As a small business, I am required to use and keep personal data for processing orders, running courses, and doing my accounts etc, and I am required to inform you of how I both process and store personal data for Personalise Your World.
Data collected and how I use this data
I collect the following data;
- Personalise Your World Shop Orders
What data is processed? – Names, addresses, emails, payments, personal data such as dates and names for customised orders.
* With reference to personalised designs using personal data such as dates and names, it is your responsibility to ensure that you have permission to share this information with Personalise Your World.which will be stored securely and will only be used for customer orders.
Personalise Your World Social Media Accounts – Facebook & Instagram
What data is processed? – Names, addresses, emails.
Personalise Your World uses social media accounts to allow people who find us to send us messages to find out more about us to place orders and all information is collected through the message boxes on these sites.
Lawful / legal basis for recording the data – To process orders made by customers, or to share information at the customers request.
Payment Processing
Any payments that are made for orders are processed by a third parties websites i.e. Etsy, Swipe, Paypal or After-Pay.
Third Party Websites like Etsy, Paypal, Swipe, Facebook etc are governed by their own privacy statements and Personalise Your World are not responsible for their operations, including, but not limited to their information practices.
Users submitting information to or through these third-party websites should review the privacy statements of these sites before providing them with personally identifiable information.
All data I use as part of Personalise Your World is viewed and processed either using my laptop which has a password system to be accessed or my mobile phone which is protected by face recognition.
Data Sharing
No data is shared with any other person.
Disclosure
Any data required or held by me is secure and held only by myself, and it will not be distributed to any third parties unless I have your permission or it is required for for lawful / legal basis; for example, I am required to share my accounts with the ATO if they request it (please read retention of data).
You may request details of personal information which I hold about you and you may ask for them to be deleted, unless required for lawful / legal basis.
Retention of Data
I do not retain customers information any longer then required, but I will retain the following information for reporting to the ATO.
* What data is processed? – Documentation required for preparing accounts for the ATO
* Data refers to – invoices, receipts, payments from customers
* Lawful / legal basis for recording the data – the legal basis for processing this data is ‘legal obligation’ because it is required by the ATO
* Data sharing – the document may be shared on request with the ATO
* Data storage – the documents will be stored securely in paper / online format
* Data retention – ATO state: I must keep records for at least 5 years after the 30th June submission deadline of the relevant tax year.
The ATO may check my records to make sure you’re paying the right amount of tax.
* Data destruction – after the required length of time, the documents will be shredded / securely deleted.
All other data collected if not needed for lawful / legal basis is deleted ASAP after obtaining it if no longer required.
Data Breaches
I will be obligated to notify relevant parties of a data breach within 72 hours of becoming aware of the breach.
We understand the huge fines in place for failing to follow correct procedures for a breach in data.
Susan
Personalise Your World
