The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy. The key articles of the GDPR, as well as information on its business impact, can be found throughout this site.
1. Data Portability
GDPR introduces data portability – the right for a data subject to receive the personal data concerning them, which they have previously provided in a ‘commonly used and machine-readable format’ and have the right to transmit that data to another controller. Pin Head reserves the right to take up to one week to collate all data relevant to a data subject from when the official request is put through. Data subjects must put through a formal request for data retraction by emailing firstname.lastname@example.org with a formal request specifying in accordance to which clause data should be retrieved or handled.
2. Right to be forgotten
Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller (Pin Head) erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects’ rights to “the public interest in the availability of the data” when considering such requests.
3. Privacy by Design
Privacy by design although a concept that has existed for years now, is now a legal requirement per GDPR. Privacy by design calls for the inclusion of data protection from the onset of the designing of systems, rather than having to rectify the database at a later date. Pin Head will, therefore “implement appropriate technical and organisational measures…in an effective way… in order to meet the requirements of this Regulation and protect the rights of data subjects”. In compliance with Article 23, Pin Head will only hold and process the data absolutely necessary for the completion of its duties as well as limiting the access to personal data to those needing to act out the processing.
4. Breach Notification
Should Pin Head find themselves in breach of any data protection, that may “result in a risk for the rights and freedoms of individuals”, within 72 hours of being notified they will be required to notify the customers and comply with the removal of any data in question “without undue delay”.
If you subscribe to our mailing list or e-mail marketing newsletter, we and our newsletter partner MailChimp (based in the USA) will hold your details securely but solely for this purpose. They adhere to an EU/USA agreement that conforms to the new regulations so you can be sure your details are in safe hands. You are free to unsubscribe to our newsletters at any time and have this option at the bottom of every letter we send you or by contacting us by email at email@example.com to be removed from our list. We promise will never spam you or send unsolicited emails, only those we feel you will be interested in relating to our new products, special offers or information relating to Pin Head UK.
These campaigns which are run will be used solely to notify members of upcoming events, sales and new releases that will be useful or benefit the individual.
6. Commission Payments
Pin Head uses third parties Paypal & Quickbooks to create live invoices for payment of bulk pin and patch orders. They do not have permission to use any data from these invoices such as names, addresses or bank details. These are stored securely solely for the transaction in question and are fully retrievable and or erasable if requested.