GDPR is a European privacy law that replaces the 1995 Data Protection Directive. It marks the biggest change in data protection in 20 years. From the 25th May 2018, all UK and EU businesses will have to handle your data in compliance with GDPR. More specifically, it is Regulation (EU) 2016/619 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
With the explosion of the internet, more and more data is being created and stored all over the world. GDPR has been introduced to try and keep up with the phenomenal growth in data and is designed to make use of your personal data more transparent and put you in control. Fundamentally, everyone has a right to know how their personal data is used and the right to erase it. Co-operative Mobility has always taken personal data seriously and has never sold it to third parties. This means we're really happy to see this change in the law and we will be compliant with it.
What is Personal Data?
Your personal data is any information that relates to you - like your name, where you live and your contact details.
What is Data Processing?
A company like us processes data when we do something with it. For example, if we store or remove your data in our database, that's a process. If we need to refund you, we'll need to use your data. If we get in touch with you, we'll be using your personal data. Under GDPR, you have a right to know how a company will process your personal data.
We are a Data Controller
Co-operative Mobility decides how to use the personal data it collects so it is known as a Data Controller. We use your data to send orders and marketing emails. For want of a better phrase, under GDPR, our customers are known as data subjects.
Co-operative Mobility uses carefully selected Data Processors to help us run efficiently and provide the best shopping experience we can. For example, the search engine on our website uses a specialist processor which takes our data to make the most relevant search recommendations possible. We also upload only names and email addresses to an email newsletter system. Where we utilise other data processors, we make sure that your personal information continues to be protected under GDPR under legal agreements or by having these suppliers to ourselves sign up to a regulatory-approved privacy scheme (such as the "Privacy Shield" scheme in the USA).
Under GDPR you have new rights which include:
- The right to be forgotten - this is where any information we or our data processors hold is erased. We can erase everything except what we need to keep for UK Legal Purposes (e.g. proof of invoice and any VAT Relief claims)
- The right to object - for example, if you don't want to receive our email newsletters or don't like the way we're administrating your data, you can object to it
- The right to rectification - under GDPR, you can ask to update your personal data if it is incorrect or incomplete
- The right of access - this is where you have the right to know how your data is being used and why
You can contact us to exercise these rights with us.