{"id":12206,"title":"GDPR means send them what they want, nothing else.","description":"Teemill is designed so a lot of the hard stuff is built in. You don't need to worry about supply chain, stock, writing code or studio shoots. We designed the data handling part of your store in the same way. In this blog we add detail on what we did to build privacy into the product from the start.","content":"<p>Teemill is designed so that a lot of the really hard stuff is built in. That's why you don't need to write code - our engineers do that for you - and you don't need to worry about supply chain, stock, returns or studio <a href=\"\/blog\/?search=photography\">photography<\/a>. When we built the data handling part of your store, we designed it around the GDPR in the same way. By design, you don't need to do anything as data is collected and secured correctly. The marketing tools you have access to on your side are firewalled from the raw data on our side, so you can have all the advantages of the tools with none of the risk.<\/p><p>You do need to use these tools mindfully though, as while we store, control and secure data in a GDPR-compliant way, you are in control of the content you upload on your storefront and when using these tools. So when it comes to the GDPR, the obligation you have is to ensure you do not misuse the tools - that's something we agreed when you signed up - and what it means is that <em>the content you upload to the send side must consistent with what the subscriber actually signed up for.<\/em> We take care of the rest. The purpose of this blog is just to refresh some of the principles and add a little detail on what we did behind the scenes to build privacy into the product from the start.<\/p><p><img src=\"https:\/\/images.teemill.com\/zkhtz3wgm03mwdq91o6kr5fv6fhfvadx5clatx8h9x5wso86.jpeg.jpg?w=1140&amp;h=auto\" alt=\"\" title=\"79101832\"><br><em>-- A good test to ensure your content is compliant: Is this related to your store and is it the kind of stuff they actually want? Take care to send relevant, high quality engaging content to your subscribers.<\/em><\/p><p>The GDPR is pretty simple and clever legislation. Without stopping businesses who have a legitimate marketing plan or existing relationships where they need to communicate with a customer to fulfil orders or other contracts (and where the customer is actually interested in content relevant to what they want) the rules go like this: It's the customer's data, and it's up to them how it is used, and if there is any doubt, a business has the minimum amount of right to keep or use it.<\/p><p>This helps us answer one fundamental question...<\/p><h3><strong>Who owns the email customer data?<\/strong><\/h3><p>It's not Teemill's data, and it's not your data: The data belongs to the individual. This is a core principle of the GDPR and inconvenient for people who hope to download, sell, use or otherwise exploit data for profit. And that's exactly why it's not possible in Teemill and not legal anymore. This is common sense stuff, a business cannot own that individual's personally identifiable data. Your name and your home address belongs to you. If you give it to a business, you simply lend it to them for a reason, but it's not theirs to do as they please.<\/p><p>This is quite an important change to the entire data ecosystem. Any personal data that a business has is simply being lent to the business by the individual and <em><u>they have a right<\/u><\/em> to expect it is stored and used only in ways that are consistent with what they reasonably expect. At Teemill, we control the data, so the relationship and the services\/communications that a user receives from Teemill is governed by the Privacy Policy and the Terms of Sale when they check out or sign up &amp; confirm their email address.\u00a0 It is up to us to collect it, store it, and indeed delete it in ways that they would expect. We have set that all up so you don't have to.<\/p><p>Some of this work we detail in policies. They might sound big, but they relate to some straightforward and practical things that protect the user's data in a way that's designed specifically around the GDPR framework.<\/p><ul><li><p><strong>Privacy by design.<\/strong> This means that the platform is structured so that the data is only available to those that need to see it, when they need to see it. If there's not a good reason to show it (e.g. you do not need to see everyone's email to send an email) then it should not be shown, designing in privacy for the user by default.<\/p><\/li><li><p><strong>Digital security.<\/strong> The structure of the server and databases, plus the way the code is written, means that data collected via Teemill stores is stored securely. Critical systems are encrypted, firewalled and secured by two-factor authentication. Regular penetration testing and OWASP security audits ensure the place in which data is stored is secure.<\/p><\/li><li><p><strong>Data minimisation design.<\/strong> Where we do collect data, only the minimum amount of data is collected. We don't grab people's date of birth, or their national insurance number if they just want to subscribe to get marketing emails. And if they sign up for a newsletter, we don't need their home address. Minimising data minimises risk because there's less data to start with. Example? We don't store card details of customers. Think about the benefit of that in a worst case scenario. It's an empty safe.