You’ve probably heard, as of May 25th, GDPR (General Data Protection Regulation) will soon have a major impact on European privacy law. All organizations working with the data of EU citizens will need to be GDPR compliant.
Peddler is all about being direct and transparent with our users, so we're actually excited that the GDPR has given us the chance to update our legal documents! We believe you should own your data (and eventually get paid for it), and this law is a step in that direction.
There is a lot of legal jargon, but basically you will win in the end because you can be more discerning about what data you share & understand how it’s shared.
We’ve always believed in protecting our user data and using it to create the best experience possible on Peddler which includes getting incredible deals on incredible brands so we hope you choose to stay in the Peddler community. But remember silence isn’t permission, so if we don’t hear from you, we won’t be able to chat again - and we’d really like to continue giving you a new way of shopping with your community. If you’re part of the email list, make sure you look out for our email and update your preferences!
GDPR requires retailers to keep their customer data in good shape and update it constantly which in turns helps us give you a better experience.
Read below for what this all means!
General Data Protection Regulation (GDPR) compliance program
The General Data Protection Regulation (GDPR) enhances EU individuals’ privacy rights and places significantly enhanced obligations on organizations handling data.
The GDPR is considered to be the most significant piece of European data protection legislation to be introduced in the EU in 20 years. For example, the GDPR requires a higher standard of consent for the use of certain types of data and contains more rights for individuals with regard to access to their data and transfer.
Most important GDPR features are:
- Expanded rights for individuals: The GDPR enables individuals to control their data. The rights for individuals in the EU are expanded. If desired, individuals can delete their data and can request a copy of any personal data stored in the company’s regard.
- Compliance obligations: Organizations are required to implement appropriate policies and security protocols, conduct privacy impact assessments, keep detailed records on data activities and enter into written agreements with vendors.
- Data breach notification and security: Organizations have to report certain data breaches to data protection authorities, and under certain circumstances, to the affected data subjects. The GDPR also requires organizations to implement additional security measures.
- New requirements for profiling and monitoring: The GDPR places additional obligations on organizations engaged in profiling or monitoring behavior of EU individuals.
- Increased Enforcement: The GDPR provides a central point of enforcement for organizations with operations in multiple EU member states by requiring companies to work with a lead supervisory authority for cross-border data protection issues. Under the GDPR, authorities can fine organizations up to the greater of €20 million or 4% of a company’s annual global revenue.
In order to comply to the GDPR, you are able to:
Right to information
Right of inspection
You have the right to request access from us at any time in the data that we have available about you.
Right to correction
You have the right to have your personal data corrected if they are incorrect or outdated and / or to have them supplemented if they are incomplete.
Right to object
You have the right to object to the processing of your data if you do not agree with the way we process your personal data. This right applies to the data we use for direct marketing. So you can ask us to no longer use your data for personalized recommendations on the website. In addition, this right also applies to other data that we use from you based on our legitimate interest. For example, you can choose to erase the data about your surfing and search behavior.
Right to data portability
You have the right to receive data that you have given to us in the context of the agreement (s) that you have concluded with us so that you can keep this data in a database of yours or of another party.
Right to restriction
You have the right to request restriction of the processing of your data. This means that we may keep your data but do not use it. This right arises in a number of cases. If you believe this is the case, you can contact us through customer service.
Right to be forgotten / request to delete account
You have the right to request that we remove all information that we have about you. When you submit a request to delete your account, we will remove data that is traceable to you except for the data that we must or may store on the basis of the law.
Right to file a complaint
You have the right to file a complaint about how we handle your data. To do so, contact customer service. Finally, you have the right to turn to a higher authority for Personal Data with your complaint.