There are 4 key areas where we have a legitimate interest to gather and use personal data: for order fulfilment; to respond to queries; to invite reviews and to continue marketing to data collected prior to 25th May, 2018.
Legitimate Gathering of Data for Order Fulfilment
We gather data such as billing name, address and contact details and the delivery name, address and contact details so we can legitimately:
- Check card details match the billing details to detect fraud
- Send orders to customers via Royal Mail, Parcelforce, FDC and other couriers we may use
- Email order and dispatch confirmations
- Call customers if something has gone wrong with the order
Legitimate Gathering of Data from Your Queries
We will continue to gather data such as contact name, address and contact details that is offered to us directly so we can legitimately:
- Check whereabouts you are in the country for an accurate quote
- Pass on your data to our select suppliers and partners who can fulfil assessments such as the cost of a stairlift installation
- Email, mail or call you to follow up your query with a suitable response
- Fill in credit applications where applicable
Legitimate Gathering of Data for Reviews
When somebody orders from us, we usually send them invitations to review the service and the product(s) they have purchased.
We conducted a 3-Stage test in order to assess whether we should continue to do this from the introduction of GDPR on the 25th May 2018 as follows:
1. Identification of a Legitimate Interest
Reviews are invaluable to both customers researching companies and products to purchase and in the same vein, they help a company to build a trust factor with their customer base.
Reviews by people who have bought before are of huge benefit to other people. They also help the company to understand how customers feel about their service and products. Reviews are really the feedback tool of ecommerce be it for booking a hotel or for retail - they are critical to how business is done online.
We feel we have not only a legitimate interest, but a duty to run and maintain an independent feedback loop.
2. The Necessity Test
If we cannot invite people to review, there will be an imbalance of reviews which will effect the validity of the feedback. A survey by Podium.com (2017 State of Online Reviews) showed that 93% of consumers said that online reviews made an impact of their buying decision and 82% say that the content of a review has convinved them to buy. In the same survey, 77% said they would leave a review if invited to do so. Conversely, if all customers are not invited to leave reviews, then there is imbalance to the reviews as people are more likely to write a bad review than a good review. If we do not invite reviews, then the accuracy and trustworthyness of the reviews would cease to be of any value. Reviews are vital to people buying online and invitations are vital to people leaving reviews.
3. The Balancing Test
Accurate service and product reviews are vital to help people make buying decisions. They are of such a benefit to people online that we need to provide an independent review service.
For a service review, we send the order number, customer name and email address to Trustpilot and Trustpilot then invites the customer to leave a review. The customer can easily opt out of the email from Trustpilot or easily leave a quick review. The service reviews are of enormous value to customers and potential customers alike. They are also of benefit to the company and help us to measure our performance.
For a product review, we use our own review system to tie in with placing those reviews accurately alongside the products as purchased on our website. This then provides great feedback for products that are both well-received and products that we should consider not selling any more. I.e. product reviews are of benefit to both customers and the company in equal measure.
Overall, reviews bring balance and trust to online retail. This is one of the things that is good about the internet - giving people the means to collaboration and the ability to share your feedback to help others in their decisions. Reviews are people power that are of equal benefit to customers, potential customers and the company. We therefore feel that asking to review us is a legitimate interest.
Legitimate Gathering of Data for Marketing
For many years, we have carried out marketing to people who have ordered from us (our customers) and those who have joined our newsletter lists using the website joining form. Our database for newsletters has never included any third party data and we have never sold data to any third party.
We have conducted a 3-Stage test in order to make sure that we can continue to send newsletters to our data collected prior to 25th May 2018 as follows:
1. Identification of a Legitimate Interest
For all the time prior to the 25th May, 2018, we used email and print to stay in touch with our customer base. Each email, for example, is opened by about 25% of recipients and the result is increased sales in the shop. Co-operative Mobility only uses the data for its own marketing and has never passed it on to third parties for their own marketing so we only use the data to promote the products and services that are shown on our website.
As the marketing is well-received and sales are driven, we feel that we are providing a legitimate service to our customers to keep them informed of our products and services. Our range and value-for-money offer means that our customers often have more choice and better prices than shopping elsewhere and not being a nationally recognised brand, we need to keep reminding people we are here and what we can offer them. Every email stimulates sales and these sales can be attributed to the marketing.
