What is GDPR?
GDPR stands for “The General Data Protection Regulation” and is a privacy law from the European Union which applies from May 25, 2018.
What activities are covered by the GDPR?
The GDPR applies to the processing of personal data.
Processing is a fancy word for, “doing anything with data”.
Only applies to personal data which is anything that is associated with, or related to, someone who is identified or who can be identified.
Identified includes: names, email addresses, physical addresses, and most people agree it includes IP addresses and other info collected automatically.
Also includes any type of processing and information collected automatically, through an opt-in or any other collection method. (ex: surveys, quizzes, etc.), or through tagging or segmenting in a CRM database.
6 principles of the GDPR
#1: Data shall be processed “lawfully, fairly, and in a transparent manner.”
We have to be upfront about what we are collecting the data for.
#2: Data shall be “collected for specified, explicit and legitimate purposes.”
We can’t collect data without explaining how we are using it, and those purposes have to be legitimate.
#3: Data processing shall be “limited to what is necessary” for the purpose.
We may only collect the minimum amount of data for the purpose we are collecting it for. Once we have collected the necessary data, we can only use it for its intended purpose.
#4: Data shall be accurate, kept up to date, and corrected.
Doesn’t really apply to us. This is more for the Google and Facebooks of the world.
#5: Data shall be kept so it identifies a person “no longer than is necessary.”
We should not keep data about people forever if there is no reason to keep it.
#6: Data shall be “processed in a manner that ensures appropriate security.”
We have to take reasonable steps to protect the data.
Why Do We Collect Your Information
As a client we want to be able to keep in touch with you which is why we collect your phone number and email address. This information will only be used so we can keep in touch with you about your event or events in your venue if this applies. We may also send very limited email offers, reminders, and keep in touch so we can retain your custom.
We have to keep records for tax purposes for a number of years after your booking. Your data will not be kept beyond this obligation
Your data is secure and accessible by only myself. We do not keep any hard copies of your data beyond each booking being completed.
What Information Do We Keep
We keep your personal information, for example your name , address, email address, telephone number and any details about your event. We may have some images taken at your event which may be used on our website or social media.
What Are Your Rights?
The GDPR includes the following rights for individuals:
the right to be informed
the right of access
the right to rectification
the right to erasure
the right to restrict processing
the right to data portability
the right to object
the right not to be subject to automated decision-making including profiling.
If you would like to know what data we hold on you we are happy to oblige. Simply make a Subject Access Request (SAR) by email.
Data Protection Officer I, Deryck Obray, am the named Data Protection Officer for Pebbles Face Painters. My contact details are available at the foot of our Contact Us page. We, at Pebbles Face Painters, take your privacy seriously and fully comply with GDPR laws. We WILL NOT use any information you provide for any other purpose than for the preparation and completion of your event or to satisfy contractual, legal or tax obligations. Your details WILL NOT be sold or shared with any third party. For more information on GDPR please visit the GDPR website.