Homepage > Documents > GDPR Compliant Privacy Notice
Frans Absil Website GDPR Compliant Privacy Notice and Data Handling
GDPR Compliant Privacy Notice
The EU General Data Protection Regulation (GDPR) takes effect from 25 May 2018. This statement has been drafted to elucidate my compliance to this regulation. It is the GDPR Compliant Privacy Notice for my website, webshop and email account.
Who is the data controller?
The data controller and processor is Frans Absil. This privacy notice applies to the website with domain name www.fransabsil.nl. Contact information, i.e., the email address, may be found under the Contact tab on the website.
What data is collected?
I do take your privacy seriously and will only use your personal information to provide products and services you have requested.
The data controller website (www.fransabsil.nl) does not collect any data. When visiting the website, there will be no cookies placed in the visitor's browser. Visitors will not be tracked. On the website there are no contact forms, no user feedback pages; therefore, no data subject information is requested or gathered. The website is hosted by XS4ALL, an ISP in the Netherlands. Periodically, i.e., once every quarter, the anonymous Google Analytics tool is used for website statistics inspection and SEO.
When a webshop product item is delivered (see below) I ask permission to use the data subject information, i.e., the customer email address for sending future product information. This is a mailing list for messages about e-book updates, new editions, new publications (marketing purposes). I will not send any email messages unless I have obtained customer consent. The customer gives his consent in a confirmation email (positive and active opt-in).
In general, no invoice is sent in case of an online purchase. When a customer explicitely requests an invoice for financial administration purposes, this document will include personal data, such as name, address, email address, order date and reference (email message, telephone, other).
Third party data sources
When an item such as an e-book or sheet music (scores, instrumental parts) is ordered from the webshop, the purchase is processed by PayPal. PayPal acts as a payment gateway and sends a payment confirmation message to my Gmail account. This message contains the customer name, address, email address, and product code.
What will be done with the data?
In case of an e-book ordered through the webshop I use the customer name (or company name) and email address for preparation of a personal copy. When running the computer typesetting software the customer name and email address are included in the colophon and in the page footer, where there is a statement: Copy issued to [customer name (email address)]. The personal copy, a PDF document, is sent to the customer as an email attachment in an unencrypted mail. In case of an email document delivery problem I use a shared Dropbox download link for file transfer.
Inclusion of the data subject information, i.e., the customer name and email address in e-books serves two goals:
- The customer now is the owner of a unique personal copy of the document (e-book) and has proof of a legitimate purchase from the Frans Absil music webshop.
- The customer is aware of and agrees to respect the copyright restrictions. A statement to that end is printed on the colophon page of the document (e-book).
When purchasing sheet music, the customer name (e.g., orchestra or band name, conductor name, institution) and (email) address are printed in the score and instrumental parts page footer.
When purchasing other items, such as software models and files, the delivery date, customer name and email address are written into the source file. In addition the customer receives an End User License Agreement (EULA) plus Readme text file. These state that the software user is aware of the relevant terms and conditions.
Data storage and sharing
The payment confirmation messages as sent by PayPal to the Gmail account (see above) are deleted from the mail account after each quarter. For example, all orders and purchases in the months January to March (Q1) are deleted in April (Q2). Copies of these orders are stored as PDF files. Also, each quarter the mails with the product delivery (message with text and e-book or sheet music attachments) are deleted from the Gmail account.
Customer data, i.e., name and email address, product and payment information, are stored for financial administration, income tax and audit purposes. The retention period is 7 (seven) years, starting from the end of the tax year. Customers who have given consent for receiving product update information (see above), have their email address added to a marketing mailing list. The retention period for personal data obtained through incidental email contacts is 1 (one) year.
Data subject information is stored on a local computer, a single platform with regular data backup on storage media. No data subject information is stored in the cloud.
The data controller will never disclose, share or sell data subject information to third parties or other data controllers. (Third parties PayPal and Google will obtain data when a purchase is made from the webshop or people contact me through my Gmail account, see above). Customer data is not processed further, e.g., by automatic decision making logic or by artificial intelligence software (there is no customer profiling). Therefore, the right to respect data portability and the right not to be subject to automated decision-making have been respected by default.
Individual rights
Information pages on the Frans Absil website provide product details (content, pricing, production process), and specify the product order and delivery procedure.
Use the email address from the Gmail account in order to:
- Receive an overview of what data subject information has been stored (right to inspect, right of access).
- Correct or update data subject (customer) information (right to rectification, correction).
- Request removal from the product update information email address list (withdraw consent, right to opt-out, unsubscribe from email address list, right to object).
- Request data subject information removal (right of data deletion, data erasure).