GDPR - Your Compliance

Based on our interpretation of GDPR, we strongly suggest you look at:

Statements and the information provided across our website about GDPR is based on our interpretation of the legislation. It is not legal advice. For concrete legal advice, you may wish to talk to a solicitor.

Do you have a Privacy Policy?

Everyone who uses your site has a right to know what data you're collecting about them and how you use it. Even if you're not collecting Names or Email Addresses via a form, if you have any tracking tools on your website (Google Analytics) then you are collecting data.

The best way to provide the information about what data you collect and how you use it is with a Privacy Policy. Most clients include it as a PDF download within their websites footer.

Read more about what your Privacy Policy should include here

We strongly recommend all clients read our FAQ’s page and include in their Privacy Policy how they collect, store and use their clients data via the website. For example, if you have a contact form on your website you should state how the form submissions are sent (via email) and if they are encrypted or not (with SSL or without SSL).

Are you collecting contact information in order to send marketing materials?

From May 25th, 2018 potential customers (enquiries on your website) should have the option to opt in to receive marketing materials. You shouldn't assume that you have consent to store their data and use it in the future and you can no longer hide your data policies in your terms or Privacy Policy.

Consent fields should be unticked as default, allowing users to opt in should they wish.

In the case of texts, emails, post or calls, the user should be able to give specific consent to receive marketing by each of those means.

As well as collecting consent for marketing materials, you shoud also have a record of when the person gave you permission. If you use a Toolkit Contact form, the data will be stored in the Enquiries Module of The Toolkit and you'll have received an email notification when the form was submitted.

4 Must Do's When Collecting Data

  1. Request the consent of all customers/potential customers before you collect any of their information. These requests must be in easily understandable language free of legal jargon and must also be obtained separately (tick box is recommended) from other matters and not be hidden in other text.
  2. Have a clear and accessible Privacy Policy (as per above) that informs users how their data will be stored and used by yourselves.
  3. Offer customers the chance to request a full log of all information you hold on them. We recommend including this in your Privacy Policy and stating any admin costs or the process involved to apply for information. It's important all customers to have a means to request access and view the data you have collected on them.
  4. Provide users with a way to withdraw from your future correspondence and have all data on them purged on your systems. All users have a "Right to Be Forgotten”under the new rules.

Read More about Consent here

Secure Socket Layer (SSL)

Client data passed through your website must be protected to avoid it falling into the wrong hands. Is your website SSL Secure?

If it isn't you can encrypt your website with a SSL certificate which in turn improves your Google ranking & removes any 'insecure' warnings your clients will see in both Search Engines & Browsers.

Secure Socket Layer services give websites the padlock icon in the top corner of a browsers URL bar which defines sites with secure connections. SSL is a technology used for establishing encrypted links between servers and browsers, so it provides end users with a far more secure experience and protects their data from outside sources.

Bespoke websites require bespoke security solutions so we've invested in a SSL certificate solution that will protect all of our websites end users data.

About Our Systems and Protocols

The Toolkit

The Toolkit is an encrypted, password protected Content Management System that only you and any other users on your account have access to. This is where the form submissions through your website are safely stored. (Providing you're using Toolkit Forms and not 3rd Party Forms).

Login Details for The Toolkit are only sent to Authorised Users on accounts.

Any changes to your Account, Toolkit or website in general, are only actioned when the request is emailed to us or directly actioned from an Authorised Users email request.


Toolkit Email Service

We do not store any mailbox passwords.

The resetting of passwords is handled completely via automated texts, so our team don't even see your password when you reset it.

Please do not send us your mailbox passwords. We can access your mailboxes in emergency circumstances through our Webmaster system, however doing so automatically alerts our customers and management team via email. No passwords are stored or seen during this process.

Toolkit Webmail uses SSL encryption to send emails and we recommend all our clients use SSL connections when configuring email addresses on phones, tablets or Mail Clients such as Outlook, Thunderbird, Live Mail etc.

Your Responsibilities

You are responsible for (but not limited to):

  • The client data your website collects
  • The content on your website (including any form disclaimers)
  • The persons who have access to The Toolkit and subsequently your account with us
  • How your client data is stored and managed
  • How your mailing lists and contact lists are collected, stored and used

We are happy to answer any GDPR based questions that are not already listed on our FAQ's page so if there is anything you're unsure of please don't hesitate to get in touch.

Website Contact Form

If you take any personal data through your site, you should have an SSL Certificate .

You previously only needed SSL if you were taking sensitive information, like payment details, but with GDPR changes, it's now believed to be required for all data, including basic form information such as name, email and phone.

Back in October 2017, Google Chrome also introduced a Not Secure banner for any site with a contact form, but not SSL. You can read more about that here .

To avoid your customers getting a warning and to be GDPR compliant, upgrade to SSL today.

Website & Email Access

Who is able to log in to your Toolkit account? Who can make changes to your website, contact forms, client enquiries, user permissions etc? Review your existing protocols, staff access, email accounts and general permissions so you can be confident authorisation is only provided to the right people.

Customer data is stored within The Toolkit and your business email accounts so it's crucial you know just who has access and how it is viewed.
© Copyright 2019 Toolkit Websites LtdWeb Design By Toolkit Websites