The laws concerning data protection changed significantly in Europe when the GDPR (General Data Protection Regulation) comes/came into force on 25 May 2018. The official EU GDPR information portal has a nice, brief summary of the most important changes. For small businesses doing business mainly in the UK, Brexit hasn't changed the situation since GDPR has been included in UK law (from the gov.uk website: "The General Data Protection Regulation (GDPR) has been retained in UK law and will continue to be read alongside the Data Protection Act 2018").
Also worth reading is the similarly brief summary of how the GDPR changes things from the UK's "independent authority set up to uphold information rights in the public interest", the ICO (Information Commissioner's Office) . Read it here.
Points worth highlighting seem to be these:
2. All privacy information must be clearly written and easy to understand (no legalese).
3. The policy must be very clear about what data is being collected, how and why.
4. If data is being obtained somewhere for non-obvious purposes, people must be notified then and there, and positive consent must be sought (e.g. instead of automatically adding the details of mere enquirers to a mailing list, consent for that must be sought on the contact form with a clear indication of what exactly the person is consenting to).
6. Any sharing of data with third parties must be described.
7. There must be information about the person's rights (especially the rights to access - free of charge - and to rectification, the right to withdraw consent, the right to erasure - the "right to be forgotten" - and the right to be notified of any data breach within 72 hours).
8. You are supposed to have procedures in place to maximise the security of data stored on your system, and to ensure that data is deleted when there is no longer a good reason for retaining it.
To save and work with a copy of the template that has HTML tags (so it is ready to be pasted into a web page) press CTRL-U to see the code for this page, then scroll down until you see the beginning of the template wording. You can then copy the text and the tags together, then paste it into a blank text document on your PC and save it as a plain .txt file. You can then edit it before pasting it onto your web page.
Handcrafted Websites can do the analysis and add the popup warning for you, but if you want to check for yourself what cookies are being used on your site, one easy way to do that is to install a browser extension. The Firefox browser, for instance, has an extension called Cookie Editor. That puts an icon in your toolbar, and if you click that when viewing your site, you see a list of the cookies being used.
At [business name] we respect your privacy, and aim to comply with the latest data protection regulations. This policy explains how we collect and handle data relating to website visitors. Please note that this policy may be altered in the future. It was last updated on [date].
The information is being collected by [business name], and the person responsible for handling data is [name], who can be contacted via email at [email address], or by writing to [postal address]. Alternatively, phone: [phone].
Information can be collected in the following ways:
For enquiries and/or bookings we will only collect the minimum information required for the purposes of being able to contact you and make an accurate record of the booking and process any payments relating to it.
The anonymous data relating to website traffic is limited to details of the device or connection being used to access our website (including the IP address of your computer, the country the connection is made from, the browser, etc.) and a record of the pages visited, plus the time spent on each page.
When you contact us, make a booking or sign up for our newsletter, your data is only used for the corresponding purposes. We will not pass your contact details and other personal data to a third party.
Some data will also be used for internal record keeping (e.g. for the accounts that we are legally obliged to maintain), and to help us assess how to improve the services that we offer.
We will not sell or rent your information to third parties.
We will not share your personal information with third parties for marketing purposes. Personal information will only be given to a third party when we are legally obliged to do so.
Anonymous data derived from cookies may be shared with third parties, but only for technical purposes, not marketing ones.
We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. You can change your marketing preferences at any time by contacting us by email: [email] or telephone on [phone].
The accuracy of your information is important. If you change your email address, or if you believe any of the other information we hold is inaccurate or out of date, please email us at: [email], or write to us at: [address]. Alternatively, you can telephone [phone]. We will promptly correct any information found to be incorrect.
You have the right to ask for a copy of the information we hold about you, and this will be sent to you in electronic format free of charge.
You may choose to restrict the collection or use of your personal information in the following ways:
Data will only be stored for as long as it is needed. Unnecessary data will be erased.
When details such as your name and email address are submitted via a contact form or email, this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.
We provide an online service that allows you to pay for your booking using your credit card details or debit card details. We do not store or process credit card details or debit card details on any of our systems; instead we use PayPal, which is a secure online payment gateway to process credit card payments and debit card payments on our behalf.
If we hold records of your personal data and we become aware of a data breach, we will endeavour to inform you of this within 72 hours.
Our website contains links to other websites of interest. You should note that we do not have any control over those websites, and so cannot be responsible for the protection and privacy of any information which you provide whilst visiting them.
Any user under 18 years of age must have their parents'/guardians' consent to use our website. Users without this consent are not allowed to provide us with personal information.
A cookie is a small file sent to your computer's hard drive by a web page that you visit. Cookies allow web applications to recognise your device (not you personally) as you move from one page on the site to another, or if you revisit the site within a certain period of time. If you express a preference on a web page, for instance, that preference can then be recalled in the future. A cookie in no way gives us access to other files on your computer or to any other of your device's functions.
We use traffic log cookies to compile statistics about the popularity of pages on our site and about how people have arrived here. This helps us improve our website. We only use this information for statistical purposes.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, however, you can usually modify your browser settings to decline or block cookies if you prefer.
The following table indicates which cookies we are using and what they do.
|These cookies are used to collect information about how visitors use our site, which we use to help improve it. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.|
|CMS||PHPSESSID||This stores information anonymously merely to note whether visitors to the website are logged into the content management system or not.|
|Cookie warning||cc_cookie_accept||This simply stores your acceptance of the warning about cookies on the website home page.|
|Calendar||ABCPro||This enables the calendar system to display the correct month. It stores no information about the visitor.|
If you prefer, it is possible to block some or all cookies, or even to delete cookies that have already been set; but you need to be aware that some functions of the website might become inoperable. If you use the Internet Explorer browser, find out more info HERE. If you use Firefox, see the information HERE. If you are using Safari, see HERE.