The EU General Data Protection Regulation (“GDPR”) came into force across the European Union on 25th May 2018 and brought with it the most significant changes to data protection law in two decades. Based on privacy by design and taking a risk-based approach, the GDPR has been designed to meet the requirements of the digital age.
The 21st Century brings with it broader use of technology, new definitions of what constitutes personal date, and a vast increase in cross-border processing. The new Regulation aims to standardise date protection laws and processing across the EU; affording individuals stronger, more consistent rights to access and control their personal information.
We, Laura Kenrick and Tara Brown, are the founders and owners of Mouth Watering Travel. We are a partnership. Our contact email is email@example.com
We are both Data Controllers for Mouth Watering Travel which means we are the people responsible for keeping your information safe and secure, giving you access to it if you need it and disposing of your information if you ask us to or when a reasonable time period has elapsed.
PERSONAL DATA COLLECTION
This section explains the types of personal data we collect from you as well as how and why we use it. The types of personal data we collect fall into one of three categories:
a) when you like or follow one of our social media profiles – currently Facebook, Twitter or Instagram. Your online personal profiles become available for us to see. We do not pass on your profile information to any advertiser or promoter.
b) your personal information that you provide if you choose to purchase a product that we have offered. The information we will need to complete your purchase will include your name, your physical address and your email address. If you fall into this category, you will have initiated contact via social media messaging or via email.
c) We may occasionally run competitions where a prize is offered. In order to fulfil the terms of the competition, we may require your name, physical address and email address.
This information is collected from you so that we can take and fulfil an order/award prize whilst keeping you updated with its progress.
We will only collect the minimum amount of information required in order to be able to take and complete an order from you.
PERSONAL DATA ACCESS AND DISPOSAL
If for any reason you require access to the personal data that we hold about you, you are able to request this from us via email at firstname.lastname@example.org.
We will respond to your request and give you access to the personal data free of charge within a reasonable time frame.
If you would like to make a request to change or update any or all of the personal data that we hold about you, you are able to request this from us via email as above. We will respond to your request and make the requested charges and updates free of charge within a reasonable time frame.
If for any reason you wish for us to dispose of any or all personal data that we hold about you, you are able to request this from us via email as above. We will respond to your request and notify you that we will be deleting the data you have requested us to delete. This will be free of charge and will take place within a reasonable time frame.
The GDPR requires that personal data be held only for a reasonable amount of time. If you have placed an order, we will hold your personal data for 3 months after our last communication after which we will consider you to have received your order and to be satisfied with it. At this point, we will dispose of all your personal data. If you wish to order further products after this time, you may contact us and we will re-collect the relevant personal data from you at this time.
GDPR COMPLIANCE OF STAFF MEMBERS
We are a partnership and do not employ any other staff or contractors. In the event, that we do start employing staff, we will update this policy to include a training plan so that our staff are fully aware of GDPR and can act in compliance with the regulations.
SAFETY AND SECURITY
As the Data Controllers for Mouth Watering Travel, we are required to keep all your personal data safe and secure. Your data is stored on our social media sites if you have messaged us or on our email accounts if you have contacted us via email. All of the sites and email accounts are password protected. All devices used to access email and social media including phones, tablets and laptops are password protected or protected by fingerprint technology.
We do not keep any paper documentation.
In the case of any of our storage methods being stolen, breached or hacked, we will do the following within 72 hours of discovering the incident:
a) Notify the police if it is a physical theft or loss of a laptop, phone or tablet.
b) Notify Outlook (our email provider) if it is a case of email hacking.
c) In any of these cases, report the data theft, breach or hack to the ICO (Information Commissioner’s Office) which is the Regulator for the UK, if the incident has a high likelihood of severity of a resulting risk to the affected clients’ rights and freedoms.
d) In any of these cases, we would contact all of the clients whose personal data has been compromised and would provide advice in order to help them protect themselves of any effects of the breach.
e) In any of these cases, I would write up a report of the breach so it was fully documented.
If you feel your personal data has not been handled correctly or you are unhappy with any response we have made to you concerning the use of your personal data, you may contact the ICO (Information Commissioner’s Office), which is the Regulator for the UK.
GET IN TOUCH