This may well be the size of the cup of tea I’m going to need by the time I’ve finished going through all of the new GDPR regulations!
You’re most likely to have heard about this via a sudden influx of emails asking you to re-subscribe to mailing lists in order to confirm that you give permission to keep receiving messages. Basically it’s to do with consent, privacy, and what I can and can’t do with your data.
I don’t have a mailing list (yet), so I didn’t know that the Privacy & Electronic Communications Regulations states that specific consent is not required if you are sending an email to a customer who has previously purchased a similar product. So if you have ever bought a dress from me, I could add you to an email list of Existing Customers, and have automatic permission to send you marketing emails. I would like to state for the record that I DO NOT DO THIS, and I WILL NOT DO THIS even when I do set up my mailing list, because it doesn't seem like a good fit for the way this little business works. But it does explain the messages from email lists which I didn’t subscribe to in the first place, to which I have happily said goodbye!
But anyway. That’s not the point.
The point is:
you have the right to know what data I hold about you, you have the right to see that data, and you have to right to ask me to delete it, insofar as doing so is within my power.
There is a Proper Legal Version, in the form of my updated website privacy and cookies policy, if you’re feeling as though you might need some help nodding off to sleep quite soon.
The short version is this:
Your data includes:
- Your name, address, and phone number.
These are required for the purpose of fulfilling the contract between us, which is that you pay for a dress and I use this information to send it to you.
- Your name, or pseudonym, if you give it on a blog comment.
You are also required to give your email address when you leave a blog comment, but I’m not sure why. I never see it, so it cannot be used to add you to any sort of email list.
- Your photographs, of yourself and/or your children.
These are freely given with your consent - I never copy your images from social media, or use images that have been emailed to me, without asking you first. I may edit them, usually to add a caption, or to crop to a certain format. I will usually use just a first name to identify the person in the photograph, or occasionally a rough location, such as a country or a county, if that information is relevant.
Please bear in mind that photographs on the internet are public property.
If you withdraw consent for me to use your photographs, which you are welcome to do at any time, I will of course delete them from my website, blog and social media sites. However I do not have the capacity to remove instances of these images which may have been downloaded, copied or shared by a third party.
This is particularly important to be aware of if you are sending me photographs of your children.
Other data collected by the website itself, or by third parties, are payment details and Cookies. I do not have direct access to either of these types of data.
All of my payments are currently processed by PayPal so I never see your payment information, whether you’re checking out through the shopping cart or paying instalments on a flexible invoice.
Cookies are used for two reasons:
- to ensure the functioning of the website
For example, you might put an item into the shopping cart, wander off for another browse around the site, and when you come back to the cart your original item will still be there waiting for you. They also ensure that your customer account, if you choose to set one up, knows who you are when you log into it.
- to analyse the use of the website
Google Analytics gathers information about website use by means of cookies. The information gathered relating to this website is used to create reports about its use. The data gathered may include information about your location, or the type of device you are using to access the internet, but it cannot be used to identify a specific individual. These details help me to understand who is using my website, and how I can improve it in the future.
You can check out more information about what all of this means, including links to PayPal and Google's own privacy policies, in the updated website privacy and cookies policy.
If you’ve read all of that, thank you, and well done!
I still have a fair bit of work to do behind the scenes, in terms of paperwork to justify why I need to use all of this data (mainly because my website doesn't work without it!), but this is the only thing you really need to be aware of.
Now, is it time for that nice big cup of tea...?