Fashion Epos Solutions Ltd will process your personal data when enquiring, purchasing and having ongoing services such as software support subscriptions.

Our full Privacy policy can be found on our website at: www.fashione.co.uk/privacy-policy.

We keep your personal data only as long as required by law.

Fashion Epos Solutions Ltd work closely with several partners and usually on requested we will share your personal data.

Only on request from yourself will we speak to other companies.

Your Rights to your personal data:

• The right to request a copy of personal data that we hold.
• The right to request corrections to your personal data.
• The right to request that your personal data is deleted when no longer required.
• The right to withdraw any consent to process your personal data.
• The right to request your personal data in a portable format.
• The right to request a restriction on further data processing, in case there is a dispute in relation to the accuracy or processing of your personal data.
• The right to object to the processing of personal data, in case data processing has been based on legitimate interest and/or direct marketing.

The Fashione system allows your customers details to be held for several processes:

• Customer Tracking, History and Marketing.
• Loyalty Schemes.
• Customer services such as Accounts, Layovers, Orders and Alterations.
• Integrated Website Orders.
• Wholesale Orders.

To assist with your support queries, there are times where we will have to access your customer data to provide a resolution to support queries.

Your software support includes data backups that are stored securely for up to 30 days. These can be accessed only by the support and development teams. For example, a support query may require a member of staff to use a back up to investigate in more detail.

On the 25th May 2018 the new GDPR regulations come in to affect. You may have a lot of questions. Below we have covered the basics, more detailed information on this can be found at https://ico.org.uk

You need a privacy policy that basically says what personal data you collect, how consent was given and what you are going to do with it. Most privacy policies are online for easy reference.

The purpose of the new regulation is to think about how you obtain, store and use their data. For your existing customers personal data, collected before the new regulations, where you have a current relationship with the customer and you have obtained their personal data with consent at the time of a prior transaction you can continue to hold their data until no longer required. We would recommend contacting customers with your privacy policy, so they can chose to opt out and it is recommended the next time they shop with you that you request their consent. You could also look at cleaning up your customers personal data by deleting customers who have not spent within so many years.

Only collect the information you need. E.g. If you only do email marketing don’t ask for their home/business address.

• The right to be informed of what you are using their personal data for. This should be covered in your own privacy policy.
• The right to have access to their personal data and related information.
• The right to have inaccurate personal data corrected or updated.
• The right to have their personal data deleted.
• The right to withdraw their consent to processing their personal data.
• The right to request the restriction of processing their personal data.
• The right to request their personal data in a portable format. E.g Excel
• The right to object to processing their personal data, in case data processing has been based on legitimate interest and/or direct marketing.

These rights are explained in more detail at https://ico.org.uk.

Your staff members should be given training on customer data protection, your policies and how to keep this secure.

A Few Points on Keeping your Data Secure:

• Have a secure network and keep the operating systems on any computers up to date.
• Staff Members to have separate user names and passwords.
• Review Security Setting. E.g Staff Security on Fashione, auto Locking on computers.
• When replacing computers your hard drives should be professional erased/destroyed.

Processing and using your customers data, should not go beyond the reason the data was originally given.

For example, if someone laid over an item at the till you will have a legitimate interest to contact them about payments. Once the item has been paid and supplied what you cannot do is use their information for customer top spenders or marketing without their permission.

https://ico.org.uk/for-organisations/business/general-data-protection-regulation-gdpr-faqs-for-small-retailers/

https://ico.org.uk/for-organisations/guide-to-data-protection/privacy-notices-transparency-and-control/your-privacy-notice-checklist/

Small Business GDPR Helpline by ICO: 0303 123 1113

• Marketing Consent
• Logging Consent
• Exporting by Marketing Consent
• Access Requests
• Enhanced Security

Last Revised 14th June 2018.

This guide was created by Fashion Epos Solutions Ltd to make it easier to understand GDPR. This is for information purposes only and is not legal advice. We recommend looking in to the GDPR regulations further.