Privacy Policy

The EU General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) will apply from 25 May 2018, when it supersedes the UK Data Protection Act 1998 (DPA). The new law brings a 21st century approach to data protection. It expands the rights of individuals to control how their personal data is collected and processed, and places a range of new obligations on organisations and business’ to be more accountable for data protection.

Deadline for compliance: 25th May 2018

The business benefits of the GDPR:

UK organisations handling personal data will still need to comply with the GDPR, regardless of Brexit. The GDPR will come into force before the UK leaves the EU, and the government has confirmed that the Regulation will apply.

Build customer trust
Improve brand image and reputation
Improve data governance
Improve information security
Improve competitive advantage

Personal data:

Name
Address
Email address
Photo
IP address
Location data
Online behaviour (cookies)
Profiling and analytics data

Data protection principles

Personal data must be processed according to the six data protection principles:

Processed lawfully, fairly and transparently.
Collected only for specific legitimate purposes.
Adequate, relevant and limited to what is necessary.
Must be accurate and kept up to date.
Stored only as long as is necessary.
Ensure appropriate security, integrity and confidentiality.

Little Green Tree only stores customer data for as long as it’s needed, which means once an order is complete the messages are deleted. Little Green Tree does not print any information on any customers, and solely works from inbox.

Little Green Tree does not share or screenshot any messages unless under the circumstances detailed below:

Little Green Tree does however screenshot the address screen from Paypal and shares this direct with customers. This is to ensure the correct address and to confirm with the customer that payment has been received. Every day photos are deleted that aren’t needed, which includes all the screenshots of customer address’. The “deleted” photo album is also swept regularly and then customer data is permanently erased.

Accountability and governance

Be able to demonstrate compliance with the GDPR.

Little Green Tree demonstrates this by deleting all data compiled from customers, through the use of messaging the Little Green Tree inbox folder, by deleting the message once the customer order is complete.

Customers pay using Paypal – Paypal have assured all business users they too are GDPR compliant and storage of customer data is kept to a minimum and not shared with any other third party.

Lawful processing

Identify and document the lawful basis for any processing of personal data.

The lawful bases are:

Direct consent from the individual
The necessity to perform a contract
Protecting the vital interests of the individual
The legal obligations of the organisation
Necessity for the public interest
The legitimate interests of the organisation.

By contacting Little Green Tree you are giving direct consent that Little Green Tree can store your personal data until the order is complete. If a customer just wants to ask a question please be assured once the conversation is finished all messages will be deleted. Little Green Tree does not store any messages that are not active.

PCI compliance*

What is PCI DSS and who needs to comply? (Payment Card Industry Data Security Standard)

Consumers are becoming increasingly aware of the dangers of identity theft and PCI compliance shows that a business has secure procedures in place that keeps customer payment information safe and secure.

Payment Card Industry Data Security Standard (PCI DSS) is a set of 12 requirements that all businesses who handle credit or debit card payments must comply with. It provides a “minimum security standard”.

As a merchant (business) accepting card payments, the business are required to comply with PCI DSS. As a service provider, PayPal is also required to comply with PCI DSS. Little Green Tree uses a service provider. (PayPal, whom are PCI DSS compliant).

If you have any questions or queries regarding our Privacy Policy then please get in touch.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.