Privacy & GDPR
We value your privacy!
Everyone is talking about GDPR Compliance at the moment and we want to make sure that you stay with us when the legislation is enforced on 25th May 2018.
To ensure that you still receive news about our upcoming models please re-subscribe to our new mailing list using the button below.
As part of the new compliance, you will receive an opt-in email to the email address you register in order to confirm that you, as the account owner, have given us permission to send you news from Airspotters.com to your inbox and not some third party.
Please confirm your subscription on this follow up email to be included in our mailing list.
To re-subscribe please CLICK HERE
12 points on what GDPR means for YOU and Airspotters
We are already registered with the ICO as every company handling data has to be registered.
Here is what we are doing to comply
Peter and myself are fully aware thats GDPR is coming into effect this May 2018
2: DOCUMENTATION WE HOLD
We only hold physical documentation to enable us to process your order. Data on our computers is held within our web server and is behind a secure firewall. Customer create their own accounts we never create and account unless given express permission to do so. Customers have full access to their accounts and can see the data held within there account there is no hidden data.
3: COMMUNICATING PRIVACY INFORMATION
We collect data (example when you place an order) and use that data to process your order. We need an address for example otherwise we do not know where to post the order. All data we collect at the time of order is only used to process the order. If you sign up for the newsletter at time of placing an order then you consent to us contacting you with future offers we do not add you unless you consent. We do not sell or pass on your information to anyone it remains private between you and us. However we will disclose information to authorities (examples are HMRC, Police) on production of necessary paperwork (warrants)
4: INDIVIDUALS RIGHTS
The GDPR includes the following rights for individuals:
the right to be informed (we will keep you informed of anything that might affect your privacy)
the right of access (You have full right of access and can see all your data when you sign into your account)
the right to rectification (We will put right anything wrong)
the right to erasure (We will delete or you can delete your account)
the right to restrict processing (we only process what we have to in order to send an order)
the right to object (we did something wrong then tell us)
the right not to be subject to automated decision-making including profiling. (This doesn't apply to us we never send you a model you didn't order for example)
Any questions on the above please email Malcolm on email@example.com
5: SUBJECT ACCESS REQUEST
We can let you know what details we hold by emailing Malcolm on the above email or log into your account as all the details are shown here. There is a one month time scale to do this in and we would ideally like to do it in a shorter time frame. We can refuse a request if we feel it is excessive that is to say requested constantly where no data has changed. We would let you know why we are refusing but would only do so in extreme circumstances.
6: LAWFUL BASES FOR PROCESSING DATA
Airspotters.com is a registered business with ICO, HMRC, and has a valid business registered certificate. We have legal and binding rules thats we have to abide too. One example we have to submit a tax return showing our yearly profit and loss to the HMRC. We have to keep detailed records of sales so they are there to prove the sales actually took place. HMRC may need to see detailed records of sales and therefore we will keep these records on file. All records and files are securely deleted after the HMRC period of retention expires.
By placing an order on our website you consent in us processing this order and keeping your details on your account that you created at the time of the order. If you don't wish to keep details you can opt out and use our guest checkout facility. We will not add you to our newsletter unless you subscribe and click the opt in confirmation email. We do not sell or pass your details as we stated before and decline any company thats makes an offer for such data.
We are unable to accept order from children under the age of 13 UK (16 rest of the world) and a parent or guardian must complete the sale . If we suspect the person is under the age of 13 then we will cancel the order and refund the payment and delete all data with immediate effect.
9: DATA BREACH
We would report data breach to the ICO authorities where it affects financial loss or right of the individual. That requirement is already in place and has been for many years. We would notify the individual affect in such a case directly. All our data is behind firewalls and we do not keep any data that we do not need to process your order. All written down data is cross shredded and securely disposed of after the order is copmpleted.
10: DATA PROTECTION BDESINAND DATA PROTECTION IMPACT ASSESSMENT
Being a small business of two, Peter and myself are fully aware how important it is to look after your data responsibly as we would expect any other company to look after ours.
We already complete a yearly audit provided to us by worldpay on how we process data and are always looking for ways to improve the way we do things to prevent a breach of the data we hold.
We trade internationally around the world and our written data is stored here in the UK. Our computer data is stored with the following companies
Bigcommerce (website host)
World Pay (Sales)
Our physical UK address is
1: Our office is locked when we leave and is monitored 24/7 by CCTV on the outside and is within a secure building.
2: We never keep credit cards written down anywhere
3: If you use worldpay or paypal we never see your credit card details
4: We cross shred all used data
5: We never sell or share information with 3rd parties
Myself Malcolm is the data controller officially but in truth both myself and Peter take an active role in protecting your data
Any questions please email Malcom firstname.lastname@example.org