Jump to content

Recommended Posts

Posted (edited)

I've no idea whether this conforms to the new GDPR consent requirements, but I just changed  the wording of 'Subscribe to Mailing List' to the follwoing.

 

Under the new 2018 GDPR guidelines, it's now a legal requirement that we seek permission to contact you outside of any contractual arrangements. Please tick this box if you agree to us contacting you.

 

I had mine checked by default (opt out was a  physical action), it's now unchecked.

 

I've no idea how I'm going to contact 50,000 previous customers and ask for thier consent moving forward.

Edited by keat

Share this post


Link to post
Share on other sites

On 28/03/2018 at 4:07 PM, keat said:

I've no idea whether this conforms to the new GDPR consent requirements, but I just changed  the wording of 'Subscribe to Mailing List' to the follwoing.

Under the new 2018 GDPR guidelines, it's now a legal requirement that we seek permission to contact you outside of any contractual arrangements. Please tick this box if you agree to us contacting you.

There is no need to do this but it should be covered in your Privacy Policy.  Having any consent pre-selected will not be allowed under GDPR.

You were part of a previous discussion where I summarised the basic points - see 

 

On 28/03/2018 at 4:23 PM, Noodleman said:

CubeCart 6.2 will take care of a lot of these things

It will from technical point of view but the main area of work is down to each customer to update their Privacy Policy and Terms and Conditions based on the decisions taken as to data use and retention.

  • Like 1

Share this post


Link to post
Share on other sites

What are your thoughts on the following.

Take away the option to opt in or out of the mailing list all together.

Write something in to a privacy policy stating that we have a legitimate interest to use your data for statistical and marketing purposes, giving the customer the right to opt out during the marketting campiagn.

Share this post


Link to post
Share on other sites

Just had a bit of a GDPR meeting and they guy said we could use 'Legitimate Reasons' to use the data for marketing purposes, so long as it's stated in our privacy policy and that the customer has the rights to opt out.

Is there anything that states, the customer must be given to option to opt in/out at the time of sign up.

 

 

The example privacy policy he supplied states:

 

There are occasions when we will use your name, address and email address for marketing purposes, to develop our business and to extend the level of services available to you we believe that this is in our legitimate interest.  We always provide an ‘opt out’ option in all our marketing correspondence with you.

 

So if I take away the mailing list option on the web site, but give them the option when we mail them, that's taken away the grey area.

If a customer were to find us by accident, made a phone call and placed an order over the phone, he has no opt in/opt out option to choose in that scenario, unless we asked. That's not going to happen, so why not take away the option from the web site.



Share this post


Link to post
Share on other sites

Consent is only one of the principles.

Legitimate Interest is another.

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/legitimate-interests/

 

The legitimate interests can be your own interests or the interests of third parties. They can include commercial interests, individual interests or broader societal benefits.

Share this post


Link to post
Share on other sites
6 minutes ago, keat said:

So if I take away the mailing list option on the web site, but give them the option when we mail them, that's taken away the grey area.

If a customer were to find us by accident, made a phone call and placed an order over the phone, he has no opt in/opt out option to choose in that scenario, unless we asked. That's not going to happen, so why not take away the option from the web site.

I agree with @Noodleman - my take is that the advice you are being given is incorrect.

Also, from your wording above, a customer placing an order is entering into a contract with you and the reason for collecting the information is totally different and the length of time you need to keep it is also totally different.  Contractual and marketing reasons are totally different.

5 minutes ago, keat said:

The legitimate interests can be your own interests or the interests of third parties. They can include commercial interests, individual interests or broader societal benefits.

Legitimate Interest doesnt apply to marketing newsletters !

  • The processing must be necessary. If you can reasonably achieve the same result in another less intrusive way, legitimate interests will not apply.

Share this post


Link to post
Share on other sites
Posted (edited)

But the legitimate interest states:   The legitimate interests can be your own interests.

