GDPR – What it means to you and us
The General Data Protection Regulation (GDPR) is a required EU regulation aimed at helping to strengthen data protection for EU citizens and residents globally.
In real terms it advises us as a business “If you provide services to customers who are EU citizens, you better make sure you look after their personal data or else!”
As we collect and process your personal data, we are required to comply with the regulations especially as we run a website, an internal database and communicate with you by email.
As GDPR is a huge sleep inducing document we have listed some of the salient points for you GDPR one data protection regulation for everyone.
GDPR is a single set of rules that apply to all EU member states with each member state designating a Supervisory Authority (SA) to oversee and ensure compliance of the legislation. SAs will work closely together by the cross-border nature of digital data.
A significant part of the GDPR is about transparency and informing data subjects (individuals) about what and how their personal data is being used, by whom and for how long. GDPR requires us to state what data is being processed and for what reasons. Additionally, we are required to inform you how long the data will be stored for and who you should contact regards to any part of our processes.
We must be able to prove that we have received consent from you to process any data held, once consent has been given only then can your data can be processed. Additionally, your data must only be used for the purposes that consent has been given. For instance, should you contact us through our website with an enquiry, unless you advise us, we will not add you to any email marketing list without asking you first. If the contact is from someone under 18 years old, then a parent’s consent must be given before their data can be used. Consent must be able to be withdrawn by you at any time.
Pseudonymisation – as well as being an excellent scrabble score, GDPR refers to this to transform data in a way that stops it from being attributed to an individual without the use of additional information. In our instance we hold your contact details on one database and your account history on another, no financial details (i.e. bank account/card numbers) are held on either. This greatly reduces the potential for a security breach occurring without both files being stolen.
Most importantly of all however:
• We will not send out any newsletters of promotional material without your permission
• We do not store any personal financial details on you in either written or digital format
• We will never share your details with other companies
• Each time you send us financial information (card details/bank details), regarding a tour, it is used for that tour only and not held on file for future bookings
• You can unsubscribe for future correspondence by simply asking us to at any time
• If you do have any concerns then please email our GDPR officer on email@example.com