Wednesday, 23 May 2018

General Data Protection Regulations (GDPR) - Privacy Policy.

Readers will have been bombarded recently by emails from many - some long-forgotten - businesses about GDPR and about how well they look after your personal data.  This is often subsumed into a new Privacy Policy.  

And this applies to businesses worldwide who have any dealings with customers in the European Union.  Some ask you to sign up to continue receiving communications, others simply tell you about the new rules and what they are doing to comply.

Long term readers and customers will remember when we used to send occasional emails about Great Britain news and what we were planning to do, what we had or would soon add to our shop.  It was a way of assessing interest before we produced (for example) first day covers, and giving regulars a head-start when we added unusual and desirable items for sale.  We also originally intended to tell everybody who downloaded our Machin Checklist when a new edition was available.

Sadly this became more and more difficult as our mass emails (to many hundreds of addressees) were identified by some ISPs as spam.  You will sometimes find a genuine email has been sent to your spam or junk folder, and wonder why: that is the reason.  [What I don't understand is how Gmail can sidetrack Google News Alerts to the spam folder, but that is an odd diversion.]

So I stopped sending those emails, and as the blog became more popular it became the goto place for regular readers and especially customers to find out what was going on.

So we won't be writing to anybody asking for permission to keep sending marketing emails, simply because we don't send any at all.  Your personal data - email address and name (if attached) especially - is stored at Google's mail servers and we rely on them to hold it securely. Emails are also stored on computers here in the office, so - as we receive an email of every order placed in our shop - are details on those orders: name, address, email address and what you have bought.  Telephone numbers are usually deleted.  The computers have passwords, and we lock the doors when we leave: what more can we do?

All payment details are held by PayPal: none of the card or bank detail that you type into the PayPal interface when you buy from us is communicated to us, and so that is covered by PayPal's security and privacy policies.

GDPR is, of course, mainly targetted at the big boys, in all forms of business.  I did read on a stamp forum recently that although the writer has emails about this from his bank, credit card co, ISP, phone co, and other mailing lists that he had signed up to, he had had nothing from any of the big stamp auction houses, so not everybody is keeping up with the rules.

We've done what we think is necessary, and updated our Privacy Policy with the help of our eCommerce-platform host, Freewebstore.  You can see it on a permanent page linked in the right-hand panel, so if you ever want to check after this post has dropped way down the list, Privacy Policy will always be there.

As for your personal data, on the shop only you can change it so if there is anything there that you want to change, you are the person to do it.  If you want old emails to be deleted, just let us know, by private email.  Like many people I have emails going back 20 years. (Thank you to those who are still with us!)

I'm happy to hear from any real experts on this to let me know if they think there is anything missing, or misleading (or just plain typos!). 

1 comment:

  1. Why don't you start a mailchimp mailing list? That works well and people give consent by filling in their own email. The new GDPR is aimed at big companies with large databases who don't have their security in order, not for small mailing lists. Under the 1998 Data Protection Act (or whatever is was called) it was already mandatory to have people's permission to send them emails. In that department nothing has changed.

    ReplyDelete