Data protection primerAdded: 12th May 2015
Category: Expert AdviceWhen handling personal information, such as the contact details for your customers, you need to remain compliant with the Data Protection Act. Failure to do so could result in a large fine. As customer data is jointly owned by Skiddle, we may also terminate your data sharing agreement if you are found to be breaching the DPA.
The act has 8 principles, here we'll explain briefly how these may apply to you to make things easier:
- Personal data shall be processed fairly and lawfully
Customers are purchasing tickets from you (or registering for an event) and during this process they consent to sharing their contact information, via our Terms and Conditions. Your obligations are to ensure that once you have access to this data, you use it lawfully - the main requirement is to ensure you do not share it with any third parties without consent.
- Used for limited, specifically stated purposes
You must only use this data in connection with the purpose you collected it for (eg to promote and run your events). You should not, therefore, sell the data or use it for another unrelated business.
- Used in a way that is adequate, relevant and not excessive
We only collect the basic contact information, which is relevant to the order being placed.
- Personal data shall be accurate
Data is input by the customer themselves, which should ensure it is accurate at time of purchase. After you have downloaded customer data, you should have a method to allow customers to update their details in your own system should they wish (eg your mailing list).
- Kept for no longer than necessary
If you stop running events or no longer need the data, you should delete the data you have collected. If a customer asks for their data to be deleted, you should do so.
- Handled according to people's data protection rights
Anyone on your customer data lists has the right to access, amend or delete the data. You should ensure that if a customer requests their data is deleted, you act upon this immediately.
- Kept safe and secure
You should never allow access to customer data to third parties. You must keep the data secure, this includes when in transit. Do not send customer data over email unless it is strongly encrypted and protected by password. Never upload customer data to a third party website without using HTTPS secure connection. Do not leave data on laptops or mobile phones without password protection.
- Not transferred outside of the EU without adequete protection
Be careful about where you store your data (eg in the cloud) as countries outside of the EU may not comply with the required data protection standards. You should check where your mailing list provider is situated.
Please note, we are not legal advisors, please always seek advice from a solicitor or legal professional if you are unsure of your legal obligations.
article categories
Added: 12th May 2015
Category: Expert Advice
When handling personal information, such as the contact details for your customers, you need to remain compliant with the Data Protection Act. Failure to do so could result in a large fine. As customer data is jointly owned by Skiddle, we may also terminate your data sharing agreement if you are found to be breaching the DPA.
The act has 8 principles, here we'll explain briefly how these may apply to you to make things easier:
- Personal data shall be processed fairly and lawfully
Customers are purchasing tickets from you (or registering for an event) and during this process they consent to sharing their contact information, via our Terms and Conditions. Your obligations are to ensure that once you have access to this data, you use it lawfully - the main requirement is to ensure you do not share it with any third parties without consent. - Used for limited, specifically stated purposes
You must only use this data in connection with the purpose you collected it for (eg to promote and run your events). You should not, therefore, sell the data or use it for another unrelated business. - Used in a way that is adequate, relevant and not excessive
We only collect the basic contact information, which is relevant to the order being placed. - Personal data shall be accurate
Data is input by the customer themselves, which should ensure it is accurate at time of purchase. After you have downloaded customer data, you should have a method to allow customers to update their details in your own system should they wish (eg your mailing list). - Kept for no longer than necessary
If you stop running events or no longer need the data, you should delete the data you have collected. If a customer asks for their data to be deleted, you should do so. - Handled according to people's data protection rights
Anyone on your customer data lists has the right to access, amend or delete the data. You should ensure that if a customer requests their data is deleted, you act upon this immediately. - Kept safe and secure
You should never allow access to customer data to third parties. You must keep the data secure, this includes when in transit. Do not send customer data over email unless it is strongly encrypted and protected by password. Never upload customer data to a third party website without using HTTPS secure connection. Do not leave data on laptops or mobile phones without password protection. - Not transferred outside of the EU without adequete protection
Be careful about where you store your data (eg in the cloud) as countries outside of the EU may not comply with the required data protection standards. You should check where your mailing list provider is situated.
Please note, we are not legal advisors, please always seek advice from a solicitor or legal professional if you are unsure of your legal obligations.
