If there’s one thing guaranteed to make customers snooze it’s a piece on new EU privacy legislation, especially one for which all the official information is poorly explained as to its effects on small businesses and customers. The EU’s General Data Protection Regulation, which comes into effect on 25 May 2018, excels at being especially obfuscatory and confusing.
In short, because Fighting 15s does not ask and has never asked customers to sign up for direct marketing (email newsletters, promotions, and such), and does not engage in direct marketing, the GDPR has minimal effect.
The GDPR requires businesses to get customers to confirm that they want to receive direct marketing by actively ticking a check box consenting to such marketing. Fighting 15s does not send out direct marketing, and therefore there is no check box on the website in the checkout process. Our webshop provider does offer direct marketing tools but we have not signed up to them.
Fighting 15s holds essential information for the processing of customers’ orders: name, address, email and phone, plus the system will record the IP address used when placing the order. Obviously we need name, address and contact details so we can send out orders, confirmation emails, fulfil our legal obligations to provide a durable copy of the current terms and conditions, and to contact a customer in the event of questions about an order. The IP address is required in the event of digital product sales to help prove the origin of an order for VAT liability.
Customers who do not want such information held on record may request its deletion by simply emailing or writing to Fighting 15s, and we will remove it from the shop (the GDPR doesn’t seem to have considered a requirement for proof that the person emailing to have such information deleted is actually that person, but it would seem sensible). However, Fighting 15s is legally required to hold customers’ essential information for seven years for tax/accountancy purposes, and therefore we can delete only what is historic information – currently information obtained before 6 April 2009, the start of the 2009-2010 accountancy year.
Financial information is handled by third-party processors, so we never see payment details if customers place and pay for orders through the online shop. Our payment processors are PayPal and Barclaycard.
Our preferred means of passing on news is via Facebook and our WordPress blogs (Fighting 15s news and oozlumgames.com). If you don’t want to see what we do on Facebook, unlike and unfollow the Fighting 15s page (https://www.facebook.com/Fighting15s/). The power to sign out of following a WordPress blog remains solely with the follower: WordPress site administrators do not, repeat do not, have the power to delete followers. Details of how to unfollow a WordPress blog may be found at https://en.support.wordpress.com/following/.
Of course, non-EU businesses that record details of EU customers are supposed to adopt the GDPR. As with reporting VAT on digital products, Fighting 15s by and large cannot see businesses outside the EU conforming. Except the UK after Brexit. Good old law-abiding Blighty will be the only country that conforms to a law that also encompasses Martians and Venusians should they start direct marketing to the people of the EU.
In summary, Fighting 15s’ policy remains as it always has been: we won’t bug you by sending out a relentless stream of marketing drivel. If you want drivel, you have to come to us…