Baphomart Help Centre

Find the answers to your questions.

If you cannot find answer then contact support.

Looking after Customer Data

The General Data Protection Regulation (GDPR) is a European-wide law that replaces the Data Protection Act 1998 in the UK.

It came into force on 25th May 2018 and applies to all businesses operating in the EU that process personal data.

If you have have an online shop selling goods within the UK or to the EU, you collect and process personal data (such as a customer’s name, email address and postal address), which means the GDPR applies to you.

So whether you are a sole trader, a limited company or just a hobbyist just selling a few of your products online, you must comply with the regulations.

You can contact your customer about issues related to their order but you must not contact them about anything else, send them marking information or add them to any mailing list unless they have opted-in to any further communication (through any channel – phone, mail or electronic).

Understanding What Data You Have And Where It Is Stored

As an online seller, the personal data you collect will probably be: Customer’s name, Customer’s postal address, Customer’s email, Customer’s username on Baphomart, Recipient’s name (if applicable), Recipient’s postal address (if applicable).

Making Sure Any Personal Data You Store Is Secure

You have a responsibility to make sure the data you collect is safe – both online and offline.

Only using personal data for the specific purpose you have collected it for.

In the case of a purchase, that would be: delivering the item(s), emailing confirmation of the order, emailing the customer with delivery details for that order, and storing for your financial records.

You must not use the personal data you have gained from that order for any other purpose or use that data to contact them about anything unrelated to that particular purchase.

Deleting Someone’s Personal Data If Requested

Under GDPR everyone has the right to be deleted from your records and database – this is known as the right to erasure or ‘the right to be forgotten’.

Individuals can make a request for erasure verbally or in writing.

You have one month to respond to a request. You will need to delete their data from all your records as well as any third-party service providers, such as your email service.

Read more here https://ico.org.uk/for-organisations/ guide-to-the-general-data-protection-regulation-gdpr/ individual-rights/right-to-erasure/

Paying the ICO Controller Charge fee – if required

Any business that processes data may need to pay the ICO a data protection fee (unless they are exempt).

This is also called a Controller Charge.

Check to see if you should be registered with the ICO here https://ico.org.uk/for-organisations/register/self- assessment/

Created On
byBaphomart
Tags:
Contents

Main Menu

Baphomart
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.