How New Data Protection Regulations Affect Our Customers
GDPR: the General Data Protection Regulation
This legislation from 2016 officially comes into force from 25th May, 2018 so we are working hard to implement it in good time.
GDPR is welcome because it adds clarity and security to the use of data, but it is also quite complex and we have trudged through it carefully in order to comply fully - we will welcome comments, questions and responses from you all.
The GDPR applies to all of Europe and gives specific rights to people with regard to their personal data, along with duties to those collecting and processing it as follows:
For those collecting data (us):
• The data must be collected lawfully and transparently.
• It must be used only for the reason stated for its collection.
• Data collection should be limited to that necessary data for the stated purpose.
• Data must be kept accurate and up to date.
• Data must only be stored as long as necessary for the purpose for which it was collected.
• Data security and integrity must be maintained.
Individuals providing data (you) have the following rights:
• The right to be informed of the data held
• The right of access to that data
• The right to rectification of any incorrect data
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object, and
• The right not to be subject to automated decision-making, including profiling.
This means that in future we will request explicit consent for the collection and holding of personal data and for processing it for specific purposes, as described below.
The information we hold about our customers is as follows: your name, postal address, landline and mobile telephone numbers (if you have provided them) and email address. We may also have your business name and other delivery addresses if you have them. All of this information is required in order for us to process orders.
This information is stored electronically by our website management system. The information is normally stored for five years, after which we will destroy it unless the customer is still active with us. We will delete information before this time if requested.
We do NOT collect or store bank details. Credit or debit card payment information is processed via a handheld processing unit. and the information is destroyed by us as soon as the payment is processed.
We do NOT sell or otherwise hand over any personal data to any third parties except as above for payment purposes or to Mailchimp for the purposes of newsletters or market research. We rely on the data security systems of these third parties and check this with them. We comply with the financial processing requirements for electronic payments, called PCI DSS.
We have updated our website and PrivacyPolicy to include compliance with GDPR. Everyone currently on our databases and mailing lists will continue to be so unless you wish to opt out please contact us and we will process your request.
After 25th May, we cannot automatically add any new contacts to mailing lists, so they will need to follow our instructions to subscribe directly to Mailchimp. Otherwise their data will be collected, stored and processed as described above for business purposes. Our staff are all trained to comply with GDPR and to use proper care and discretion with information they may receive from customers.