Klee Paper
Tel: 
Fax: 
EMail: 
+353-1-838 35 44
+353-1-838 59 43
Click here
Add
View Cart
 
whatever our wildest dreams may be, they only scratch the surface of what's possible
  FREE delivery on orders €75 or more - Prices   exclude VAT  include VAT

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) came into into effect across all EU member states on 25 May 2018. The GDPR provides one framework data protection law for Europe, representing a significant harmonisation of data protection requirements and standards across the EU. Further information.

It's intention is to enforce the principle of "Privacy by Design" by minimising data collection and retention and ensuring data is obtained only by consent and is available on a strict "need to know" basis. Data Collectors (companies like us) must analyse the risks to the data subjects (our customers and personnel) posed by processing the data (storing it, sharing it). Data Collectors must also provide data subjects with a "right to be forgotten".
Your privacy is of paramount importance to us.
Data Protection Impact Assessment
Personal Data
The only information we have relating to customers is the absolute minimum we require to enable us to process and deliver an order i.e. the data they enter at the point of ordering on-line:
  • Contact Name(s)
  • Contact Telephone Number(s) (landline and / or mobile)
  • Contact Email Address(es)
  • Invoice address
  • Delivery address (optional)
  • Company Name (optional)
  • VAT registration number (optional)
  • Charity registration number (optional)
In the case of custom products e.g. promotional products, additional information may be required and this will be shared with our supplier. This information would normally entail logos and designs supplied by our customer who may or may not be the End-User of the product. If our customer is not the End-User, it is the responsibility of our customer to ensure all permissions are sought before passing on End-User data and that all End-Users are aware that their data may be used by others to fulfil the order processing and delivery.
Legal Ground: Contractual necessity.
Location: This information is retained on our webserver which is located within the E.U.
Visible to: Management and Sales personnel.
Risk: In the event of our webserver being hacked, this information would be available to the hacker.
Risk Profile: This information could be used to facilitate identity theft.
Risk Minimisation: Files can only be uploaded to our webserver from computers on our office network which has a static ip-address. Likewise, alterations to the website can only be done from computers on our office network. All communications between our computers and the webserver are by means of secure protocols. There is no provision for anybody outside of our office to upload files to the website (one of the most common means of introducing viruses).
There is no public access to our office network. Browser access to our website is strictly via https using 256-bit encryption so personal data entered by the customer at the point of ordering is encrypted during transmission to our webserver.
Breach Notification: GPDR article 31 requires us to notify data authorities within 72 hours after a breach of personal data has been discovered. Data Subjects i.e. our customers and personnel, have to be notified if the data poses a "high risk to their rights and freedoms". However, whatever about the legal requirements, if we are hacked, we will tell you.
Payment Data
Most payments go via a third-party service e.g. Paypal or Stripe. In this case, we have NO access to the credit card data.
Some customers give us their credit card details which we record on paper. It is NOT entered into our computer system.
Once a transaction has been completed, unless specifically told otherwise by a customer, we destroy the paper record of the payment data.
Risk: In the event of our webserver being hacked, no payment information would be available to the hacker.
Correspondence
We have copies of all email correspondence with our customers. Our email service is hosted by Google.com.
Risk: In the event of our webserver being hacked, no email correspondence would be available to the hacker.
Shared Data
We categorise data into two areas:
  1. Trade Data  Data that is specific to and received directly from customers and suppliers with whom we expect to or already have rewgular business transactions (Trade Contacts).
  2. End-User Data  Data received from our Trade Contacts relating to their customers or prospective customers (End-Users).

Trade Data. Data relating to our customers and suppliers will used for the purposes of processing orders and associated activities surrounding order processing as well as marketing activity specific to the products and services we sell.

End-User Data. Data provided by our Trade Contacts relating to End-User customers will be used for the sole purpose of processing orders. It is the responsibility of the Trade Contact to ensure all permissions are sought before passing on End-User data and that all End-Users are aware that their data may be used by others to fulfil the order processing and delivery.

Where appropriate Trade and End-User Data may be passed to third party contractors for the sole purposes of fulfilling purchase orders.

Information collected includes:

  • Contact Name(s)
  • Contact Email Address(es)
  • Contact Telephone Number(s)
  • Contact Invoice Address
  • Contact Delivery Address(es)
  • VAT registration number
  • Charity registration number
  • Banking details
  • Logos and designs

Data will be held securely on in-house computer servers and back-ups as well as in paper format. Any significant breach of data will be communicated as soon as is reasonably possible by the swiftest and most appropriate means available at the time. Data will be held for a period of 6 years, statutory accounting practice.

Declaration: Klee Paper Ltd will NOT pass on your personal data to third parties other than those involved in the order processing and delivery without first obtaining your consent.

Retention Policies
1. Invoice Data
    We are obliged by law to retain invoices for 6 years (revenue.ie).
    At present, we do not automatically remove invoices after that time.
    We propose to delete invoices after the legally specified retention period of 6 years has expired
2. Email correspondence
    At present, we do not automatically delete emails.
    We propose to retain emails for the same period as our invoices (6 years) with automatic deletion therafter.
Special Categories
We have no interest in and request no information other than that specified in "Personal Data" above.
Consent
Consent is requested from a customer immediately before finalisation of the order. No personal information is transferred to our server until that consent has been given.
Data Protection by default
There are no automatic opt-ins when a customer places an order or registers with us.
Subject Access Requests
We undertake to provide, within one month, a complete breakdown of all data relating to you. Please send an email to gdpr@ecoland.com
Deletion Requests
We can remove all data relating to you provided it does not conflict with the legally required retention period specified by the Revenue authorities (revenue.ie). Please send an email to gdpr@ecoland.com

All rights reserved. Klee Paper.   Your IP: 18.232.31.255