GDPR POLICY
Here at Doli Dwt we take pride in the work we do, and take the security of your personal data very seriously. This policy outlines what personal information we hold and how we use/store/process that data.
We are committed to working in line with the legal requirements of GDPR, and as a small company we personally only hold a small amount of information about you, our customers, that are necessary for us to respond to queries you send, and to complete and process your order. These may include your name, address, email and other information you share with us.
We do not have customer registration on our site.
The information we obtain is generally from when you have contacted and shared this personal information with us through:
• Doli Dwt website (contact page)
• Email
• Our Facebook Page/Facebook Messenger*
• Twitter*
• Instagram*
• Letter
• Etsy
Your data will be stored locally on our server, along with details of any resulting sales on our spreadsheets for sales records and tax information.
*If you contact us via social media, we will direct you to contact us by email. We do not take orders over social media. The initial contact/conversations will be stored within the relevant app/platform, but not transferred to anywhere else or be used for any reason by us at Doli Dwt. You may wish to refer to the privacy policy of the Social Media company (e.g. Facebook, Twitter), if relevant.
When you visit our website, we may process data about your use of the site (this is technically called “usage” data”). You can find out about how this data is handled in detail in our Website Privacy policy.
Doli Dwt will never send you bulk or unsolicited emails, commonly known as Spam.
Request of information
You have the following rights under Data Protection legislation. They won’t always apply in every circumstance – but we will explain it to you if you choose to exercise any of your rights.
• Right to access – you can request copies of any information we hold about you. Should you want a copy of this, please get in touch via the contact form or e mail and we will be more than happy to help. As we are a small 2 person team, please allow 7 days for our reply and to supply you with the information we hold on you.
• Right to rectification – If you believe we have any of you details wrong, you can ask us to correct them
• Right to Erasure – You can ask us to delete any information we hold about you. This will apply only when we do not have a legal basis to retain that information.
• Right to Restrict or Object to Processing – this is controlling exactly what data we hold – you can ask us to stop using certain data or stop carrying out certain processes with your data.
• The right to complain to a “Supervisory Authority” – an organisation that oversees Data Protection. This could be the Authority where you live, where you work – or the one for the UK, where we are based, which is the Information Commissioners Office.
Should you find any of the information we hold on you inaccurate, then please get in touch and inform us of this, we can then amend our records in alignment with your requirements; as follows:
Request to remove/edit information
Should you want your information removed from our database, again please contact us via email or the contact form, and we will be more than happy to delete your information. Please allow up to 14 days for us to delete your data from our records (i.e Photos, address, e mails, communications, social media), and for us to confirm by email that we have done so.
Retaining some information if you have been a customer
Please understand if you have made a purchase from Doli Dwt, for legal and HMRC Tax reasons we must keep a record of the sale, and your name, address and any receipts we have from the transaction for up to 6 years after we have filled the Tax Return for that financial year.
For more information please visit : https://www.gov.uk/self-employed-records/how-long-to-keep-your-records
Purge of information
Doli Dwt will purge all customer data 6 years after we have submitted details of the transactions to HMRC.
If you have not purchased anything from Doli Dwt, but may have contacted us, then we will purge all e mails and information we hold every 1 year from users / people who have enquired or been in contact but not become a customer. We keep this data for 1 year in case we following up on your initial enquiry in the hope of turning enquiries in to sales.
Categories
We will hold the following categories about you, and as such these are the categories we will be deleting if you request a purge of information.
Name
Address
E-Mail Address
E-Mail content
PayPal Account email address if used to pay us. (Please note Doli Dwt does not receive any of your payment account details. This is why we chose Paypal to process all our payments: for your security and privacy)
Social Media communications (held within the apps/platforms)
If you have submitted photos for a personalised order, these are deleted on a bi-anually basis in line with our own internal housekeeping/administration policies. If you would however like this particular information to be purged sooner, please request this as outlined above in the section titled “Request to remove/edit information.”
Security Breach Policy
Should our website or your data become compromised and any data is taken, we will contact you via email to confirm this. We will explain the steps taken to fix this breach and what we will be doing going forward to protect your data. This will also be logged in our Security breach documentation for our records.
Consent
By taking the steps to place an order (and so enter a contract between yourself and Doli Dwt), you are consenting for us to retain your personal information as outlined above, in line with this GDPR policy under legitimate interests, namely to enable us to fulfil your order/contract.
GDPR Moving Forward
Doli Dwt is still learning about GDPR and processing all the information we can, and duly trying to apply it it to our small business, as outlined in https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
and
https://ico.org.uk/media/for-organisations/documents/1624219/preparing-for-the-gdpr-12-steps.pdf
As such, we will review and update this policy in line with any changes in our business or data protection legislation.
This policy was last reviewed and updated on 19/7/19.
If you have any questions please get in touch with Doli Dwt via our contact form or email natalie@dolidwt.wales