Our registered office is at Rent My Wardrobe, Rooskey, Creeslough, Co.Donegal, F92R2015
This notice describes how we
collect, store, transfer and use personal data. It tells you about your privacy
rights and how the law protects you.
In the context of the law and this notice,
‘personal data’ is information that clearly identifies you as an individual or
which could be used to identify you if combined with other information. Acting
in any way on personal data is referred to as ‘processing’.
This notice applies to personal
data collected through our website and through social media platforms and
online retail platforms, including [names of websites, e.g. Facebook,
Instagram, Twitter, Etsy, eBay and Amazon].
Except as set out below, we do
not share, or sell, or disclose to a third party, any information collected
through our website.
Data Protection Officer
We have appointed a data
protection officer (‘DPO’) who is responsible for ensuring that our privacy
policy is followed.
If you have any questions about
how we process your personal data, including any requests to exercise your
legal rights, please contact our DPO, Victoria Toye at firstname.lastname@example.org
Personal data we process
1. How we obtain personal
we process about you includes information:
· you have directly provided to
· that we gather from third party
databases and service providers
· as a result of monitoring how
you use our website or our services
2. Types of personal data we
When you use our
services or buy from us,we ask you to provide personal data. This
can be categorised into the following groups:
· personal identifiers, such as
your first and last names, your title and your date of birth
· contact information, such as
your email address, your telephone number and your postal addresses for
billing, delivery and communication
· account information, including
your username and password
· payment information, such as a
debit or credit card number and expiry date and bank account details
· records of communication
between us including messages sent through our website, email messages and
· marketing preferences that tell
us what types of marketing you would like to receive
In addition, we may
· documentation that confirms your
identity, such as an image of your passport or driver’s licence
· an image that shows your face,
such as a passport photograph
· documentation that confirms the
qualifications you advertise as holding
· documentation that confirms your
employment, such as recent payslips
· documentation that confirms your
address, such as a tenancy agreement or rental contract
3. Types of personal data we
collect from third parties
We confirm some of the information you provide to us
directly using data from other sources. We also add to the information we hold
about you, sometimes to remove the need for you to provide it to us and
sometimes in order to be able to assess the quality of the services you offer.
The additional information we collect can be
categorised as follows:
· information that confirms your
· business information, including
your business trading name and address, your company’s registered number (if
incorporated), and your VAT number (if registered)
· information that confirms your
· reviews and feedback about your
business on other websites through which you sell your services
· unsolicited complaints by other
4. Types of personal data we
collect from your use of our services
By using our website and our services, we process:
· your username and password and
other information used to access our website and our services
· information you contribute to
our community, including reviews
· your replies to polls and
· technical information about the
hardware and the software you use to access our website and use our services,
including your Internet Protocol (IP) address, your browser type and version
and your device’s operating system
· usage information, including
the frequency you use our services, the pages of our website that you visit,
whether you receive messages from us and whether you reply to those messages
· transaction information that
includes the details of the products services you have bought from us and
payments made to us for those services
· your preferences to receive
marketing from us; how you wish to communicate with us; and responses and
actions in relation to your use of our services.
5. Our use of aggregated
We may aggregate anonymous
information such as statistical or demographic data for any purpose. Anonymous
information is that which does not identify you as an individual. Aggregated
information may be derived from your personal data but is not considered as
such in law because it does not reveal your identity.
For example, we may aggregate usage
information to assess whether a feature of our website is useful.
However, if we combine or connect
aggregated information with your personal data so that it can identify you in
any way, we treat the combined information as personal data, and it will be
used in accordance with this privacy notice.
6. Special personal data
Special personal data is data about
your race or ethnicity, religious or philosophical beliefs, sex life, sexual
orientation, political opinions, trade union membership, information about your
health and genetic and biometric data.
It also includes
information about criminal convictions and offences.
We do not
collect any special personal data about you.
We may collect
special personal data about you if there is a lawful basis on which to do so.
7. If you do not provide
personal data we need
Where we need to collect personal
data by law, or under the terms of a contract we have with you, and you fail to
provide that data when requested, we may not be able to perform that contract.
In that case, we may have to stop
providing a service to you. If so, we will notify you of this at the time.
The bases on which we process information about you
The law requires us to
determine under which of six defined bases we process different categories of
your personal data, and to notify you of the basis for each category.
