Eco Pond Ltd – GDPR Compliance
In order to comply with the General Data Protection Regulation (GDPR) coming into effect on
the 25th May 2018, Eco Pond Ltd sets out below the way in which customer data is collected,
processed and handled.
Eco Pond collects and holds data from two groups of people:
Eco Pond contractors
Customer data
To comply with GDPR regulations Eco Pond will only be collecting personal data that is
required and necessary. This data includes, but is not restricted to;
Name
Address
Phone Numbers
Email address
Lawful basis for processing:
Eco Pond has completed a full review to identify under which lawful basis customer data is
collected and processed. It has been determined that the following apply:
(a) Consent – The individual has given clear consent for Ecopond to process their personal
data for a specific purpose.
(b) Contract – The processing is necessary for the contract Eco Pond has with the individual,
or because they have asked Eco Pond to take specific steps before entering into a contract.
In view of these and to ensure customers have choice and control Eco Pond will gain explicit
consent from data subjects (customers) whenever personal data is required for a specific
purpose.
Obtaining consent and the “Right to be informed”
The largest volume of data that is collected by Eco Pond is through the sale of products. To
ensure GDPR compliance the Eco Pond website and employees will obtain explicit consent
from the data subject to data collection. All data subjects will be informed of the collection
and use of their personal data in the following manner:
• Data subject will be made aware that the data collected will only be used for fulfilment
of the contract between them and Eco Pond.
• Eco Pond will state how long the data will be retained for. (Five years after
registration or seven years after last purchase.)
Storage of Data
All data collected by Eco Pond is held on secure password protected servers with access
restricted to sales, accounts and dispatch staff as necessary. (We may supply some personal
data to a 3rd party courier service when required for the sole purpose of fulfilling the order
process.)
Cookies
Additional Individual Rights
Eco Pond will comply with the Individual Rights under the GDPR
