General Data Protection Regulation (GDPR)

What is GDPR?

EU's General Data Protection Regulation (GDPR) is a change in Data Protection and Privacy laws. The EU has realised that as technology has evolved dramatically in the last 20 years, privacy laws have not. In 2016, EU regulatory bodies decided to update the current Data Protection Directive to suit the changing times. This law creates a comprehensive list of regulations that govern the processing of EU residents’ personal data.

Introduction

The European Union has taken a monumental step in protecting the fundamental right to privacy for every EU resident with the General Data Protection Regulation (GDPR) which will be effective from May 25, 2018. EU residents now have a greater say over what, how, why, where, and when their personal data is used, processed, or disposed. This rule clarifies how the EU personal data laws apply even beyond the borders of the EU. Any organisation that works with EU residents' personal data in any manner, irrespective of location, has obligations to protect the data. The Cosy Bedding Company  is well aware of its role in providing the right tools and processes to support its users and customers meet their GDPR mandates.

The Cosy Bedding Company's Commitment

At The Cosy Bedding Company, we have always maintained our users' right to data privacy. We recognise that the GDPR will help all businesses move towards the highest standards of operations in protecting customer data and we fully embrace this move.  All system design is now considered for compliance with both the letter and the spirit of the GDPR regulation.

What data is passed to The Cosy Bedding Company from selling channels such as Amazon or eBay?

When a sale happens on a channel we download the buyer contact details (which includes name, address, provided telephone numbers and email address), the delivery address, contact details and details of the order and subsequent payment amount. We do not ever handle credit or debit card information and are not party to any data that would expose the buyer to any financial risk.

What data does The Cosy Bedding Company store?

We have where possible stopped storing data that we don’t require to maintain the minimum legal requirements. For example, we produces invoices and have a requirement to maintain a minimum of 6 years data to comply with HMRC regulations, so we have to keep the data for each sale. This only includes name, address, email, contact number and price of products purchased. We never store any financial data. 

Does The Cosy Bedding Company store store sensitive data?

No, sale data does not contain any sensitive data such as health, race, ethnic origin, religious beliefs, trade union membership, genetics or sexual orientation. 

Does The Cosy Bedding Company pass customers data to 3rd parties?

We share delivery information with 3rd parties such as couriers for the purpose of processing an order through the system and obtaining shipping labels.  We never share information for marketing purposes on our behalf. We do not use any third-party marketing services.

Do The Cosy Bedding Company keep records of processing?

We maintain the data for the order and accounts transactions for at least 6 years due to our legal obligation for HMRC record keeping. We remove data for address labels after three weeks to reprint labels if needed. We can regenerate a new label after this time.  

Who are Cloud Commerce Pro?

all our selling channels and online systems are run through a company called Cloud Commerce Pro, they host and manage all our online sales and Customer information. 

Cloud Commerce Pro’s Breach of Data Policy

In line with GDPR Cloud Commerce Pro  have a duty to report a data breach to the regulator as soon as they are aware of it. The regulator in the UK where the head office of Cloud Commerce Pro Ltd is based , is the Information Commissions Office. https://ico.org.uk/

How do we store data?

Wherever possible Cloud Commerce Pro encrypt data with secret keys and take all reasonable steps to ensure data access is kept to a minimum.

Do we review our processes?

We always constantly review our processes and take regular opportunities to adopt new best practices. We believe that our obligations to meet GDPR regulations for storage and processing of our customers and user data was already met by Cloud Commerce Pro’s internal policies that pre-date GDPR. We constantly keep this under review.

Do we allow data to be used for email marketing?

No. Only The Cosy Bedding Company will use customers data for email marketing purposes through Mailchimp, but only with the recipient’s explicit consent.

Where do Cloud Commerce Pro store data?

We store all data in our partner’s highly secure data centres in Glasgow and London.  Our partner Iomart is one of Europe’s leading data centre specialists and you can read their GDPR information here https://www.iomart.com/secure/data-protection/

 

Parts of this policy are adopted from our online system host (Cloud Commerce Pro LTD) and adhered to by The Cosy Bedding Company.

if you have any questions regarding GDPR please forward them to sales@cosybedding.co.uk

Many Thanks 

The Cosy Bedding Company