If a basis
on which we process your personal data is no longer relevant then we shall
immediately stop processing your data.
basis changes then if required by law we shall notify you of the change and of
any new basis under which we have determined that we can continue to process
8. Information we process
because we have a contractual obligation with you
When you create an account on our
website, buy a product or service from us, or otherwise agree to our terms and
conditions, a contract is formed between you and us.
In order to carry out our
obligations under that contract we must process the information you give us.
Some of this information may be personal data.
We may use it in order to:
· verify your identity for
security purposes when you use our services
· sell products to you
· provide you with our services
· provide you with suggestions
and advice on products, services and how to obtain the most from using our
We process this information on the
basis there is a contract between us, or that you have requested we use the
information before we enter into a legal contract.
We shall continue to process this
information until the contract between us ends or is terminated by either party
under the terms of the contract.
9. Information we process
with your consent
Through certain actions when
otherwise there is no contractual relationship between us, such as when you
browse our website or ask us to provide you more information about our
business, our products and services, you provide your consent to us to process
information that may be personal data.
Wherever possible, we aim to obtain
your explicit consent to process this information, for example, we ask you to
agree to our use of non-essential cookies when you access our website.
If you have given us explicit
permission to do so, we may from time to time pass your name and contact
information to selected associates whom we consider may provide services or
products you would find useful.
We continue to process your
information on this basis until you withdraw your consent or it can be
reasonably assumed that your consent no longer exists.
You may withdraw your consent at
any time by instructing us at email@example.com. However,
if you do so, you may not be able to use our website or our services further.
We aim to obtain and keep your
consent to process your information. However, while we take your consent into
account in decisions about whether or not to process your personal data, the
withdrawal of your consent does not necessarily prevent us from continuing to
process it. The law may allow us to continue to process your personal data,
provided that there is another basis on which we may do so. For example, we may
have a legal obligation to do so.
10. Information we process for
the purposes of legitimate interests
We may process information on the
basis there is a legitimate interest, either to you or to us, of doing so.
Where we process your information
on this basis, we do after having given careful consideration to:
· whether the same objective
could be achieved through other means
· whether processing (or not
processing) might cause you harm
· whether you would expect us to
process your data, and whether you would, in the round, consider it reasonable
to do so
For example, we may process your
data on this basis for the purposes of:
· improving our services
· record-keeping for the proper
and necessary administration of rentmywardrobe.ie
· responding to unsolicited
communication from you to which we believe you would expect a response
· preventing fraudulent use of
· exercising our legal rights,
including to detect and prevent fraud and to protect our intellectual property
· insuring against or obtaining
professional advice that is required to manage rentmywardrobe.ie risk
· protecting your interests where
we believe we have a duty to do so
11. Information we process because
we have a legal obligation
Sometimes, we must process your
information in order to comply with a statutory obligation.
For example, we may be required to
give information to legal authorities if they so request or if they have the
proper authorisation such as a search warrant or court order.
This may include your personal
12. Information we process to
protect vital interests
In situations where processing
personal information is necessary to protect someone’s life, where consent is
unable to be given and where other lawful bases are not appropriate, we may
process personal information on the basis of vital interests.
For example, we may inform
relevant organisations if we have a safeguarding concern about a vulnerable
How and when we process your personal data
13. Your personal data is not
We do not share or disclose to a
third party, any information collected through our website.
14. Information you provide
Our website allows you to post
information with a view to that information being read, copied, downloaded, or
used by other people.
For example, when you leave a
review or post a message on our website, we reasonably assume that you consent
for the message to be seen by others. We may include your username with your
message, and your message may contain information that is personal data.
Other examples include:
· tagging an image
· clicking on an icon next to
another visitor’s message to convey your agreement, disagreement or thanks
In posting personal data, it is up
to you to satisfy yourself about the privacy level of every person who might
We do not specifically use this
information except to allow it to be displayed or shared.
We do store it, and we reserve a
right to use it in the future in any way we decide.
We provide you with a public
profile page, the information on which may be indexed by search engines or used
by third parties. The information you provide on that profile page may be made
available to the public.
Once your information enters the
public domain, we have no control over what any individual third party may do
with it. We accept no responsibility for their actions at any time.
Provided your request is reasonable
and there is no legal basis for us to retain it, then at our discretion we may
agree to your request to delete personal data that you have posted. You can
make a request by contacting us at firstname.lastname@example.org
15. Payment information
We store information about your debit or credit card or
other means of payment when you first provide it to us.
We store this payment information [at your request] in order
to make repeat purchasing of goods and services easier next time you visit our
[We also store it to help us prevent fraud.]