<\/p><\/li><li><p><strong>Data retention policies. <\/strong>You might have noticed your database shrinking slightly if you haven't done much signup work, or if your marketing is a little salesy. The data retention systems we have actually segment, anonymise and automatically handle unsubscribe functions if the person doesn't want communications anymore. It's not just manual unsubscribes, we actually detect disinterested subscribers and triage them too, automatically.<\/p><\/li><li><p><strong>Pseudonym anonymisation. <\/strong>Where data is needed to ensure the integrity of a database, but the actual name or address is no longer relevant or needed, our algorithms use pseudonyms to anonymise data and protect their identity.<\/p><\/li><\/ul><p>As you can see, the GDPR is designed to replace the 'opt in tickbox' with a far more comprehensive set of fundamental principles designed to protect the user's privacy at every stage. There might be some big words above but they are common sense, practical steps that we have put in place and demonstrate just some of the ways that the GDPR regulations are built in to the Teemill architecture. People get quite excited about it but it's really quite simple. If they loan you their data, send them what they want, nothing else.<\/p><p><img src=\"https:\/\/images.teemill.com\/fsia3f9s5rho189wa6vdcuaxrodtrvuzueindmiuzye4u4yi.jpeg.jpg?w=1140&amp;h=auto\" alt=\"\" title=\"79104827\"><br><em>-- The GDPR is not about tickboxes. It's about the privacy of the individual and the principle of only using their data in ways that they expect.<\/em><\/p><p>Having thought of things from the user's perspective (it's their data, not ours, or yours) you might have worked out why you cannot download the home address of a person who has shopped from your store and go knock on their door. We built that kind of privacy into Teemill by design because there's not a legitimate interest in having their home address, it's not relevant to their purchase of a t-shirt, and on a 'balancing test' (which is something a business can do to work out how to handle data) there's more risk of someone's home address being misused than the benefit to the user of having it shared around online where it could get exposed. It also protects you, because you literally can't do it wrong. As Teemill is the data controller, it's on us to have thought about and documented these things. <strong>We did all this so you don't have to.<\/strong> Your competitors are not so lucky.<\/p><blockquote><p>Essentially we designed this tool so that you have all the benefits of tools that enable you to send relevant marketing to your customer database without any of the the drawbacks of controlling the data yourself.<\/p><\/blockquote><p>The outcome we were looking for was to make life as easy as possible for you to ensure compliance by design and put simply, if you cannot download someone's name and address onto your laptop, it's simply not possible to do that part of GDPR wrong.<\/p><h3>So if I don't need to do paperwork, what DO I need to do?<\/h3><p>While you don't need to fill out any forms, or do any extra work, you do need to be aware of the one responsibility you do have here: When you use our software or services you have to use them in a way that is consistent with what we agreed when you signed up: There's some important responsibilities you've probably already thought about when editing your store and creating products, like ensuring that you don't upload trademarked or copyrighted designs and photos. The same sort of principle applies to these marketing tools. While we collect, control and secure data in a compliant way, when you upload content to Teemill for marketing purposes, <em>the content must be consistent with what the user signed up for <\/em>and\/or what they reasonably would expect to receive relating to the brand &amp; shop they subscribed to or purchased from.<\/p><blockquote><p>If the user is interested in your products and that's what they signed up for, you must only upload or produce content relevant to those interests.<\/p><\/blockquote><p>This is an important part of the GDPR that is often overlooked, in that you can have all the paperwork and security you want but if you communicate with the individual in a way that is not relevant to their interests or not reasonably part of or linked to a purchase, that could be illegal. So if you've built up a database for your Vegan T-shirt brand, then send them a mail about something else, this would probably be a breach of the GDPR. And it's also a breach of our terms, and we monitor and moderate marketing content uploaded to Teemill to ensure that it is relevant to the store.<\/p><p>It's not just because there's a risk that you will get busted by the data regulator if you misuse these tools, you should be aware that the IP reputation of your web address and email is very sensitive. URLs that have a high unsubscribe rate, high delete rate and even a microscopic number of people who report as spam suffer consequences that can range from simple blacklisting of emails to full-blown deindexing. Spamming people doesn't work these days, so please do not misuse the tools and only send interesting relevant content as per the advice in the other blogs <a href=\"https:\/\/teemill.com\/blog\/?search=teemail\" target=\"_blank\" rel=\"noreferrer noopener\">in this series<\/a>. It's not just a GDPR thing, it's common sense.<\/p><blockquote><p>Want to know what content is GDPR-compliant? Think about why the user signed up and send them what they want, when they want it. Don't send them anything else. That's it.