We feel we have a legitimate interest to continue to market to our customer database up to the 25th May 2018. From thereon, website changes mean that customers opt-in and everything is much clearer about how we handle customer data thanks to GDPR.
2. The Necessity Test
Sales from our marketing account for 7 to 10% of all sales (based on Analytics data) and therefore is a sizeable amount of our day to day business. We could not continue to offer such a good range and the value-for-money without this marketing activity. It is therefore critical to our business.
3. The Balancing Test
New customers prior to the 25th May 2018, would likely have received one to two email newsletters per week. This is normal for us and those customers would expect this to continue. Due to the sales generated, these newsletters must be of value to our customers as they are receiving good offers and/or hearing about other products and services that they didn't necessarily know existed before. What's more, we really want to develop a relationship with our customers - they are important to us and we are important to them: as a shop specialising in products that help people with disabilities or who are getting old and just struggle with day-to-day issues like dressing, bathing or just picking up something they've dropped on the floor, people like to know that there are products that can help them maintain a level of dignity at home and therefore stay as independent as possible.
In no way would we ever intend to harm anyone in any way from our marketing. The data we use for our marketing has never and will never be used to discriminate, cause financial loss, reputational damage, loss of confidentiality nor professional secrecy. We value our customers rights and privacy so the data we gather from them is limited and is not used to harm in any way. We do recognise, however, that if we write to someone who has died that this may cause distress to a friend or relative. When we are notified of this, we do ensure that we do not market to this data again. All emails also carry an automatic unsubscribe link.
Over the years, we have gathered significant numbers of customer records that we keep securely. If we did not market ourselves to this database, there would be a significant commercial impact. At the time of writing, email marketing alone has accounted for 7.5% of sales in the last 30 days.
Considering that our customers respond well to our newsletters, we can only conclude that they also benefit from learning about new products and pricing that can help them. Today, for example, we received a reply to our newsletters asking if there was a device to hold a handy reacher on to a wheelchair. There is! But people don't know about all the products we sell - there are many thousands to browse through - so our newsletters do help to promote new products and help educate people who are caring for loved ones about what can help.
The data we are looking at here covers all customers and anyone who has opted to join our mailing lists up to the 25th May 2018. This data may cover individuals, care homes, schools, an NHS Trust, a local authority or other businesses. The data held for email marketing is only the name we use to greet the recipient and their email address. Similarly, for direct mail, we use the recipient name and their postal address. We do not use any GDPR Article 9 personal medical data for marketing.
The data we have is used regularly to maintain contact with our customers and they supplied this data originally. Any marketing can be unsubscribed from at any time (and this has always been the case). Our marketing is to the original data as supplied - we are not revealing any of this data to anyone else. As such, our newsletters are non-intrusive and are appropriate to each customer using a personal greeting wherever possible.
All our email newsletters carry a simple Unsubscribe link so at any point in the past, a customer could easily control whether we contact them or not. These easy Unsubscribe links will continue for all marketing under GDPR.
Further to being able to unsubscribe, we have regularly examined our data as an added safeguard. Every month, we examine inactive emails and do not continue to market to data that has not opened emails for 3 months or more.
We have carefully considered how we continue to market to our pre-25th May 2018 customer database after GDPR. And this is only about those older and established customers.
- We know and can evidence that many customers respond to this marketing
- The data used is not harmful in any way and we have plenty of evidence to demonstrate that customers respond positively to our marketing and indeed benefit from it
- We have always looked after customer data responsibly and have maintained it well by removing unsubscribers immediately, regularly removing hard bounces and people who just don't open emails
- The data we use for marketing is only from orders or people who have opted to join our mailing lists - we can demonstrate this
- We have been regularly marketing on a weekly, and sometimes twice-a-week basis for many years
- We have always offered an opt-out via a simple unsubscribe link on our email marketing
- We have only marketing products and services that are available on our website
As such, we have established a legal basis on which to continue to market to our pre-GDPR database on the grounds that our marketing is both beneficial to our customers and is commercially vital to our business.
From the 25th May 2018, we will only market to new customers who have specifically opted in.
By Jon Price
Responsible for marketing
Original tests and review completed: 14th May, 2018