GDPR Information
As of the 25th May 2018 there is a new directive (GDPR) which is replacing the Data Protection Directive 95/46/EC. It was designed to harmonise data privacy laws to protect and empower all citizen’s data privacy and to reshape the way organisations across the region approach data privacy.
We have created this page to provide information to our customers on how we are managing these new regulations and to provide simple information about how these changes will affect our customer base.
The main aspects of the GDPR are:
Consent
Right to Access
Right to be Forgotten
Data Portability
Privacy by Design
Breach Management
Consent
The conditions for obtaining consent have been strengthened. Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language.
We ask for your consent either through the account creation process and when placing an order by way of a simple tick box, a link is provided to our full terms & conditions, privacy policy and GDPR information page. Consent is recorded for our privacy policy and our terms and conditions.
Right to Access
Part of the expanded rights outlined by the GDPR is the right for data subjects (you the customer) to obtain personal data concerning them is being held, processed, where and for what purpose.
We have created a simple section for you to submit a request which can be found here. You will need to log-in to your account to be able to submit the request. We ask for confirmation of your email address which will then be verified by an automated email, which is sent when the request is submitted.
You can also request this via telephone or email, however we will still need to verify your identity. This can be done a number of ways but by confirming your email address (clicking on a link we send you) is the easiest method.
If for any reason you are having problems or finding it difficult to submit a request, please contact us here and we will be happy to guide you through the process.
Right to be Forgotten
Also known as Data Erasure, the right to be forgotten entitles you to have all personal data permanently removed. Cease further dissemination of the data, and potentially have third parties halt processing of the data.
We have also created a section where you can request for all personal information to be permanently deleted. This is a simple process whereby you submit your request through this link. An automated email is then sent to confirm your request and identity. Clicking the "Delete my Account" will remove all personal information held, please bear in mind that this process is irreversible.
If you require any help with submitting your Request to be Forgotten, then please contact us here and we will be happy to guide you through the process.
Data Portability
GDPR introduces data portability - the right for a data subject to receive the personal data concerning them, which they have previously provided in a 'commonly use and machine readable format' and have the right to transmit that data to another controller.
We have also added this functionality to our GDPR Toolkit, found under the my account section. Should you wish to download your account data to transfer to another company. We do not foresee this feature being used however the functionality is there if needed. We have segregated this into four areas to make this simpler, these are: Personal Data, Address Data, Order Information and GDPR Requests.
Privacy by Design
Privacy by design as a concept has existed for years now, but it is only just becoming part of a legal requirement with the GDPR. At its core, privacy by design calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition.
This has always been at the forefront for ODIN Tactical & ODIN Systems, often dealing with sensitive information, military addresses and contacts. We take your privacy seriously and this is not an afterthought. New systems and even modifications to our existing systems are scrutinised on local test servers before being released.
If you have any concerns, please contact us here for further information.
Data Breach Management
The GDPR introduces a duty on all organisations to report certain types of personal data breach to the relevant supervisory authority. You must do this within 72 hours of becoming aware of the breach, where feasible.
We have our own inbuilt system to handle this. When a breach is detected a report is created outlining the key points relating to the breach and any steps we have taken. We aim to send this report within six hours of the breach being detected. If necessary and without notice our website and databases will temporarily be taken down for investigation. We will also inform the data commissioner of the breach at the same time.
Useful Links:
Right to Access - Request form
Right to be Forgotten - Request form
Data Portability - Download data
Privacy Policy
Terms & Conditions