GDPR: Crafting your Privacy Policy

Rewrite your privacy policy for GDPR

GDPR: Crafting your Privacy Policy

In the last few months, there have been hundreds of articles written about the EU General Data Protection Regulation (GDPR). In this article, we want to give you some quick, easy to understand tips about how to amend your privacy policy to be GDPR compliant.
GDPR states that you must provide your users with information on how you use any data you collect from them and that this information must be concise, transparent, easily accessible, written in clear and plain language and free of charge. So we suggest that you create or amend your privacy notice and display this notice anywhere you capture data. Many of the craft businesses we work with simply add a link on their website homepage to their Privacy Notice.
Here is a quick list of what your Privacy Policy should include:

*Who is collecting the data?  In your Privacy Policy you need to address who is collecting your data, whether it is your company or a third party application that you use.

*What data is being collected? Here you will need to identify what exact data is being collected whether it is email address and IP information from comments left on the site, credit card and address information for purchase, email capture for a mailing list, or any other data you are collecting from your customers.

*What is the legal basis for processing the data? Here you should define what business purpose you are collecting the data for. For example, if you are collecting credit card and address information, you are using this information to process orders and mail merchandise to customers.

*Will data be shared with any third parties? We addressed this a bit in the first bullet, but here you will add information if the data is shared with any third party providers. If you are using a commerce system to process your credit card payments, that company will have access to your customer data. If you are using a third party newsletter management system, that company will have access to your customer data. If you work with third-party vendors that have Privacy Policies you may wish to link to those, or you may wish to add information to your Privacy Policy about how the third party vendors protect data they receive.

*How will the information be used?  Here you will discuss exactly how you plan to use the data you collect. You may also wish to provide a statement here about how you balance your business interests with the interests of your customers in choosing to use their data. For instance, if they are signing up for your mailing list then using this information to send them information about your company and your products is in their interests. Sharing this list with another company may not be in their interests.

*How long will the data be stored for? This is a simple statement of how long will you store the data you collect from your customers. In the case of public comments on your website, this may be in perpetuity. In the case of credit card information, unless your shopping cart saves that information to a customer profile, you may not retain it beyond the transaction.

*What rights does the data subject have? First and foremost, your users must be able to opt out if they so choose. For example, most newsletter applications (MailChimp, etc.) make it easy for you to add an unsubscribe button. You need to ensure there is an easy, clear way that your customers can opt out.

*How can the data subject raise a complaint? You should develop a process whereby your customer can raise a complaint. This can be as simple as an email address and name of who to contact if they have a complaint.

You can view Stitchcraft Marketing’s Privacy Policy here for a better idea of how you can implement these suggestions to serve your own craft business. We also collected a sample of crafty businesses who have Privacy Policies in place that you may wish to visit: Eucalan, Interweave, Miss Babs, and Uncommon Threads.
If you have any additional questions, or are interested in working with us to create or amend a Privacy Policy for your craft business, please contact Leanne at
Leanne Pressly
No Comments

Post A Comment