GDPR Statement

Review Of GDPR 2018 Impacts And Compliance

Change In The Law

We have reviewed our data use and storage in our business based on our understanding of the changes in Data Protection law on GDPR applicable from May 2018. The statements below represent our findings as a result of that review.

What Data Do We Record Or Have Access To?

At Hot Pot Pottery we record some or all of the following information as required and appropriate in relation to your booking and any pottery you may be leaving with us to glaze and fire:

  • Booking date and activity booked
  • Any accessibility or other health/ability issues/information that may be pertinent
  • Any food allergies/intolerances (if food is included in the booking)
  • Celebration related information such as ‘Hen Do’ or ’50th Birthday’
  • Lead booking contact name & contact telephone number(s) &/or email address
  • Number of people and ages of those being booked
  • Postal address (if delivery is required) and any special instructions for our couriers
  • Details of the pottery being left and likely delivery/collection date

We also have customers’ email addresses/mobile numbers in our email/messaging/phone records.

In terms of payment details, the majority of payments are paid on-line directly into our bank account or in person through our on-site card machine or in cash. Therefore, we do not hold or record payment or card details.

We are moving towards taking on-line bookings and payments through our website but this will be done via a third party payment gateway with industry standard security and we will not have access to, be able to store or recall payment details provided.

We can take card details over the phone to put through a non in-person payment on our card machine but in these cases they are hand written and destroyed immediately once the payment is complete.

Limited payment data is stored by the card machine payments system but this is only transaction data and no names and addresses and only partial card details are retained. Whilst our card machine payment system does often supply a contact email/mobile number within the transaction to send a receipt to, these details are not available to use once the transaction is complete.

How Do We Store The Data We Hold?

We have a written diary with the details of pottery bookings and written carbon receipts (which we keep one copy and the customer has a copy) for any pottery left with us for glazing & firing.

We also have customers’ email addresses/mobile numbers in our email/messaging/phone records and email confirmation records of on-line bookings and payments as we move towards that.

How Do We Use The Data We Hold?

The data we hold is purely used to contact customers about their booking prior to their arrival, during the course of classes/courses/workshop/activity and afterwards in relation to any feedback or communication regarding delivery/collection of pottery.

We do not hold a mailing or newsletter and we do not contact customers (past, present or future) with any information regarding promotions or future events at Hot Pot Pottery. All promotional marketing of this nature is undertaken via our ‘News & Events’ page on our website, on our Facebook page, X (formerly known as Twitter), Instagram, Tourism Association website listing, press releases, printed materials such as posters and leaflets and advertising.

The Hot Pot Pottery Facebook page is used to update those who have in decided they wish to be ‘friends’ of the business and follow us. This is subject to the normal security protocols of Facebook, contains no personal information and people can ‘unfriend’ or ‘unfollow’ at any point if they are no longer wish to see this feed of information.

The only time where we would share contact details with a third party would be if required in relation to an on-site medical emergency, fire or accident or a future potential pandemic where, we may need to report who was on site at the time and what happened.

What Will We Do If You Wish To Change Your Data Record Or Have It Removed?

We do not proactively use data held to contact customers (past, present or future) so in the case where visitors’ contact details have changed then we would not have a record to update and following an inbound communication in relation to a new booking, any new contact details would be used in relation to that booking.

In terms of access, we have stated here what data we hold on visitors, why we hold it and what it is used for.

In terms of personal data removal, should visitors wish us to remove their personal data held then the following would happen. We would delete all emails/mobile/messenger/what’s app messages in our records and (assuming all pottery had been collected/delivered) destroy the carbon receipt and remove the written record in the diary.

In terms of any messages/communications/reviews etc left by visitors on Google, TripAdvisor, Facebook or any other third party platform then we would expect customers to manage and remove those as they saw fit, although we do feature some on our website and if we were asked to remove these then we would but they do not include any personal names or data.

We would undertake this within a month or receiving the request (to allow for delay if we are on holiday) and we would then confirm the removal of data (and then destroy that communication).

Data Security

As our business is run by 2 people who are a married couple and they are the only people who have access to the data we hold, our assessment of the risk of a breach is that it is highly remote. We do not anticipate any security breaches.

Conclusion

We do not believe that the way we store and use the data we hold provides a security risk or falls within the scope of the changed data protection legislation in GDPR from May 2018.