Privacy Policy
The EU General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) will apply from 25 May 2018, when it supersedes the UK Data Protection Act 1998 (DPA). The new law brings a 21st century approach to data protection. It expands the rights of individuals to control how their personal data is collected and processed, and places a range of new obligations on organisations and business’ to be more accountable for data protection.
Deadline for compliance: 25th May 2018
The business benefits of the GDPR:
UK organisations handling personal data will still need to comply with the GDPR, regardless of Brexit. The GDPR will come into force before the UK leaves the EU, and the government has confirmed that the Regulation will apply.
- Build customer trust
- Improve brand image and reputation
- Improve data governance
- Improve information security
- Improve competitive advantage
Personal data:
- Name
- Address
- Email address
- Photo
- IP address
- Location data
- Online behaviour (cookies)
- Profiling and analytics data
Data protection principles
Personal data must be processed according to the six data protection principles:
- Processed lawfully, fairly and transparently.
- Collected only for specific legitimate purposes.
- Adequate, relevant and limited to what is necessary.
- Must be accurate and kept up to date.
- Stored only as long as is necessary.
- Ensure appropriate security, integrity and confidentiality.
Little Green Tree only stores customer data for as long as it’s needed, which means once an order is complete the messages are deleted. Little Green Tree does not print any information on any customers, and solely works from inbox.
Little Green Tree does not share or screenshot any messages unless under the circumstances detailed below:
Little Green Tree does however screenshot the address screen from Paypal and shares this direct with customers. This is to ensure the correct address and to confirm with the customer that payment has been received. Every day photos are deleted that aren’t needed, which includes all the screenshots of customer address’. The “deleted” photo album is also swept regularly and then customer data is permanently erased.
Accountability and governance
Be able to demonstrate compliance with the GDPR.
Little Green Tree demonstrates this by deleting all data compiled from customers, through the use of messaging the Little Green Tree inbox folder, by deleting the message once the customer order is complete.
Customers pay using Paypal – Paypal have assured all business users they too are GDPR compliant and storage of customer data is kept to a minimum and not shared with any other third party.
Lawful processing
Identify and document the lawful basis for any processing of personal data.
The lawful bases are:
- Direct consent from the individual
- The necessity to perform a contract
- Protecting the vital interests of the individual
- The legal obligations of the organisation
- Necessity for the public interest
- The legitimate interests of the organisation.
By contacting Little Green Tree you are giving direct consent that Little Green Tree can store your personal data until the order is complete. If a customer just wants to ask a question please be assured once the conversation is finished all messages will be deleted. Little Green Tree does not store any messages that are not active.
PCI compliance*
What is PCI DSS and who needs to comply? (Payment Card Industry Data Security Standard)
Consumers are becoming increasingly aware of the dangers of identity theft and PCI compliance shows that a business has secure procedures in place that keeps customer payment information safe and secure.
Payment Card Industry Data Security Standard (PCI DSS) is a set of 12 requirements that all businesses who handle credit or debit card payments must comply with. It provides a “minimum security standard”.
As a merchant (business) accepting card payments, the business are required to comply with PCI DSS. As a service provider, PayPal is also required to comply with PCI DSS. Little Green Tree uses a service provider. (PayPal, whom are PCI DSS compliant).
If you have any questions or queries regarding our Privacy Policy then please get in touch.