We take the following measures to protect your payment information:
· We keep your
payment information encrypted on our servers.
· We do not
keep all your payment information so as:
a) to prevent
the possibility of our duplicating a transaction without a new instruction from
b) to prevent
any other third party from carrying out a transaction without your consent
· Access to
your payment information is restricted to authorised staff only.
· If we ask
you questions about your payment information, we only show [partial detail OR
the first four OR the last four digits of the debit or credit card number], so
that you can identify the means of payment to which we refer.
We automatically delete your payment information [after X
days OR when a credit or debit card expires].
Payment information is never taken by us or transferred to
us either through our website or otherwise. Our employees and contractors never
have access to it.
At the point of payment, you are transferred to a secure
page on the website of [WorldPay / Opayo / PayPal / MoneyBookers / Stripe] or
some other reputable payment service provider. That page may be branded to look
like a page on our website, but it is not controlled by us.
16. Direct Debit information
When you agree to set up a
Direct Debit arrangement, the information you give to us is passed to our own
bank [name of bank] for processing according to our instructions. We [do / do
not] keep a copy.
[We keep this information only
for the duration of the Direct Debit arrangement.]
17. Job application and
If you send us information in
connection with a job application, we may keep it for up to three years in case we decide to contact you at a
If we employ you, we collect
information about you and your work from time to time throughout the period of
your employment. This information will be used only for purposes directly
relevant to your employment. After your employment has ended, we will keep your
file for six years before destroying or
18. Information obtained from
Although we do not disclose your
personal data to any third party (except as set out in this notice), we
sometimes receive data that is indirectly made up from your personal data from
third parties whose services we use.
No such information is
personally identifiable to you.
19. Third party advertising on
Third parties may advertise on our
website. In doing so, those parties, their agents or other companies working
for them may use technology that automatically collects information about you
when their advertisement is displayed on our website.
They may also use other technology
performance of their adverts.
We do not have control over these
technologies or the data that these parties obtain. Accordingly, this privacy
notice does not cover the information practices of these third parties.
20. Credit reference
To assist in combating fraud, we
share information with credit reference agencies, so far as it relates to
clients or customers who instruct their credit card issuer to cancel payment to
us without having first provided an acceptable reason to us and given us the
opportunity to refund their money.
21. Disputes between users
In the event of a dispute between
you and another user, provided that you consent, we may share your basic
personal data, business information and contact information with the other
At our discretion, we may share
other information to enable the dispute to be resolved through litigation or
alternative dispute resolution methods.
22. Service providers and
We may share your personal data
with businesses that provide services to us, or with business partners.
· we may pass your payment
information to our payment service provider to take payments from you
· we may use fraud prevention
agencies and credit reference agencies to verify your identity and we may pass
your information to those agencies if we strongly suspect fraud on our website
· we may pass your contact
information to advertising agencies to use to promote our services to you
23. Referral partners
This is information given to us by
you in your capacity as an affiliate of us or as a referral partner.
It allows us to recognise visitors
that you have referred to us, and to credit to your commission due for such
referrals. It also includes information that allows us to transfer commission
The information is not used for any
We undertake to preserve the
confidentiality of the information and of the terms of our relationship.
We expect any affiliate or partner
to agree to reciprocate this policy.
Use of information we collect through automated systems
Cookies are small text files that are placed on your
computer's hard drive by your web browser when you visit a website that uses
them. They allow information gathered on one web page to be stored until it is
needed for use at a later date.
They are commonly used to provide you with a
personalised experience while you browse a website, for example, allowing your
preferences to be remembered.
They can also provide core functionality such as
security, network management, and accessibility; record how you interact with
the website so that the owner can understand how to improve the experience of
other visitors; and serve you advertisements that are relevant to your browsing
Some cookies may last for a defined period of time,
such as one visit (known as a session), one day or until you close your
browser. Others last indefinitely until you delete them.
Your web browser should allow you to delete any cookie
you choose. It should also allow you to prevent or limit their use. Your web
browser may support a plug-in or add-on that helps you manage which cookies you
wish to allow to operate.
The law requires you to give explicit consent for use
of any cookies that are not strictly necessary for the operation of a website.
When you first visit our
accept them, we shall not use them for your visit except to record that you
have not consented to their use for any other purpose.
or you prevent their use through your browser settings, you may not be able to
use all the functionality of our website.
