Please explain your position statement with regards to the forthcoming 2018 Data Protection Act in the UK
The handling of client data is being standardised across the EU and in 2018 it will be brought into UK law. Total Contact Equine Solutions (TCES) stores, and has access to, client data across, and in, four platforms:
We pay Square Space.com to host our website and as such client data is stored here in the 'shop' area that is relevant to completing and managing client orders. This may include name/address, phone numbers, email addresses and payment information (see below for more on this aspect). This information is stored on the servers on Square Space as a hosting company and is password protected by TCES with a password that is considered as 'strong' in format and changed on a regular basis. Your client data will never be shared by us with another organisation without your consent but may be used to check client views on our products by way of a client survey the results of which will be anonymous.
Social media is used by TCES to promote our products and messages as well as for clients to use to provide comment and feedback. At the moment this is just Facebook on the page Total Contact Equine Solutions. This is a public page. Where client comment is provided directly to TCES we may choose to place it on this platform but only with the permission of the sender and then using client initials as an identifier and not a full name. Client posts will show full names. This data is then stored on the servers of Facebook and is subject to their user terms and conditions in force at any one time.
Payments can be made for goods and services through Paypal and Stripe.com which handles card transactions on behalf of TCES. ALL client information relating to payments is held on the servers of these two companies and is subject to their terms and conditions at any one time. When a client makes a purchase TCES are advised by email (see below) and the client payment information is not revealed to us save for the last four digits of a card to help identify it. The CVV number is never disclosed to TCES. Both of these systems are password protected by TCES with what are considered as 'strong' passwords and changed on a regular basis. Both Paypal and Stripe hold the banking details of TCES to transfer payments to and fro.
Email contact with clients is made via firstname.lastname@example.org on an external email server managed by Philip Lavin. The email is password protected and emails received/sent may be saved into the system for use at a later date which will contain the email addresses of clients and other enquirers. This information is not passed on to third parties at any time but may be used for the purposes of a TCES client survey or other activity. It is not currently routinely used for marketing purposes by TCES.
Access to Facebook can be made via a security protected mobile phone and all other information via a password protected laptop used by TCES.
We treat client data seriously and believe that we comply with current standards of regulation but may, from time to time, upgrade this provision as needed.
Clients can ask to see the data held on them as in the provisions of the 2018 Data Protection Act given reasonable notice and reason.
Any other questions?