General Data Protection Regulation (GDPR)
DATA PROTECTION POLICY
- At Wilde Ivy we respect your personal privacy and we are committed to adhering to applicable privacy and data protection laws and business guidelines. This internal privacy and data protection policy ("Privacy and Data Protection Policy") describe how Wilde Ivy handles the information accumulated and provided to us. This following policy outlines the procedures for managing and securing personal data relevant to the business with specific observance of the General Data Protection Regulation (“GDPR”) of the European Union.
The following policy applies to all Wilde Ivy business sections and all the employees, employed in all our business units.
- EU General Data Protection Regulation
The Company is subject to the 1995 European Union (“EU”) Directive on Data Protection (“1995 Data Protection Directive”), which requires EU member states to impose minimum restrictions on the collection and use of personal data. The EU member state regulations establish several obligations that organisations must follow with respect to use of personal data, including a prohibition on the transfer of personal information from the EU to other countries whose laws do not protect personal data to an adequate level of privacy or security.
The GDPR comes into effect in 2018 and extends the scope of the EU data protection law to all companies processing data of EU residents. It provides for a harmonisation of the data protection regulations throughout the EU. It imposes a strict data protection compliance regime with severe penalties, e.g. up to 4% Group worldwide turnover or €20 million for breaches or 2% Group worldwide turnover for lack of documentation, and includes new rights such as the “portability” of personal data.
“Data Protection” is defined as the protection of Personal Data relating to any living individual (“Data Subject”) whilst in the possession of an organisation (“Data Controller”). There are multiple legal and business requirements to keep this data ‘safe, secure and accurate’.
“Data Processor” is any person that uses the personal data under the control of a Data Controllers for any reason, e.g. hold, use, amend, delete.
“Data Breach” occurs when personal data leaves the (direct or indirect) control of the Data Controller, e.g. lost / stolen laptop, phone or other electronic device, e-mail sent to incorrect person, unauthorised disclosure of database containing personal information, loss of data by authorised contractor, misplaced paperwork.
"Personal Data" means data relating to any living individual which is capable of being used to identify that specific Data Subject. Two pieces of non-personal data, when put together, may also become personal data, if it can lead to the identification of any Data Subject. Personal Data may comprise special / financial data, e.g. bank account details, passwords, or information relating to age, sex, race, religion, disability, sexual orientation, trade union membership.
Personal data should not be transferred out of the country of origin except where the receiving country or organisation can guarantee a sufficient level of protection for the data. The Data Controller remains legally responsible for the data, at all times.
Principles of Data Protection
- Procure and manage the information fairly;
- Ensure that it’s only for one or more lawful and specified purposes;
- Process it only in ways agreeable with the aims for which it was originally obtained;
- Ensure that the data is secure and safe, implementing security measures against unauthorised access, amendments, exposure or elimination of data;
- Retained data should be accurate, complete and up-to-date;
- Ensure that the data is sufficient, relevant and not disproportionate;
- Keep it no longer than is required for the specified purpose; and
- Upon request ensure that the data held on an individual is given to them in its entirety.
5.1 Personal Data must be kept: a) Safe; b) Secure; and c) Accurate.
- Safe = IT security, databases and electronic devices password protected and encryptions on all data (where possible) – secure from unauthorised access, disclosure or destruction.
- Secure = what was the purpose of originally collecting the data? Is that purpose still relevant? Is the personal data in current usage by the company? Has the individual given permission to the company to continue holding the personal data? Is it capable of being searched, retrieved and amended / deleted, if required?
- Accurate = up to date and in order, across all databases.
5.2 Wilde Ivy employees may report any violations or direct questions regarding the policy to:
This policy may be changed at any time. We encourage you to frequently look at this policy for any changes and updates. Any breach of this policy that may occur will be taken seriously and may result in disciplinary action up to and including termination of employment.
- Wilde Ivy is committed to giving you with the best online experience while visiting the company’s website (the “Website”). To accomplish this, we apply our own and standard third party cookies to obtain data about your online behaviour while you on visiting the Website, and we also record how regularly you use the Website.
If you do not wish to accept this Policy please do not continue to use the Website.
How do we use your personal information?
The order information that we compile is mainly used to fulfil any orders which are placed through the Site (including processing your payment information, organising shipping, and providing you with invoices and/or order confirmations). Also, we use this order information to:
a. Connect with you;
b. Scan our orders for possible risk or fraud;
c. Provide you with information or advertising relating to our services or products, based on preferences that you have shared with us. d. We generally use the information to improve and optimise our site.
How to manage cookies
If you do not want us to track data through our cookies you can configure your browser to reject cookies. If you want to do so, please refer to your Internet browser’s user guidance to find out how to delete and reject cookies. Note that the rejection of cookies may impact your user experience on the Website and restrict you from utilising certain site functionalities.
Cookies used on website
The Website may contain links to third party websites. Please note that if you do move onto a link to any of these third party websites please be aware that these websites have their own cookies and privacy polices and that we do not take any responsibility or liability for these policies. It is important that you check these policies prior to you submitting any personal information to these third party websites.
Changes to this Policy
Please note that any amendments that we may make to our Policy in the future will be posted on this page.
If you have any questions, comments and requests regarding this Policy- Please contact us contact us »