GDPR Privacy policy
Name/Title: The Scoop Villa
INFORMATION YOUR ORGANIZATION COLLECTS:
The following table shows the information you selected when filling out the privacy tool.
Type of Information | What you collect | Who collects it | For what reason | Who uses it | Stored by | Shared with |
Contact Information | Name | Website or IT support | Application forms | Website or IT support | Electronic File |
CONSENT PRACTICES
Consent is the freely given agreement to a particular thing being intended. It can manifest in two forms: either explicitly or implicitly. Consent is clearly expressed, either through spoken word or in written form. It is a diplomatic language that is unambiguous and needs no interpretation from the organization in need of consent. However, implied consent is when consent can reasonably be deduced from a person’s actions or lack of action.
EXPRESS CONSENT
You have mentioned that your organization is currently not at risk of gathering any sensitive or even potentially sensitive information. But, if the decision is made in the future to collect such information, it is always necessary to have express consent from your customers. This can be done by simply asking the user if there is any problem with you collecting and/or sharing of this information to other entities. An example could be asking a customer to sign a credit application form that clearly states that his or her information will be given to a credit reporting agency and that he or she is aware of this and gives consent to it. Wherever it is possible, get the express consent, predominantly when dealing with sensitive personal information.
IMPLIED CONSENT
At the moment, your organization has no data available that can be used for sales, credit approvals, special orders, deliveries, or returns. Nevertheless, if the process of gathering such information is proposed to be continued in the future, a concept of implied consent should be understood. Information that a customer gives for any of the mentioned activities is likely given with permission to collect data.
Remember:
Withholding a transaction which a customer denies agreement for the unnecessary information gathering is not acceptable.
If you plan to use this data for other purposes, you must obtain the consumer’s explicit consent once again.
OPT-OUT CONSENT
As for secondary reasons such as marketing, administration of customer loyalty programs, or customer relationship management, consumers should be assured their information is not being used without their permission. Opt-out experience should be simple, clear, and easily reachable by customers.
It can be done by an opt-out mechanism that could take the form of a checkbox on paper-based or online application forms, so that customers can indicate if they do not wish to get promotional materials through mail for instance. However, you need to let them know the benefits they can miss, for example, they will not be able to find out about a new product or special offer, yet it is very important not to explain, hide, or make the opt-out process complicated. Ensure that customer service is not hard to access, avoid requiring them to dial a certain phone number at a limited time. The goal is to enable consumers to control how their data is used.
SECURITY PLAN
Employee Access to Customer Data
When it comes to employees’ access to customer data it should be noted that your organization limits unnecessary data visibility for the employees. Such practice reduces the dangers of misuse or unintentional leakage.
Storage of Personal Data in Paper Format
With regards to the storage of personal data in paper files, now, the company has none of those types of documents. Yet if the time comes for this, it is vital to make sure the security of customer data is tightly secured. Think of using filing cabinets with locks, restricted areas, or the ones equipped with the alarm systems to ensure the maximum protection against the unauthorized access.
Storage of Personal Data in Electronic Format
You should pay more attention to security issues while storing electronic files which contain customer information like names.
Use computer passwords to limit access.
Install firewalls to prohibit unwanted access to the system.
Encode data files to safeguard confidential data from being breached.
Encrypted personal data transmitted over the Internet by email or via web forms.
Create electronic audit trails which can check and identify the individuals who have accessed the information.
Store backup copies of data in a locked cabinet to prevent unauthorized access.
Do not be careless with laptops, USB keys, and other wireless electronic devices because they can store a lot of customer data.
Install password protection and security features in the devices.
Through implementation of these techniques, you will increase the safety of consumer data stored in electronic files, thereby protecting against potential breaches or unauthorized access.
COLLECTION OF SENSITIVE Data
If your organization will be collecting sensitive or potentially sensitive information in the coming future, confidentiality should be considered as a top priority by utilizing multiple security methods. This may include encryption, access control, audits on a regular basis and other security measures to protect the same data.
Furthermore, it is important to periodically review and purge old files, and destroying any personal information that is no longer necessary to be retained. Such practice is beneficial as it reduces the exposure of obsolete data to unauthorized persons or misuse. Continually checking and deleting entire information helps comply with privacy rules and builds trust with customers regarding data processes.
THIRD PARTIES LIST
You should check that third parties who you currently share personal information with, adhere to the same standards of protection, just as your business does. In order to protect customers’ data, it would be advisable to hire your legal advisers and to include tailored clauses in the contract.
These clauses should:
Require the third party to maintain strict security requirements in regard to customer data.
Give you the authority to audit the third party to ensure that fair information practices are implemented.
Stipulate that the third party can only use the information for the purposes mentioned in the contract.
Direct the third party to forward any customer requests to access their respective records to you as soon as possible.
These stipulations can enhance accountability and guarantee the data safety of your customers when the data is shared with other parties through your contracts.