Have you set up or want to set up an e-shop? Do you collect email addresses, contacts or other data about your customers? Then you need to think about data protection.
Have you set up or want to set up an e-shop? Do you collect email addresses, contacts or other data about your customers? Then you need to think about data protection.
The protection of individuals’ personal data is an often neglected area of regulation. It can bring many unpleasant surprises to start-ups and established businesses alike. What are the most important requirements imposed by this regulation? And how to effectively prevent problems with the authorities, but also with “data subjects” (i.e. customers or prospective customers)?
If you use your website users’ personal data for purposes other than purely to supply them with the goods or service you offer, you will most likely need consent to process their data for those purposes.
Consent must include the purpose of the processing and information about what personal data it is given for, as well as to which controller and for what period. The processor must be able to demonstrate the existence of consent throughout the processing of the personal data.
The user’s consent is commonly obtained for the dissemination of commercial communications (sending newsletters), telemarketing, transferring personal data to other entities (e.g. sharing client databases), etc. Although there is a not very broad exception in the law for these purposes as well, and it is therefore possible to do without the user’s consent in certain circumstances, it is certainly always better and legally safer for the e-shop operator to obtain consent from the user.
If an e-shop operator obtains a customer’s contact details by, for example, providing a service to the customer in the past or obtaining them from a public list, it may send the customer a newsletter by email without the consent of that user to the processing of the data. However, the operator must allow the user to easily unsubscribe from receiving the email.
Our team of experienced attorneys will help you solve any legal issue. Within 24 hours we’ll evaluate your situation and suggest a step-by-step solution, including all costs. The price for this proposal is only CZK 690, and this is refunded to you when you order service from us.
If the operator decides to obtain the user’s consent, it is advisable to obtain it by an active step on the part of the user. For example, by clicking on a website button or by ticking the appropriate box. This functionality can then be linked to a database, which will directly include those users who have given their consent and with whom the e-shop operator will be able to continue marketing.
Consent to the processing of personal data must also be accompanied by appropriate information on the purpose and method of such processing.
The instruction must include the following information: (i) the scope and purpose of the processing of the personal data, (ii) who will process the personal data and how, and (iii) to whom the personal data may be disclosed. The user must also be informed of the right of access to the personal data, the right to rectification and other rights granted by the Data Protection Act.
It is strongly recommended that the required information is clearly listed in one place or linked (e.g. by a link) to the text of the consent to the processing of personal data.
If an e-shop operator intends to use the personal data collected from users beyond the mere performance of a contract with a client, it must register as a data controller with the Data Protection Authority. It must register before it starts processing personal data. Registration can be done online using the form available on the website of the Authority. There are a few exceptions to the registration obligation, as with consent. However, even with registration, it is better to carry it out and not rely on exceptions. This is doubly true in the case of large or dynamic e-shops that collect large amounts of personal data.
Do you intend to use cookies? A cookie is a small piece of data that is stored on your computer, tablet or mobile device after you visit a website. “Cookies” are used, among other things, to distinguish user preferences and to help the website remember certain information about you the next time you visit. If you intend to use cookies on your website, you should put special measures in place for them. These measures include a typical bar that alerts the user to the use of cookies and obtains consent from the user. It will also link to information where the user can read how your website works with cookies and what it uses them for.
Last but not least, the e-shop operator should think about technical and organisational measures when managing personal data. These measures include in particular: (i) securing users’ personal data (physically – e.g. bars, software – firewall), (ii) developing security guidelines, (iii) using backup technologies and many others.
Our team of experienced attorneys will help you solve any legal issue. Within 24 hours we’ll evaluate your situation and suggest a step-by-step solution, including all costs. The price for this proposal is only CZK 690, and this is refunded to you when you order service from us.