Notice of GDPR actions
Brick technology Limited’s Privacy & Security Policy
Notice to all clients concerning measures implemented in Compliance with the GDPR
The GDPR (General Data Protection Regulation) comes in to effect on the 25th of May 2018
Here are steps Brick technology have undertaken in order for our website systems to comply.
Details of what this regulation is and what it means for you can be found here https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
Brick have also posted a helpful document to help you prepare here: https://www.brickweb.co.uk/images/pictures/gdpr/preparing-for-the-gdpr-12-steps.pdf
It is YOUR responsibility for the protection of data, regardless of suppliers (such as Brick technology).
In order to support Brickweb clients, we have implemented systems to help you comply and administer the requirements that apply to your website, server and databases held on your Brick website.
PLEASE NOTE: YOU have control over access to your control centre and we suggest that you change your login password regularly.
Subscribers databases:
All subscribers should be double positively opted-in.
Your website does this via the /subscribe page on your website. When a visitor chooses to opt-in, they need to click an affirmation tickbox, which then generates a confirmation link and sent to the subscriber, which when responded to will timestamp and other information of that record (proof) in your subscribers database which can be subsequently retrieved by you. = compliance.
Subscribers may at some point in the future wish to know what information you store about them. Brick have made this simple by allowing you to export this information by an “export” button in your control centre. Subsequent to this the user may request that you remove their personal data, which has also been easily facilitated in your control centre.
If you haven’t got this evidence (log files) by the 25th of May Brickweb will remove any/all non-confirmed entries in your subscriber database at 23:59 on the 24th of May 2018. Leaving you with a clean and legal subscriber database with evidence and the ability to retrieve this data upon request by your subscriber.
SMS Subscribers have a similar system which will send confirmation codes to users in order for them to “double opt-in”. SMS messages cost 1 credit per transmission.
Some of our clients are sending out newsletters to ask people to re-affirm their subscriptions using the new evidential system so as not to lose their readers, other clients are seeing this as an opportunity to start afresh.
We have placed a very basic format in your “Send Mail” module. You may wish to amend or expand upon that.
Before you do, we strongly advise you review and amend your website’s Privacy & Cookie Policy. Here is an example: https://www.brickweb.co.uk/privacy however, once again, it is YOUR responsibility for your organisation and the protection of personal data. Brick technology Limited is not authorised to dispense or advocate legal counsel.
If you are a Brick Internet Marketing Client (as of the 25th of May 2018) We will assist you in this exercise, please contact Bobbi Stanton on 01254 277190 for more information.
All Users, Enquiries, Purchasers, Subscribers
Will be able to access their own information by logging in to a “My Personal Information” on your website yoursite.com/personal-data. The user will be able to review, amend or request removal, immediately themselves, or, by request to you. In any event this activity will create an email alert to the website administrator.
Some governmental and law enforcement agencies may require you to hold certain parts of information and this will supercede the GDPR. For example, one of our client’s who hires out vehicles is required to retain information for a period of 2 years in case of unforeseen claims. Some HMRC records need to be kept for several years. Some e-Commerce orders may be in progress and removal of the address would obviously negate your ability to fulfil that order. In any event, the requesting user should be informed with reasons for your inability to comply at that particular time.
All forms on your Brick website comply with the GDPR. If you require more than the above or wish to customise the system, please don’t hesitate to contact us, as we will need time to schedule the work, create a work order and complete the work.
Other information you will require.
Is your website secure? All Brick Websites since 2014 have an SSL installed (Secure certificate) you can see this by looking in the address bar of your browser.
What if you transfer user data to third-party software or systems?
You must state this in your privacy policy and consult with your third-party provider to ensure compliance.
Where is your website housed (where is/are the server/s)?
Most Brick clients are housed in an EU compliant data centre here https://cloudscene.com/data-center/france/lille/ovh-rbx-2
Some larger clients have dedicated servers, please contact support@brickweb.co.uk for information on your own private servers.
Firewalls and security ports information is here: https://www.brickweb.co.uk/control-centre-guides
Brick back up your website files and data within the above network confines (so data does not leave this environment) All/any data transfer is protected by RSA 2048 bit encryption.
This document may be updated or amended from time to time as rules and regulations change.
Brick technology’s Data Protection Officer can be contacted
Maria Smith
Brick technology Limited
The Gatehouse, Daisyfield Mill
Blackburn BB1 3BL
Telephone: 01254 277190
info@brickweb.co.uk