Data Management Policy
Personal Data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
Walulel may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Usage Data includes information about how you use our website, products and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
2. Data Management
- Personal Data is managed according to the Data Protection Act 2018.
- It is only retained by Walulel for the purposes of maintaining your profile.
- Personal data is only captured in electronic form and is stored on our servers. We also make use of Amazon Web Services which implements Global Best Practice for information security.
- Walulel only collects the data it needs and keeps it only as long as necessary (this will vary depending on the data concerned and will therefore be outlined within the relevant Data Plan).
- Only staff who need to access Personal Data for business operation are permitted access. All staff who are permitted access are aware that they have a responsibility for the use and management of Personal Data.
- We ensure that education and training is provided on data collection, maintenance, retention, handling and security for all employees with operational responsibility for managing, handling or processing data.
3. Data Governance
We are committed to a structured approach to data governance. This happens in accordance with other relevant institutional policies and legislation. We have a Data Protection Officer responsible for the execution of this policy.
The Data Protection Officer has the responsibility for the day‐to‐day protection of Personal data. They have undergone the relevant legal training to execute this role. The Data Protection Officer may allow Data Custodians to have and grant access to staff members needing to upload or have access to customers’ Personal Data in the execution of their role.
In the execution of their role the Data Protection Officer will ensure Data Custodians also have relevant training at all times. They will perform audits as the Data Protection Act and business best practise dictates to ensure adherence.
4. Security and Record Keeping
It is the responsibility of the Data Protection Officer to keep records of DPA adherence audits and maintain a schedule of both routine and requested data retention purges.
5. Data breach notification procedures
It is the responsibility of the Data Protection Officer to ensure data breach notification procedures are maintained and adhered to. The Data Protection Officer ensures that Data Custodians and all other relevant staff who handle Personal Data know what to do in the event of a data breach. Your handling of a data breach could be subject to legal scrutiny.