Dear Customer, employee, volunteer and/or shareholder,
You may be aware that a new Data Protection law (General Data Protection Regulation) is being introduced with effect from 25 May 2018 and this will affect the way in which Woodgreen Community Shop Association Limited (WCSA) can make use of your personal data.
WCSA holds a minimum necessary amount of data about its customers, shareholders, employees and volunteers and restricts use of the information to matters essential to the running of the business.
The data we hold
In accordance with standard employment and legal regulations, WCSA holds personal, financial and taxation information about employed and volunteer staff.
In accordance with legal requirements, we maintain a register of shareholders’ names and addresses.
Our retail sales system holds account details (names, addresses, purchases and receipts) in respect of those customers who operate a credit sales account with us.
Our CCTV system records activity in and around the store for the security of our shop, merchandise, staff and customers. No personal identification is carried out by the system.
Our website is used to provide information about WCSA and is not used to collect customer information. The website is hosted by a service provider.
How we use your data
In accordance with the stated legal basis for processing shareholder and customer personal data (see Legal Basis paragraph below)
To permit customers to operate credit accounts.
CCTV records are only accessed when required for identified crime or fraud prevention, detection or related purposes.
When we have a legal right or duty to use or disclose your information.
We do not make data available to outside parties for commercial purposes.
How long do we keep your data?
Shareholder information is retained throughout the period of share ownership and for a period afterwards to meet statutory requirements.
Credit account information is retained until the credit account has been closed and the financial accounts for the period have been approved. HM Revenue & Customs require that financial records are kept for 6 years.
Staff records are kept throughout the period of employment and for a period afterwards to meet statutory requirements.
CCTV data is normally retained for a maximum of 4 weeks unless specific data is required for further investigation.
How we protect your data
WCSA is committed to keeping your personal data safe.
Access to shareholder information is restricted to the Committee and WCSA’s external accountants.
Access to customer account information is restricted to the Committee, accountants and staff conducting normal shop business.
Access to CCTV records is restricted to the Committee, shop managers and their nominated examiners.
WCSA operates internal policies setting out our approach to data security.
WCSA has appointed a Data Privacy Manager, Sue Manktelow, who can be contacted via the WCSA shop.
Legal basis for WCSA processing personal data
WCSA collects and uses personal data because it is necessary for:
- The pursuit of our legitimate interests
- Complying with our legal obligations
Our legitimate interests include:
- Selling and supplying goods and services to our customers
- Protecting customers, employees, volunteers and other individuals and ensuring their safety, health and welfare
- Promoting, advertising and selling our products and services
- Understanding our customers’ preferences and needs
- Improving our products and services
- Complying with our legal and regulatory obligations including maintaining financial accounting records
- Preventing and investigating crime, fraud and anti-social behaviour, including working with law enforcement agencies
- Handling customer queries, complaints or disputes
You have the following rights:
- To ask what personal data WCSA holds about you at any time
- The right to ask WCSA to update and correct any out-of-date or incorrect personal data, free of charge
- The right to opt out of any marketing data we may deliver to you.
- You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
If you wish to exercise any of the above rights, please contact the Chairman, Ron Trevaskis or the Secretary and Data Protection Officer, Sue Manktelow at the Woodgreen Community Shop Association Ltd., Hale Road, Woodgreen SP6 2AJ.
Data Protection Officer
18 May 2018