On 1st May 2018 the new GDPR came into effect. This works alongside the Data Protection Act and allows you, the customer/consumer more control and access over your personal data which is processed and held whilst using Leaf & Lake Co.
Within this section i aim to outline in a clear and concise manner what personal information of yours i have access to, any third parties involved, how it is stored/managed aswell as other information such as how long i keep it for. You, as the customer have the right to become a 'forgotten person' at any time. This means that i legally have to get rid of any data/documents which i hold on you.
Leaf & Lake Co. is considered both a data controller and data processor since i use thrid parties to manage your orders and collect your data. These third parties are the website host www.create.net and www.paypal.com for payment collection. The personal data which is shown to me during your order placement is your name, address, email and phone number. This information comes through on both www.create.net and on www.paypal.com. I print out a paper copy of your order via www.create.net order management or in the instance where i have issued invoices manually then i print out the payment/invoice from www.paypal.com. In both instances your personal date is visible on the print out. No one else within my business or outside of this sees the printed out documents. I store these in a dedicated file for the current tax year. After which they are then relocated to a closed file. I will retain these documents and personal data for business and legal issues only. For upto a maximum of 10 years. The personal data which is kept digitally is only that which is on the www.create.net and www.paypal.com websites. I do not keep a digital file storing your personal data. I purposley choose to do this to prevent your data being stolen from my laptop in the event that it should be hacked or stolen. I have my laptop password protected, and to access your personal data on both www.create.net and www.paypal.com there are additional passwords. I take processing and storing your personal information seriously but appreciate that you may wish to become a 'forgotten person'. If you wish you do this then please contact me
The GDPR is considered 'living' so is subject to change regularly.