On-Boarding avenues for Homestyle:

  • This is all aimed at Homestyle Textile CC (“Homestyle”) and not “Ethos” as Homestyle is the actual entity liable and not the trading name.

Key:

PP = Privacy Policy

PII = Personally Identifiable Information

SLA = Service Level Agreement (i.e. a contract of service)

Avenue: Website

Method

  1. Pop-up warning on landing page – with warning and active click required.
  2. Privacy Policy on all page’s footer (at least landing page).
  3. Any website function allowing the input/submission of PII must have an explicit warning (with hyperlink to privacy policy) and empty click-wrap to be clicked in order to commence/action the step, which usually happens at the following (main) junctures on a website:
    1. Newsletter sign-up;
    2. Long form Contact page; and

Any other point at which they can submit their PII to you for processing.

What you need

  1. Pop-up banner saying: “By continuing the use of our Website, you are explicitly and actively consenting to our processing of your personal information as per our Privacy Policy”.
    1. The word “Privacy Policy” must be hyperlinked to your privacy policy;
    2. There must be an active button saying “Accept” on it, which the user must click to remove it from the webpage.
  2. Hyperlink to the privacy policy on footer of landing page
  3. PII Junctures require the following warning and empty click-wrap box to be ticked before the user can continue:

“By pushing “Submit”/etc, you are explicitly and actively consenting to our processing of your personal information as per our Privacy Policy”.

  1. The word “Privacy Policy” must be hyperlinked to your privacy policy;
  2. There must be an active button saying “Accept” on it, which the user must click to remove it from the webpage; and
  3. The click-wrap box must be empty for clicking.

Avenue: Contracting with clients or contractors over email

Method

  1. Having the Privacy Policy sent with Homestyle’s SLA for email contracting, where the client must sign both the SLA and the attached PP (either electronic or physical signature).
  2. Footer explanation about why you’re emailing that user on emails.

What you need

  1. PDF version PP with electronic or physical signature space on it.
  2. General privacy disclaimer on your customer emails

Avenue: At physical events (e.g. roadshows)

Method

  1. Have a copy of the PP available for data subject to review.
  2. Have any sign-up sheet for data subjects explicitly warn data subjects (on the sheet itself) that the PP applies to the processing of their PII, and they can obtain a copy of the PP at the event from you, or on the Website.
  3. Same sign-up sheet must then also have an empty box for the data subject to tick off as explicitly accepting your processing of their PII as per the PP.
  4. Board with notice of disclaimer and warnings about filming people at your stalls

What you need

1. Physical copy of PP (a few copies)
2. Sign-up sheet with adequate processing warning and tick off acceptance on sheet
3. Warning notice about filming in stalls

Avenue: Contractors contracted to provide you with their services

Method

When they send you their SLA, you must:

  1. Check that their SLA has sufficient data clauses in it.
  2. If not, you need to have them update their SLA with data clauses.
  3. You then send them a copy of your PP and explain that same will apply, which PP they then have to sign as accepted.

What you need

  1. Review their SLA for data clauses
  2. PDF version PP with electronic or physical signature space on it

Avenue: Staff

Method

  1. Have data warnings clauses in their Employment Contracts.

What you need

  1. General data clauses in their employment agreements

Avenue: Telephone calls / walk ins

Method

  1. If the data subject provides PII over the call, you have to telephonically warn them about the application of your PP to the processing of their PII, and explain where they can get a PP copy.
  2. If they have any objections, they can immediately contact you to action their rights as per the PP.

What you need

  1. Staff training

Avenue: CCTV on premises

Method

  1. Standard disclaimer and warning (inside property)
  2. General warning for outside (outside property)

What you need

  1. Inside notice (more detailed)
  2. Outside notice (very general warning)

Avenue: Whatsapp message / SMS / WeChat / Telegram etc

Method

  1. Anywhere in your replying message to a data subject, explain in friendly and simple text that you will be using their personal information to continue to contact them as requested, where they can view your applicable PP on your website to understand your processing.

What you need

  1. Replicable warning line in all sms-style messages with hyperlink to your PP