Our company has a list of all types of personal information it holds. It is name, surname, address, phone number and email address.
The source of that information is from the customer.
Who do we share it with? We do share information with courier company XDP Express and hosting provider.
What do we do with it? The reason for data processing is fulfilment of a contract.
How long do we will keep it? We keep it till the contract ends or order is fulfilled.
The personal information is kept at Mysql database.
ACCOUNTABILITY & MANAGEMENT
Our company has appointed a Data Protection Officer (DPO).
This person has knowledge of GDPR guidelines as well as knowledge about the internal processes that involve personal information.
We make sure key people and decision makers have up-to-date knowledge about the data protection legislation.
We make sure our technical security is up to date.
We do train staff to be aware of data protection.
A lot of security vulnerabilities involve cooperation of an unwitting person with access to internal systems. We make sure our employees are aware of these risks.
Our business does not operate outside UK.
Personal data breaches are reported within 72 hours to the local authority. We report what data has been lost, what the consequences are and what countermeasures you have taken. Unless the data leaked was encrypted, we also report the breach to the person (data subject) whose data we lost.
There is a contract in place with any data processors that we share data with.
Our customers can easily request access to their personal information by email or phone.
Our customers can easily update their own personal information to keep it accurate by email or phone.
We automatically delete data that our business no longer has any use for.
Our customers can easily request deletion of their personal data by email or phone.
Our customers can easily request that we stop processing their data by email or phone.
Our customers can easily request that their data be delivered to themselves or a 3rd party by email or phone.
We will ask consent when we start processing a person's information.
We regularly review policies for changes, effectiveness, changes in handling of data and changes to the state of affairs of other countries your data flows to.
We meet The Payment Card Industry Data Security Standards for all cards payment done by phone or by person in our shop.