GDPR Compliance

GDPR-Image-1.png

As I’m sure you are all aware, there is new legislation coming into action next month called General Data Protection Regulation (GDPR). We’ve had a lot of questions about this and hope we can reassure everybody that Strelitzia will be fully compliant. For extra clarification we have explained in more detail below why Strelitzia needs to comply and what we have done to ensure we comply.

Florisoft Ltd, trading as Strelitzia Software does not possess or retain any personal data on behalf of its customer florists and does not participate in the collection, storage or use of such data.

The computer software supplied by Florisoft Ltd provides a capability whereby its users (florists) can capture and store data on their own computers in an encrypted database. Such data can be transferred via the Internet to other computers belonging to the owning florist and this data is also encrypted using AES256 and private key. The data can include names, postal addresses, telephone numbers and email addresses of the florist’s customers and recipients for the purpose of fulfilling deliveries of flowers and related items.

It is the responsibility of the florist to ensure that such data is captured and used in accordance with the requirements of the GDPR. The following quote from the Information Commissioner’s Office (ICO) highlights how the length you keep that information can differ from business to business and is up to you to decide using the following criteria:

“What determines the length of a retention period? Personal data will need to be retained for longer in some cases than in others. How long you retain different categories of personal data should be based on individual business needs. A judgement must be made about:

  • The current and future value of the information
  • The costs, risks and liabilities associated with retaining the information
  • And the ease or difficulty of making sure it remains accurate and up to date.”

(https://ico.org.uk)

 

To promote compliance Florisoft Ltd will be updating Strelitzia in the following ways:

  • Recipient marketing will be removed – previously when sending emails from Strelitzia you have been able to choose ‘Customer’ or ‘Recipient’. The recipient option has now been removed.
  • A new facility will allow customer and recipient details to be eliminated on request.  This removal will redact personal details, making the records unidentifiable, but will retain financial and product details for the purposes of making management reports. This is done from the individual account as show in image 1 below.
  • A new facility will allow the blanket removal of details for any customers (and their recipients) who have not made a purchase within a chosen time period. See image 2 & 3.
  • The “Favourites” facility will be removed. See Image 4

For further reading please visit the Information Commissioner’s Office (ICO) who will be responsible for the implementation of GDPR: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

If you are using your database for marketing purposes it is your responsibility to make sure you are within the guidelines. Please check out the following links to ensure you are following the GDPR and PECR guidelines:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/legitimate-interests/?q=marketing

https://ico.org.uk/for-organisations/guide-to-pecr/

Image 1 – Removal of individual Accounts details and/ or recipient details. These buttons are only visible if the operator is an administrator.

Image3

Image 2 & 3 – Clicking the new erase button will bring up the following option box in which you can choose from which date you wish to delete information from. The ‘Erase’ button is only visible if the operator is an administrator.

Image4

Image5

Image 4 – Favourites section has been removed from the Delivery Address box when you’re taking a gift order.

Image1