The General Data Protection Regulations (GDPR) of The EU became enforceable on 25th May 2018.
The purpose of the GDPR is to provide a set of standardised personal data protection laws across all the member countries of The EU. Personal data is anything which identifies an individual. This can be a name, email address, telephone number, address, an image, for example.
The GDPR defines two classes of entities which interface with personal data: data controllers and data processors. Data controllers receive, store and make decisions about data processing. Data processors do something with the data provided by the controller. You can be a data controller, a data processor, or both. Okun Beachwear Ltd is both a data controller and data processor. An example of where we act as both a controller and processor is when we receive your online order placed on okunbeachwear.com. We receive the personal data such as your name and address in our capacity as controller. When we create the shipping label and give your goods to the courier company for delivery we are a processor. We are doing something with the data we control.
As data controllers we are required to be registered with the Information Commissioner's Office of The UK (ICO). Okun Beachwear Ltd is registered with The Information Commissioner's Office and appears in the public register maintained by it.
How do we receive personal data on okunbeachwear.com?
Personal data is received by the submission of online forms which have been populated by the data we need to process the order.
Where is the personal data stored?
The personal data is stored in a database on a dedicated server in the UK.
What personal data is stored?
We store some details required for order fulfilment – name, email address, shipping and billing addresses. We do not receive or store financial information such as credit card details. These are controlled and processed by the payment gateways – PayPal.
Is the personal data okunbeachwear.com controls secure?
The server on which the database resides is maintained according to current best practices of digital data security. It is firewalled and regularly updated. The website code is scrutinised by experts for potential vulnerabilities. The forms into which you enter personal data are SSL secured according to the latest technology and in line with industry standards. The website is audited for PCI (payment card industry) compliance by external auditors. Part of this involves the auditors scanning the website at regular intervals for potential vulnerabilities.
Who can access the personal data?
The personal data can be accessed by the website manager, by the Okun Beachwear Ltd dispatch team, by the accounts department and by authorised personnel at the digital agency who host and maintain the website – Kualo.co.uk.
Is personal data shared?
Personal data is shared with the digital agency that maintains the website and web server – Kualo.co.uk, with the payment gateways – Sagepay and PayPal, with the courier companies who collect and deliver the orders and with the email marketing platform – Mailchimp.
At Okun Beachwear we take the view that our responsibilities in respect of personal data to not cease at the perimeter of our business. Therefore we seek assurances from the partners with whom we share personal data – the digital agency, the server hosting company, the email marketing platform, the couriers and so on, that they are also doing the utmost to fulfil their obligations under GDPR.
What is the legal basis for the control and processing of personal data?
For how long is the personal data stored?
This depends on whether you choose to create an account with okunbeachwear.com or check out as a 'guest'
Where you create an account with okunbeachwear.com you have access to your personal data, which you can administer. If you request deletion of your personal data it is deleted from the database.
If you checkout as a guest we retain the personal data for 30 days. This gives us time to deal with any issues that might arise with the order, or to issue a refund. After that the personal data is deleted.
Under the terms of GDPR you may request that we delete your personal data at any time.
You may request a copy of any of your personal data that we control.
You have other rights under the GDPR such as:
- The right to be informed if we process or intend to process your personal data.
- The right to rectification if there is an error with the personal data.
- The right to restrict processing.
- The right to portability of the personal data.
- The right to object to the control or processing of personal data.
- The right to not be subject to automated decision-making including profiling.
If you have any questions about these rights in respect of your personal data and okunbeachwear.com please contact us using our contact form and we will be happy to discuss them. You may also contact The Information Commissioner's Office (ico.org) or complain to it.
We do not engage in profiling, using personal data, in order, for example, to tailor your experience of okunbeachwear.com depending on what we know, or think we know about you. We process personal data for the purposes of order fulfilment, customer service and marketing.
Does okunbeachwear.com use the email address provided during the process of ordering goods to send out marketing material by email?
No we don't. We only send marketing emails to those who have explicitly consented to receiving them. This is an entirely separate consent procedure to that required during the giving of personal data for the purposes of ordering and order fulfilment.
What about by post?
The same applies. We do not send marketing materials by post unless you have explicitly and unambiguously consented to that in a process separate from that of placing an order, and we provide a means for you to easily withdraw consent to the receiving of marketing materials, whatever form they take.
Text messages? Mms?
We do not engage in marketing by SMS or MMS messages.
If I contact you through your contact form, what happens to that personal data – my email address and name?
When you contact us via the online contact form your message goes to the website administration dashboard where it can be seen by the website manager. The website manager will make an initial reply to your message via this facility and, in most cases, supply their okunbeachwear.com email address for you to correspond directly if you wish. The ability to correspond directly is advantageous should you need to attach a file, for example; something which is not possible via the contact form. In certain cases, where appropriate, the website manager will forward your message to the dispatch team if they are best placed to deal with it swiftly. This is the extent to which your personal data received via the contact form is controlled and processed.
We provide the contact facility and subsequent email communication for the purposes of customer service only.
We archive company email in order to achieve regulatory compliance. The archive is secure and administered by an authorised person. We do not share the archive with external agencies unless legally required to do so. We might, rarely, have occasion to examine the archive in line with our legitimate business objectives but if this happens such examination would be carried out by the archive administrator under the supervision of a director.
This document sets out our practices in line with what we understand our obligations to be at this time under the terms of
GDPR as they relate to okunbeachwear.com.
In this policy, we/us/website refers to http://www.okunbeachwear.com
Type of Cookie Purpose
Strictly necessary cookies:
These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
You can at any time choose to:
- to enable or disable Cookies in your internet browser. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser.
- to delete Cookies at any time; however you may lose any information that enables you to access the Website more quickly and efficiently including, but not limited to, personalisation settings.
It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.