- The General Data Protection Regulation (GDPR) came into force on 25 May 2018. This will form part of the Data Protection Act at a later date. There is a guide to the GDPR at: https://ico.org.uk
A brief summary is below.
There are Six Key Principles in the Regulation
- 1. Lawfulness, Fairness and Transparency.
- a. There must be a lawful reason (known as a basis) for holding and processing the information. The acceptable lawful bases are:
- (i). consent; (consent has been given by the person concerned);
- (ii). contract; (there is a legally enforceable contract between the person and the organisation;
- (iii). legal obligation; (there is a legal obligation for the person to provide the information);
- (iv). vital interest; (data processing is necessary to protect someone’s life eg transfer of medical record to a hospital);
- (v). public task; (data processing is necessary for judicial reasons or for exercising statutory, governmental or other public functions);
- (vi). legitimate interest; (data processing is necessary to achieve the organisation’s interest and this will not infringe the person’s interests, rights and freedoms. The GDPR states “the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest”
- b. The information must be used in the way described to those providing the information.
- c. The providers of the information must be told how the information will be processed and why.
- 2. Purpose Limitation
- Personal information collected for one purpose must not be used for another.
- 3. Data Minimisation
- The data collected should not be excessive in relation to the purpose for which it will be processed.
- 4. Accuracy
- The data should be accurate.
- 5. Storage Limitation
- The data should not be retained longer than is necessary
- 6. Integrity and Confidentiality
- The data should be stored in a way that provides appropriate security.
- The Regulation also Contains the Rights of Individuals.
- They can be summarised as:
- 1. The Right to be Informed:
- a. of details of the Data Controller and how that person can be contacted;
- a. of the lawful basis of the data processing;
- c. of who else will receive the information;
- d. of the retention period of the data;
- e. of the right to lodge a complaint with the Information Commissioner’s Office if they consider that the processing of their data infringes the Regulation;
- f. where the data was obtained if not from the individual;
- 2. The Right of Access
- On request, an organisation must tell an individual whether it is processing their data and if it is, provide access to that data.
- 3. The Right of Rectification
- On request, individuals have the right to have their data changed if it is inaccurate or incomplete.
- 4. The Right of Erasure
- On request, individuals have the right to have data removed, where:
- a. the personal data is no longer necessary for the original purpose for which it was obtained;
- b. the individual withdraws their consent (this applies only where the individual has given consent);
- c. the individual objects to the processing and there is no overriding legitimate interest for it to continue;
- d. the individual’s data has been unlawfully processed, in breach of the Regulation;
- e. the personal data has to be removed in order to comply with a legal obligation.
- 5. Customers can lodge a complaint with the Information Commissioner’s Office if they consider that the processing of their data infringes the Regulation.
- How Visions International Entertainment Ltd Processes Customers’ Data
- 1. The Data Controller is Kenneth Michael Carr. The Data Protection Officer is Ronald Carr. They can be contacted at: Visions International Ltd, 22 The Chase, Boreham, Chelmsford, CM3 3DY. Telephone 01245 465974.
- 2. The lawful basis for processing data is “legitimate interest”. The GDPR states that “the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest”. We do not seek or record data that is not necessary for this purpose.
- 3. The data processed in respect of members is: name; address; items ordered; date of last order; phone number if available; email address if available.
- 4. We do not keep a record of credit/debit card details. These are destroyed approximately four weeks after the transaction to which they relate, after allowing time for any queries to be identified and dealt with. Other order forms and customer correspondence is held securely and destroyed after 12 months. Customer details are removed from our systems five years after the last order.
- 5. We do not pass customers’ details to anyone outside Visions International Entertainment Ltd.
- 6. Customers can ask for details of the data held in their name and we will provide this. They can also ask us to remove individual items from our records which we will do unless the information is necessary for the running of our business.
- 7. Customers can ask us to remove all their details from our system and we will do this. This, of course, means that the customer will no longer receive our mailshots, giving details of forthcoming merchandise and events; special offers; etc.
PO Box 12562, Boreham
NEW ORDER HOTLINE: 01245 477344
Click on the logos for access
WELCOME TO THE HOME OF VISIONS
24 hr ORDER HOTLINE:
LATEST & FORTHCOMING RELEASES
(click on the covers for more details)