· to track how you use our
· to record whether you have seen
specific messages we display on our website
· to keep you signed in to our
· to record your answers to
surveys and questionnaires on our site while you complete them
· to record the conversation
thread during a live chat with our support team
[We provide more information about the cookies we
25. Personal identifiers from
your browsing activity
Requests by your web browser to our
servers for web pages and other content on our website are recorded.
We record information such as your
geographical location, your Internet service provider and your IP address. We
also record information about the software you are using to browse our website,
such as the type of computer or device and the screen resolution.
We use this information in
aggregate to assess the popularity of the webpages on our website and how we
perform in providing content to you.
If combined with other information
we know about you from previous visits, the data possibly could be used to
identify you personally, even if you are not signed in to our website.
Re-marketing involves placing a
‘tracking technology’ such as a cookie, a ‘web beacon’ (also known as an
‘action tag’ or a ‘single-pixel GIF’) to track which pages you visit and to
serve you relevant adverts for our services when you visit some other website.
The benefit of re-marketing
technology is that we can provide you with more useful and relevant adverts,
and not show you ones repeatedly that you may have already seen.
We may use a third-party
advertising service to provide us with re-marketing services from time to time.
If you have consented to our use of such tracking technologies, you may see
advertisements for our products and services on other websites.
We do not provide your personal
data to advertisers or to third-party re-marketing service providers. However,
if you are already a member of a website whose affiliated business provides
such services, that affiliated business may learn of your preferences in
relation to your use of our website.
27. Your rights
The law requires us to tell you
about your rights and our obligations to you in regard to the processing and
control of your personal data.
We do not sell products or
provide services for purchase by children, nor do we market to children.
areas of our website are designed for use by children over  years of age.
These areas include [description or name or areas designed for children.
If you are under 18, you may use
our website only with consent from a parent or guardian.
We collect data about all users
of and visitors to these areas regardless of age, and we anticipate that some
of those users and visitors will be children.
29. Encryption of data sent
We use Secure Sockets Layer (SSL) certificates to verify our
identity to your browser and to encrypt any data you give us.
Whenever information is transferred between us, you can
check that it is done so using SSL by looking for a closed padlock symbol or
other trust mark in your browser’s URL bar or toolbar.
30. Delivery of services using
third party communication software
With your consent, we may
communicate using software provided by a third party such as Facebook
(WhatsApp), Apple (Facetime), Microsoft (Skype) or Zoom Video Communications
Such methods of communication
should secure your personal data using encryption and other technologies. The
providers of such software should comply with all applicable privacy laws,
rules, and regulations, including the GDPR.
If you have any concerns about using a particular software
for communication, please tell us.
31. Data may be processed
outside the European Union
Our websites are hosted in Ireland.
We may also use outsourced services
in countries outside the European Union from time to time in other aspects of
Accordingly data obtained within Ireland
or any other country could be processed outside the European Union.
We use the following safeguards
with respect to data transferred outside the European Union:
processor is within the same corporate group as our business or organisation
and abides by the same binding corporate rules regarding data processing.
· the data
protection clauses in our contracts with data processors include transfer
clauses written by or approved by a supervisory authority.
· we comply
with a code of conduct approved by a supervisory authority.
· we are certified under an
approved certification mechanism as provided for in the Act.
· both our organisation and the
processor are public authorities between whom there is either a legally binding
agreement or administrative arrangements approved by a supervisory authority
relating to protection of your information.
32. Control over your own
It is important that the personal
data we hold about you is accurate and up to date. Please inform us if your
personal data changes.
At any time, you may contact us
to request that we provide you with the personal data we hold about you.
any time you may review or update personally identifiable information that we
hold about you, by signing in to your account on our website.
obtain a copy of any information that is not provided on our website you should
contact us to make that request.
When we receive any request to
access, edit or delete personal data we first take reasonable steps to verify
your identity before granting you access or otherwise taking any action. This
is important to safeguard your information.
Please be aware that we are not
obliged by law to provide you with all personal data we hold about you, and
that if we do provide you with information, the law allows us to charge for
such provision if doing so incurs costs for us. After receiving your request,
we will tell you when we expect to provide you with the information, and
whether we require any fee for providing it to you.
If you wish us to remove personally
identifiable information from our website, you should contact us to make your
This may limit the service we can
provide to you.
We remind you that we are not
obliged by law to delete your personal data or to stop processing it simply
because you do not consent to us doing so. While having your consent is an
important consideration as to whether to process it, if there is another
legitimate basis on which we may process it, we may do so on that basis.
33. Communicating with us
When you contact us, whether by
telephone, through our website or by email, we collect the data you have given
to us in order to reply with the information you need.
