW I USE THE INFORMATION
The information you provide is used to fulfil your order on a ‘contract’ basis and is only used for the purpose of communicating with you regarding your purchase and for delivery of your items. Your personal information will not be added to my mailing list and you will not be contacted for marketing or advertising purposes unless you request me to do so.
5.0 SHARING WITH THIRD PARTIES
We will NEVER sell or rent your personal data. To process your order and to fulfil your contract with us, your information is shared with third parties for the purpose of delivery (Royal Mail and courier services). Insert this line if you have a mailing list: We use a third party to process personal data on our behalf if you have chosen to subscribe to our newsletter.
It may be shared for compliance with legal, regulatory and law enforcement requests as appropriate and necessary. I will endeavour to notify you of any such requests. I am not responsible for how these third parties process your data, please visit their websites to read their privacy policies.
6.0 HOW I SECURE, STORE AND RETAIN DATA
We use Conscious Crafties website to trade and complete your purchase. Your data is secured, stored and retained by Conscious Crafties to complete your purchase. We do not hold hard copies of your data and any data collected is held only as long as is necessary to carry out your order and to maintain adequate and accurate business and financial records (7 years).
7.0 HOW YOU CAN ACCESS, UPDATE OR DELETE INFORMATION HELD ABOUT YOU
You have the right to access, update or ask us to delete your personal information. Please email our Data Controller found in section 9.0 below. We are obliged by law to provide this service within 30 calendar days of your request free of charge. However, we have the right to refuse or charge for requests that are manifestly unfounded or excessive and repetitive.
8.0 DATA BREACHES
We will report any unlawful data breach to any and all relevant persons and authorities within 72 hours of the breach, if it is apparent that personal data stored in an identifiable manner has been stolen. If you feel your data has been compromised you have a right to contact the Information Commissioners Office (ICO).
9.0 DATA CONTROLLER
Our data controller is insert shop name here
Whose registered and operating office is:
Insert address here
Email: Insert email address here
If you have a Mailing List:
Please note: You will need to ask everyone on your mailing list to re-subscribe to your list before 25th May 2018 to enable you to continue sending them marketing emails, unless it was made explicitly clear to your customers they were signing up to receive marketing emails from you and you have a record of that. For more information read the GDPR info from MailChimp.
You will only be added to our mailing list if you ‘consent’ to receive news and marketing emails from us. If you choose to join our email newsletter, the email address that you submit to us will be forwarded to MailChimp or insert your campaign manager platform here who provide us with email marketing services. We consider MailChimp or insert your campaign manager platform here to be a third party data processor (see section 5.0). The email address that you submit for purposes of newsletter sign up, will not be stored as hard copy or in any of our internal computer systems and will never be shared. Your email address will remain within MailChimp’s database for as long as we continue to use MailChimp’s services for email marketing or until you specifically request removal from the list. You can do this by easily unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via email. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list. We will also periodically check with you that you still want to hear form us. If you are under 16 years of age you MUST obtain parental consent before joining our email newsletter. While your email address remains within the MailChimp or insert your campaign manager platform here database, you will receive periodic (approximately one per month insert your own frequency here) newsletter style emails from us.
If you sell at Craft Fairs
If you visit the craft fair I am attending you may be recorded on CCTV if the location has this in operation. If you purchase from me using cash and collect your item on the day, no personal information will be collected or stored. For made-to-order items that can’t be collected on the day, I will need to ask you for your name and address in order to deliver your order. If I’m unable to hand deliver your item, I would need to pass your name and address to a third party (eg Royal Mail or Courier) in order for them to deliver your parcel.
If you have your own Website (copy and paste only the information that is relevant):
PERSONAL INFORMATION THIS WEBSITE COLLECTS AND WHY WE COLLECT IT
This website collects and uses personal information for the following reasons:
If you create an account on our website, we may need to collect personal information such as name, address, phone number and email. You may review, change, or remove this information through your account settings. You need to provide this information to enable us to provide you with the Services, for example if you purchase though our website we would need a physical postal address in order for us to deliver your parcel. Other website visitors may see ratings and reviews for items you purchased or sold and be able to view your profile name.
Site Visitation Tracking
This website may collect information (already held in the public domain) attributed to the IP address of the computer or device that is being used to access it. The information is supplied to us from insert link to website of your security software. The system does not use your IP address to identify you, the individual, in any way. No cookies are used. Insert name of your security software service is used to protect our website from malicious IP addresses and keep your information safe.
Should you choose to add a comment to any posts that we have published on our blog, the name and email address you enter with your comment will be saved to this website’s database, along with your computer’s IP address and the time and date that you submitted the comment. This information is only used to identify you as a contributor to the comment section of the respective blog post and is not passed on to any of the third party data processors. Only your name will be shown on the public facing website, although if the supplied email address is linked to a Gravatar account, your Gravatar photo will also be displayed. Your comment and it’s associated personal data will remain on this site until we see fit to either 1.) remove the comment or 2.) remove the blog post. Should you wish to have the comment and it’s associated personal data deleted, please email us on insert your email address here using the email address that you commented with. If you are under 16 years of age you MUST obtain parental consent before posting a comment on our blog.
NOTE: You should avoid entering personally identifiable information to the actual comment field of any blog post comments that you submit on this website.
Contact forms and email links
Should you choose to contact us using the contact form on our Contact Us page or an email, none of the data that you supply will be passed to / be processed by any of the third party data processors defined in section 5.0. We would suggest you always consider email as an insecure medium and not include personal, confidential or otherwise sensitive information within an email. Your data will only be held for as long as necessary in order to communicate with you and respond to your request.
Contributors: Karen with help from Sonia Green and Rosemary Ladeji (thank you for kindly offering your own example privacy policies)
Conscious Crafties Data Protection Registration Ref: ZA270303
4,030 total views, 1 views today