Yet another GDPR query
Discussion
Hi
I run a small mail order business. We keep a database of all previous orders made. Details kept include: name, address, phone number, and details of all previous orders placed.
This data is purely used for when a customer phones to place another order we already have their name and address. Also used for when a customer can't remember exactly what they last ordered/when they ordered it and wants us to check. Also used for when a customer wants to p/x an item (so we can check that they actually ordered it from us and how much they paid etc). Also for warranty/refund purposes.
We only have email addresses for a small fraction of the customers as currently orders are only taken over the phone (although we will be taking online orders from next month).
It is not financially possible to send out a letter to all of the customers asking for consent for these details to be kept after the end of May.
So, can we justify the storing and processing of the data currently held for the legitimate interests above without asking for consent (as it's data we already hold in relation to in affect processing a contract) or do we need to delete all the data come the end of May?
Many thanks
I run a small mail order business. We keep a database of all previous orders made. Details kept include: name, address, phone number, and details of all previous orders placed.
This data is purely used for when a customer phones to place another order we already have their name and address. Also used for when a customer can't remember exactly what they last ordered/when they ordered it and wants us to check. Also used for when a customer wants to p/x an item (so we can check that they actually ordered it from us and how much they paid etc). Also for warranty/refund purposes.
We only have email addresses for a small fraction of the customers as currently orders are only taken over the phone (although we will be taking online orders from next month).
It is not financially possible to send out a letter to all of the customers asking for consent for these details to be kept after the end of May.
So, can we justify the storing and processing of the data currently held for the legitimate interests above without asking for consent (as it's data we already hold in relation to in affect processing a contract) or do we need to delete all the data come the end of May?
Many thanks
elise2000 said:
Hi
I run a small mail order business. We keep a database of all previous orders made. Details kept include: name, address, phone number, and details of all previous orders placed.
This data is purely used for when a customer phones to place another order we already have their name and address. Also used for when a customer can't remember exactly what they last ordered/when they ordered it and wants us to check. Also used for when a customer wants to p/x an item (so we can check that they actually ordered it from us and how much they paid etc). Also for warranty/refund purposes.
We only have email addresses for a small fraction of the customers as currently orders are only taken over the phone (although we will be taking online orders from next month).
It is not financially possible to send out a letter to all of the customers asking for consent for these details to be kept after the end of May.
So, can we justify the storing and processing of the data currently held for the legitimate interests above without asking for consent (as it's data we already hold in relation to in affect processing a contract) or do we need to delete all the data come the end of May?
Many thanks
So long as you're not keeping the information for an unreasonable length of time, I'd have thought the "legitimate interests" argument works here? Without holding that data, you can't process refunds / part-exchanges properly. I run a small mail order business. We keep a database of all previous orders made. Details kept include: name, address, phone number, and details of all previous orders placed.
This data is purely used for when a customer phones to place another order we already have their name and address. Also used for when a customer can't remember exactly what they last ordered/when they ordered it and wants us to check. Also used for when a customer wants to p/x an item (so we can check that they actually ordered it from us and how much they paid etc). Also for warranty/refund purposes.
We only have email addresses for a small fraction of the customers as currently orders are only taken over the phone (although we will be taking online orders from next month).
It is not financially possible to send out a letter to all of the customers asking for consent for these details to be kept after the end of May.
So, can we justify the storing and processing of the data currently held for the legitimate interests above without asking for consent (as it's data we already hold in relation to in affect processing a contract) or do we need to delete all the data come the end of May?
Many thanks
My company (my employer, not belonging to me) is keeping existing customer data for 6 years (once they've ceased to be an ongoing contracted customer).
Gassing Station | Business | Top of Page | What's New | My Stuff