We record your request and our
reply in order to increase the efficiency of our business
We do not keep any personally
identifiable information associated with your message, such as your name or
We may keep personally identifiable
information associated with your message, such as your name and email address
so as to be able to track our communications with you to provide a high quality
If you are not happy with our
You can find further information about our complaint
handling procedure at rentmywardrobe.ie
When we receive a complaint, we
record the information you have given to us on the basis of consent. We use
that information to resolve your complaint.
We aim to investigate all
complaints relating to user generated content. However, we may not be able to
do so as soon as a complaint is made. If we feel that it is justified or if we
believe that the law requires us to do so, we shall remove the content while do
Making a complaint may not
result in the removal of the content. Ultimately, we have to make a judgment as
to whose right will be obstructed: yours, or that of the person who posted the
content that offends you.
If we think your complaint is
vexatious or without any basis, we shall not correspond with you about it.
If your complaint reasonably
requires us to notify some other person, we may decide to give to that other
person some of the information contained in your complaint. We do this as
infrequently as possible, but it is a matter for our sole discretion whether we
do give information, and if we do, what that information is.
We may also compile statistics
showing information obtained from this source to assess the level of service we
provide, but not in a way that could identify you or any other person.
If a dispute is not settled then we
hope you will agree to attempt to resolve it by engaging in good faith with us
in a process of mediation or arbitration.
If you are in any way dissatisfied
about how we process your personal data, you have a right to lodge a complaint
with the Data Protection Commission (DPC). This can be done at https://www.dataprotection.ie/docs/complaints/1592.htm.
We would, however, appreciate the opportunity to talk to you about your concern
before you approach the DPC.
35. Retention period
Except as otherwise mentioned in
this privacy notice, we keep your personal data only for as long as required by
· to provide you with the
services you have requested
· to comply with other law,
including for the period demanded by our tax authorities
· to support a claim or defence
36. Compliance with the law
the law in Ireland, specifically with the Data Protection Act 2018 (the ‘Act’)
accordingly incorporating the EU General Data Protection Regulation (‘GDPR’)
and the European Communities (Electronic Communications Networks and Services)
(Privacy and Electronic Communications) Regulations 2011.
37. Review of this privacy
We shall update this privacy
notice from time to time as necessary.
the rights and obligations regarding protection of an individual’s personal
data, in the EU Data Protection Directive (95/46/EC), implemented as the
General Data Protection Regulation, or the GDPR, are written in the Data
Protection Act 2018 (the ‘DPA’ or the ‘Act’). In addition to the DPA, if you
communicate by electronic messages, you also need to comply with the European
Communities (Electronic Communications Networks and Services) (Privacy and
Electronic Communications) Regulations 2011.
under the DPA are similar in extent to prior data protection law in Ireland. If
your business complies with prior law, then the changes you need to make are
likely to be small.
possible implications for non-compliance are now much more severe. In theory,
the Data Protection Commission (DPC) has the power to fine a business 4% of its
annual worldwide turnover.
regarding selling to consumers we believe that the DPC in practice is unlikely
to fine many small businesses and organisations without having first given a
warning. Having a privacy notice (such as one based on this template) that
shows some effort to comply with the law is likely, in our opinion, to generate
enough goodwill with the DPC to avoid a fine in the first instance.
your website privacy notice is not the only requirement for compliance with the
DPA or GDPR. You are also likely to need to change how customers and visitors
can access personal data held about them, and create new procedures for
obtaining compliance to collect and use personal data.
also need to update other legal documents, in particular, your website terms
Using this template as the basis for your privacy
easy to understand and easily accessible.
think that a document stretching to 19 pages is not concise, but much of it can
be deleted when applying it to your business.
this template free as an example of a Net Lawman document. We hope that you
like it, and that you may buy other documents and services from us in the
of the price, we assert our copyright in the document. Our standard licence
terms apply. While you may not distribute the template without including our
copyright, you may remove our copyright
notice from the footer of the version you edit and use.
Paragraph specific notes
Numbered notes refer to specific numbered
paragraphs in the template.
of the owner of the website
The Act requires that you identify the
business or the organisation that operates the website. Using the domain name
as the business name is technically not enough. You need to provide a business
or organisation name and an address.
In practice, you may decide that you do not
want to provide your name and address (for your own privacy reasons). You may
be more likely to get away with doing this if you don’t trade from your website
and if you provide a reliable means of contact.
