Basic description of my process:
I am Lisa Muskett, I am a Sole Trader selling baby and preschool clothing, shoes, toys, nursery furniture and bedding on my own website and in my baby boutique and my baby boutique.
My baby boutique is at Wenlock Way, Maldon, Essex, CM9 5AD.
My website address is www.Chic-Petit.co.uk.
Detailed process of each sale:
When a sale is made online I receive payment via PayPal or Stripe which is then shipped to the address provided. There is no paper copy, everything is stored electronically. The customer is emailed confirmation of order, confirmation of shipping with tracking details, a welcome to Chic Petit with the option to sign up for latest news and special offers this is done automatically. We may also request additional information (if applicable and necessary),
All payments for all orders go direct to PayPal or Stripe which ever the customer chooses. I use these payment methos as they are both secure and I do not see any banking, credit card or payment information that a customer supplies to them in order to pay for their order.
I use my personal laptop to access my website, I have a password on my laptop and to access my website. My home WIFI for internet access is with BT broadband, via a router with a long password comprising alphabetical and numerical digits, that I do not share with anyone other than members of my household. I have Avast Free Antivirus protection on my laptop which runs continuously.
Removal of data if requester:
Should a customer request that I remove any electronic information of theirs then I can manually delete the cusomer account information. I am required to keep copies of an invoice until the 5 years, required by HMRC have passed.
Data brach process:
The only information that I keep regarding my customers are:
1. The order showing what items they have purchased
2. Name of the customer
3. Email and/or phone number of the customer
4. Address that the order is to be shipped to
5. Proof of shipping, showing the postal code
In the event of a data breach, I would immediately notify the customer, and the ICO (Information Commissioners Office). and PayPal/Stripe immediately. I would immediately change all passwords that apply to my computer and website.