The EU General Data Protection Regulation (GDPR) includes rules on giving privacy information to data subjects in Articles 12, 13 and 14. These are more detailed and specific than in the DPA (Data Protection Act) and place an emphasis on making privacy notices understandable and accessible. Old Forge Creations as Data controllers are expected to take ‘appropriate measures’.
To cover all these elements we have considered the following issues when planning this privacy notice:
What information is being collected?
Who is collecting it?
How is it collected?
Why is it being collected?
How will it be used?
Who will it be shared with?
What will be the effect of this on the individuals concerned?
Is the intended use likely to cause individuals to object or complain?
For Orders, Old Forge Creations will collect the item(s) ordered, your name, email address, delivery address, and where necessary for international delivery, telephone numbers. For Newsletter subscriptions, Old Forge Creations will collect your name and email address.
This information is collected when an order is placed and/or a subscription form is filled in.
This information is collected through the Squarespace website system used for oldforgecreations.co.uk and transferred to a Google Sheets document for record keeping.
The personal details I collect are used to process orders and deliver newsletter emails.
The order details are used to produce, package, and ship your order. The newsletter details are used to email you the newsletter.
The order details are only shared with a courier (typically Royal Mail or Parcel2Go) where necessary.
There should be no negative results of the sharing of this data. The couriers used are large respected companies who should keep their data secure, and will only use the data for the purpose for which it was provided.
If there are any concerns please contact me by e-mail to firstname.lastname@example.org or in writing to Old Forge Creations, 173 Stanstead Road, Caterham, Surrey, CR3 6AJ
In conclusion I confirm my policy on GDPR is robust and its sole aim is to reassure customers that data will be secure.
Data Security Best Practice for GDPR compliance:
Use unique, secure passwords for websites and devices containing sensitive data.
Password protect computers and devices with access to the data.
Use 2 factor authentication where possible.