What the GDPR is GDPR? Bare Conductive explain GDPR data protection
As many of you know, the General Data Protection Regulation (GDPR) comes into force on 25th May 2018. We wanted to update everyone on what we are doing at Bare Conductive to ensure we’re compliant.
I’m sure you are bored of hearing about it but GDPR is quite a good update to the existing Data Protection Directive 95/46/EC. If you have no idea what it is all about then there is a good overview in this BBC News article.
What is GDPR?
GDPR data protection means that EU citizens have the right to know how their data is being used by companies. It also gives them more control over what data is being used:
"The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy."
More information can be found here https://www.eugdpr.org/
Why does data privacy matter?
Imagine you are walking down the street and pass your favourite pizza restaurant. They have an advert outside telling you that if you download their app to sign up to their newsletter, you can get a free pizza. You download the app, sign up and immediately receive your free pizza.
This interaction seems very clear, as you gave your consent for them to access your data by downloading the app and signing up. In return for the free pizza, they will send you information about pizza offers through the app. The restaurant’s app contains location tracking and they are tracking your movements as you leave the restaurant to go shopping. As you did not give them consent to use your location data, this is not permitted under GDPR data protection.
What is my Data?
GDPR data protection regulations define your data as the following:
"Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address."
What Data covered by GDPR data protection does Bare Conductive collect?
We have a few scenarios where we collect your data to help process your order, or to help us find ways to improve the service that we offer you:
Visiting our website
Bare Conductive use website cookies to anonymously track your use of our website. We use this information to understand what content people like reading. Cookie-powered analytics can help us improve features such as the checkout experience on the site. Cookies also make sure we only show you a pop-up notification with an offer once whilst you’re browsing. In this way, cookies help our website function correctly for you.
We collect your email, phone number, billing and shipping address. We use this information to communicate with you about the status of your order and to send your products to you. This information is securely passed to our fulfilment partner James and James so they can send you your order. They only process your data as it relates to the processing and shipping of your order, you can read their T&C’s here.
We store this data as it relates to your order details in our stock management and accounting software. This is encrypted. We do not share or sell your data to any other third party.
We may collect and store images that have been emailed to us or posted on social media. We only post images or video of your projects on our website or social media channels with your consent.
If you sign up to our newsletter, we collect your name and email address. Bare Conductive use this to send you news about the company, new product launches, sales and discounts. We do not sell our lists or buy lists from third-party providers. We only add you to our newsletter with your active consent. To join, you must check a box to opt-in rather than to opt-out or you must complete a form on our website. If we meet you at a conference or trade show, you can consent in person at the event.
At the time of writing, we have a few subscribers who were added prior to us using Mailchimp as our newsletter provider. We cannot be certain how these subscribers joined, so we’ll ask each of them if they would like to remain on our lists.
Other services we use to process your data include:
- Stripe – to process your payment information if you choose to pay using Stripe when ordering from us.
- PayPal – to process your payment information if you choose to pay using PayPal when ordering from us.
- Google Analytics – anonymous data helps us understand how people use our site and finds ways to improve it for you.
- Facebook – we communicate and share content that you share with us.
- Twitter – we communicate and share content that you share with us
- Instagram – we communicate and share content that you share with us
- MailChimp – we use this to send our newsletters and manage our subscriber lists.
- Zendesk – we use this to organise the email enquiries we receive.
If you have any questions or would like your data to be removed from any of our systems we would be more than happy to do so just email us at firstname.lastname@example.org
Why am I getting lots of emails about GDPR?
The new law states that we can only collect data if the owner of that data has given their explicit consent. At this time there is still lots of debate about what explicit consent actually is. For some companies it was standard practice to ‘trick’ people into signing up to newsletters by requiring people to uncheck a box to opt-out. Some would automatically add a customer’s email address and leave it to them to unsubscribe later. We decided a long time ago that that wasn’t how we wanted to behave and our mailing list has been opt-in since that time.
What happens now
Now you must actively check the box to be added, or voluntarily enter your details into a newsletter subscription form. Organisations must go back and ask all the people who they did not get explicit consent from if they still want to remain on their lists. Some of our oldest newsletter members have been with us for so long that we can’t prove if they originally opted-in. If that’s you, you’ll receive an email so you can opt-in.
This is a good opportunity to ensure that everyone on our list is still wants to hear from us, even if you previously did sign up to get Bare Conductive content. There is not much point in sending you information that you have no interest in reading!
What else is Bare Conductive doing?
We take data security and protection very seriously, and aim that all our systems for storing or processing data use encryption and remain secure. If after May 25th we do not have proof of a person’s permission to use their data, e.g. to send newsletters, we won’t. We’ll update our procedures and policies to be open and transparent about how your data is being used. We ensure that the suppliers we work with stay compliant.
If there is something we’ve missed or if that leaves you with any unanswered questions then please let us know via email@example.com.