The aim of the introduction is to explain
the purpose of the document, the key terms ‘process’ and ‘personal data’ and
the scope of the document (whether it applies to data just processed as a
result of interaction with your website and/or with other websites).
Unless your organisation processes large
volumes of personal data, you are unlikely to be required to appoint a data
If you have nominated an individual, you may
mention him or her in this paragraph.
Otherwise, you can delete this section.
Personal data we process
1 How we obtain personal data
The Act only applies to personal data.
This section introduces the next 3 sections. Delete the bullet
points that don’t apply.
2 Types of personal data we collect
You need to edit this paragraph so that it applies to your website.
We have given common examples of types of personal data that are collected. If
any don’t apply, delete them.
3 Types of personal data we collect from
4 Types of personal data we collect from
use of our services
You may not collect the first three, but you are likely to collect
the last four, even if you are not aware now that you do so. Web servers tend
to log information to which you could have access.
5 Our use of aggregated information
We suggest leaving this section unedited.
6 Special personal data
If you process certain types of personal data, you are required to
disclose that you do so.
Use either the first sentence or the last one.
7 If you do not provide the personal data
This is a reminder to your customer or visitor that you may not be
able to provide services if you are not given information.
bases on which we process information about you
The following relates to sections 8 to 12.
A requirement of the Act is that you tell the
data subject why you process the data and which legal basis you have chosen to
use as the justification to process his or her data.
Most websites will process different types of
data on different bases. The two most likely to apply are ‘Contract’ (after the
visitor has accepted your terms and conditions) and ‘Consent’ (after the
visitor has agreed to your use of his or her data – usually by taking some
affirmative action such as clicking on a button). Some data may also be processed
because of a Legal Obligation or a Legitimate Interest. In a few cases, Vital
Interests may be used.
The reasons why you process the data arise as a
result of the basis. If there is a contract, there is a contractual obligation
to carry out the service. If the basis is Consent, then there will probably be
some benefit to the data subject of you using the information.
You may want to edit these sections in minor
ways (certainly where we have highlighted in blue).
More importantly, you should make design
changes to how your website works so as to obtain explicit consent, or have a
visitor agree to your terms earlier in your relationship.
websites, Contract is the strongest basis for processing. If you can design
your website experience such that a visitor agrees to your terms early on,
before providing personal data, you will have fewer grounds for complaints. For
example, you might reduce the requirement to provide detailed information when
a visitor registers a basic account on your website, but place more content or
functionality in an area of the website that requires the visitor to have such
an account. At the registration point, the visitor must tick a box to say that
he or she has read and agrees to your terms and conditions.
If you are
relying on consent, then you might design a banner to appear when a visitor
first arrives at your site (for example, encouraging him or her to read your
action needs to be taken by the visitor when agreeing to anything – pre-ticked
boxes or close buttons don’t count as affirmative action.
Interests is a basis that is fairly subjective. For it to be used, you must
have decided that there is a legitimate interest, that processing the data is
necessary to protect that interest, and that the data subject’s interests (or
other interests) do not override it. In some circumstances, it is most
appropriate, but if possible, we would recommend using Contract or Consent as
better alternatives. The reason is simply that the data subject is less likely
to complain if he or she has clearly asked you to process his or her data.
Interests is unlikely to be necessary to include, unless you work with, or
could be involved with, potentially vulnerable people.
subjects have a legal right to see the personal data you hold about them. You
need both an internal process as to how to provide this, and a means for the
data subject to request the information.
If the data
subject is a registered visitor, then providing his or her data in an account
area is a good way of providing this data. You can also provide a way of giving
Consent to use of the data in the same place.
If the data
subject does not have an account, then you should give either an e-mail address
or a physical address to which the data subject can send a request for his or
her information (one of the reasons for including your address at the top of
each basis you need to state when you stop processing the data. We suggest that
you don’t edit our text.
when we process your personal data
13 Your personal data is not shared
If you don’t share any data, leave
this paragraph in place. Otherwise (as for most website owners), delete it.
14 Information you provide
This section serves as a reminder
that information that a visitor posts on your website may be available for
public viewing, and that you cannot be held responsible if someone else copies
it and uses it without the author’s permission.
You should provide a way for
someone to contact you and request that content is removed. This could be as
simple as an e-mail address.
15 Payment information
There are two options here. Delete
whichever is not relevant.
The first covers the situation
where you do record card information. You should edit the ‘measures to protect
your information’ so that they are relevant to your business.
The second covers the situation
where card information stays with the payment service provider.
If you don’t take payment at all,
of course delete this p