Guide to GDPR

Terms & Conditions, Privacy and a Guide to GDPR - The General Data Protection Regulation

GDPR stands for General Data Protection Regulation

GDPR is the biggest change to UK data privacy law for 20 years and creates a single set of rules that better protects personal information for people across the EU. All organisations must review how they manage all personal data, such as customer addresses and staff details, to ensure they meet GDPR requirements.

What does GDPR mean to your customer

1. They are better protected

The new rules make sure that all organisations are set up to protect any personal data they hold, and to act appropriately if something goes wrong.

2. They have more control

The new regulation supports the right for the customer to have their privacy respected and their personal data protected. It gives the customer easier access to the personal information organisations hold about them, if they wish to check or change it. It is designed to give them confidence that this information is accurate, up-to-date and well-managed. They also have the right to erasure, where, upon request, the customer’s personal data is erased.

3. They can change their mind

Every organisation must provide the customer with the opportunity to change their mind about the choices they have made. This is intended to give the customer options and keep them in control.

How do Touchretail store your data?

To comply with GDPR and to ensure customer data is kept as secure as possible the following is how Touchretail store your data.

Customer data is stored in TRIMS on Touchretail data servers, the data servers are in a secure data centre in London and protected behind firewalls. The data is also backed up daily to 2 other data servers which are in Cardiff and Germany. These backups are only kept for a maximum of 7 days, after this, they are overwritten.

TRIMS Data

  • All data transferring of backup data over the internet is encrypted
  • The data centre for our hosted servers is managed by Tagadab
  • The Backup in Cardiff is on Microsoft Azure
  • The backup in Germany is on servers hosted by 1 and 1
  • We only store your Customer and do not use your data for any other purpose

All our staff are fully competent in GDPR and aware, what is and is not, allowed when handling your data. Your data may occasionally be downloaded to our local servers for debugging purposes on the software if you have an issue, but is deleted once no longer required.

How are Touchretail helping you, the retailer?

It is important that the retailer is able to record that the contact (customer - or, in GDPR terms, ‘data subject’) has given consent for their personal data to be stored and processed by the retailer.

Touchretail are helping retailers by introducing a number of GDPR features that, when combined with existing functionality, provide the retailer with the tools they need to adhere to GDPR guidelines.

TRIMS GDPR Features

  • A consent flag will be added to each contact in the TRIMS CRM database.
  • The consent flag on all existing contacts will be set to none.
  • Any new contacts created must be informed at the point of sign-up that by using the services of the retailer, they are granting consent.
  • A facility is provided at back office to toggle consent.
  • A facility is provided at the Point of Sale to toggle consent.
  • The contact can, at any time, change their mind and revoke consent.
  • The contact can, at any time, request erasure. A facility is provided to execute this irreversible procedure.
  • The existing contact statuses are available for the customer to state how they wish to be contacted.
  • Filters for the consent and status flags are provided within TRIMS CRM allowing the retailer to view and export personal data that adheres to GDPR legislation.

Your responsibility as the retailer

Touchretail provide a set of CRM tools designed to help the retailer comply to GDPR legislation. It is your responsibility as the retailer to ensure that anyone working with customer data is fully aware of the GDPR guidelines, and uses the available TRIMS CRM GDPR tools correctly when working on customer data. A series of GDPR videos along with documentation will be available on the Touchretail helpdesk instructing on how to use these tools.

All existing contacts by default have not provided consent. It is your job as the retailer to contact existing customers to gain consent. This needs to happen before May 25th. After this date, by law, you will not be able to contact customers who have not provided consent.

Ask for consent now

You have time now where you can still contact customers who have not given consent. Use this time to contact your customer database and ask for consent. Keep proof and update each contact on the TRIMS CRM to state that the contact has given consent. Remember, after May 25th, by law you will not be able to contact customers who have not given consent. This procedure needs to happen in advance of May 25th.

Documentation and tools

In the run-up to May 25th, Touchretail will be releasing GDPR documentation via the Touchretail helpdesk and the GDPR tools through TRIMS system updates. It is important to accept and install any updates prompted by your TRIMS system. We will inform all of our helpdesk users when this happens.

Touchretail Terms and Conditions

The full Touchretail SaaS Terms and Conditions are available here for download in PDF format
The full Touchretail Privacy Policy is available here for download in PDF format
The full Touchretail Website Terms and Conditions are available here for download in PDF format
The full Touchretail Data Protection Policy is available here for download in PDF format

A final note on GDPR

It is the retailer's responsibility to comply with the GDPR requirements. Touchretail do not specialise in, or provide advice or assistance in, becoming compliant. Touchretail have introduced a number of tools into our software which provide the retailer with the facilities they need to help with compliance, but it is down to the retailer to make use of these tools in the necessary way based on their GDPR knowledge and education.

Useful References
ICO. Guide to the General Data Protection Regulation (GDPR)
Oxhouse
Childsplay
Stoke City FC
Love Aroma
31 The Store
Forty Clothing

Leave your legacy system behind and join the growing number of successful retailers benefitting from modern technology, processes and the flexibility that can only be found in TRIMS by Touchretail.

View More Client Case Studies