 

It's highly likely to cause debate, but as there's no hard and fast rules "so to speak", we could argue that way we interpretted the rules,  was that we have a legitimate interest to market our customers.

However, marketing someone we never had contact with to from the onset, ie a mailing list, we would need to obtain consent.

let me interpret the following. (my interpretation in blue)

 

The legitimate interests can be your own interests or the interests of third parties. They can include commercial interests, individual interests or broader societal benefits.

We have an interest to email and send catalogues to customers as a duty to keep them informed on price increases, special promotions and our new catalogue.

 

 

The processing must be necessary. If you can reasonably achieve the same result in another less intrusive way, legitimate interests will not apply.

The processing via email or snail mail is neccessary as we are unable to convey the information by any other means

 

You must balance your interests against the individual’s. If they would not reasonably expect the processing, or if it would cause unjustified harm, their interests are likely to override your legitimate interests.

How could one determine that a regular known customer, would not want to be kept informed, so we give the customer the ability to opt out during the communication campaign.

 

 

I'm still working on the example, but if anyone wants to take a look and make any use of it, or any snippets of it, feel free.

 

https://www.beal.org.uk/privacy-policy.html

 

 

There are occasions when we will use your name, address and email address for marketing purposes, to develop our business and to extend the level of services available to you we believe that this is in our legitimate interest.  We always provide an ‘opt out’ option in all our marketing correspondence with you.

Edited by keat

Share this post


Link to post
Share on other sites

Debate

 

 

So the mixed up interpretations continue.

Today we received an email with a pdf attachment explaining GDPR and that the company requires our consent.

It went along the lines.. "if we don't hear back from you, we will assume that we have your consent"

 

I can argue, if you don't hear back from me, that we never received the communication, therefore you don't have my consent.

Secondly, it was addressed to 'Dear Supplier' and then 'Dear Sir/Madam'

Dear supplier or sir/madam is not personal identifiable data, so therefore in my eyes does not constitute GDPR protectional data.

Share this post


Link to post
Share on other sites

I doubt very much that the ICO will do anything, there's so much woolyness and mis-interpretation that many companies will fail.

We can only do what we can do to satisfy that we appear to be doing.

Share this post


Link to post
Share on other sites

On the subject of consent.

 

I'm still waiting for Google, Ebay, Facebook, Twitter, Microsoft and any other huge corporate I've had dealings with to physically ask me for my consent to be contacted.

I've had lots of communications from them, but not a single one asking for me to complete a check form saying that I consent.

 

or, Tesco, Asda, B&Q, ScrewFix, ........................ CubeCart 🙂

Edited by keat

Share this post


Link to post
Share on other sites

FYI

 

Not one mention of requiring my consent.

 

At Spotify, we want to give you the best possible experience to ensure that you enjoy our service today, tomorrow, and in the future. It is also our goal to be as open and transparent as possible with our users about the personal data we collect to provide that service, how it is used, and with whom it is shared.

We are contacting you today to let you know that we will be making some changes to our Privacy Policy, which will be effective from May 25th. These changes will reflect the increased transparency requirements of the EU General Data Protection Regulation (known as the ‘GDPR’).

We have always strived to provide you with clear and simple information about the personal data we collect and use and how we protect your personal data in our Privacy Policy. Today we are simply announcing enhancements to the Privacy Policy which clarify and provide additional information about:
 
  • your privacy rights and how to exercise them;
  • how we collect, use, share and protect your personal data, and
  • the legal bases we rely on to process your personal data.

Over the next few weeks, we will also be rolling out new tools which include a new Privacy Center at Spotify.com and a new Privacy Settings page in your Account to help you more easily understand and manage your privacy choices, including a new ‘Download my Data’ button.

Please click here to read the revised Privacy Policy, which will be effective from May 25, 2018. We have also prepared this blog post which summarizes the key changes to the Privacy Policy in more detail.

If you have any questions, please contact us using the Contact Form.

Thank you for using Spotify.

Enjoy the music!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×