<\/p><\/blockquote><p>So the responsibility you have is a legal, contractual and ethical responsibility to use the tool in good faith to promote your brand on Teemill, as governed by <a href=\"https:\/\/teemill.com\/terms-and-conditions\/\" target=\"_blank\" rel=\"noreferrer noopener\">Teemill store operator terms<\/a>.<\/p><h3><strong>How does this impact newsletter content?<\/strong><\/h3><p>Because of the importance of maintaining the relationship between the data subject and the services\/communications received from Teemill, it's important to ensure your content is clearly relevant to your Teemill site and the content on the blogs, pages, or the products, among your other stories, as this is the basis for having the data and sending communications relevant to their purchase - it is your obligation to ensure the content is compliant with 'what they sign up for'. Adding blogs, photos, playlists? That's the kind of thing that is reasonable to send. An ad for another brand? That's not what they signed up for.<\/p><p><img src=\"https:\/\/images.teemill.com\/zqthdbblhmejde2rawjuaojm11xtoypdtyhnbzhvvzh9aadi.jpeg.jpg?w=1140&amp;h=auto\" alt=\"\" title=\"79104293\"><br><em>-- People who sign up to receive The Surfer's Path Monday Morning Wave expect to get exactly that, and perhaps a sprinkling of other blogs, stories or news (including new products) relating to the store. They don't expect (and shouldn't be sent) adverts for something else, like cleaning products.<\/em><\/p><h3>What else do I need to know?<\/h3><p>Aside from ensuring your content is relevant and consistent with what the user signed up for, you should also consider the other consequences of having a tool that allows you to communicate with the customer in your account and while we put in place lots of advanced data security measures, the password you choose for your store is a weak link if you set a weak one. We recommend you have in place your own internal controls to ensure passwords are strong on your login, for all the users of your account if you are running a multi-user team. If you're not sure how strong your password is, or if you use the same password elsewhere (e.g. Facebook) that is known to be hacked regularly, then now is a good time to refresh it to ensure that your Teemill password is strong, unique and safe.<\/p><h3>What do I need to do if someone wants to unsubscribe from my emails?<\/h3><p>Customers control their own communications preferences - this is not something you need to do nor something you can stop - and we have also built algorithms to detect when people are not interested in the content and segment or unsubscribe them automatically.<\/p><p>For this reason, if you see your database shrink that's a normal part of the GDPR-compliant way we store data. Our systems will stop sending any communications to anyone it detects are not reasonably interested in them any more. The best way to keep the dataset healthy (and compliant!) is to send high quality stuff that's relevant to the store and the reasons they signed up in the first place.<\/p><p>In summary, Teemail is designed with the regulations in mind and in a way that enables you to connect with your customers and give them a great service with fast, easy tools within Teemill, without needing to do anything to secure customer data - it's already stored securely. No admin, no legals. But an important responsibility.<\/p><p><strong><u>Send content the customer actually wants. Nothing more.<\/u><\/strong><\/p>","urlTitle":"teemail-customer-data-and-gdpr","url":"\/blog\/teemail-customer-data-and-gdpr\/","editListUrl":"\/my-blogs","editUrl":"\/my-blogs\/edit\/teemail-customer-data-and-gdpr\/","fullUrl":"https:\/\/teemill.com\/blog\/teemail-customer-data-and-gdpr\/","featured":false,"published":true,"showOnSitemap":true,"hidden":false,"visibility":null,"createdAt":1627307479,"updatedAt":1667887227,"publishedAt":1641989732,"lastReadAt":null,"division":{"id":12,"name":"Teemill"},"tags":[{"id":1224,"code":"teemail","name":"teemail","url":"\/blog\/tagged\/teemail\/"}],"metaImage":{"original":"https:\/\/images.podos.io\/kxejw8umngepyt8845we1twgwlli6lmnksxwg2qmittpzung.jpeg","thumbnail":"https:\/\/images.podos.io\/kxejw8umngepyt8845we1twgwlli6lmnksxwg2qmittpzung.jpeg.jpg?w=1140&h=855","banner":"https:\/\/images.podos.io\/kxejw8umngepyt8845we1twgwlli6lmnksxwg2qmittpzung.jpeg.jpg?w=1920&h=1440"},"metaTitle":"","metaDescription":"Teemill is designed so that GDPR is built in. Data handling is part of how your online store works and in this blog we explain it.","keyPhraseCampaignId":null,"series":[],"similarReads":[{"id":11952,"title":"The complete email marketing guide","url":"\/blog\/complete-email-marketing-campaign-guide-teemill\/","urlTitle":"complete-email-marketing-campaign-guide-teemill","division":12,"description":"Everyone has an email address and most people check their email every day. That\u2019s perhaps why it drives the best results of any one marketing strategy.\u00a0 And it\u2019s why we built a cutting edge email marketing system directly into Teemill Pro. Find out how to make the most of Teemail to build relationships with customers and grow your brand in our complete email marketing guide.","published":true,"metaImage":{"thumbnail":"https:\/\/images.podos.io\/ji0neksphaa9vlx0ms0gzalvt7nxcnthuvnekg8gjxggrf2y.png.jpg?w=1140&h=855","banner":"https:\/\/images.podos.io\/ji0neksphaa9vlx0ms0gzalvt7nxcnthuvnekg8gjxggrf2y.png.jpg?w=1920&h=1440"},"hidden":0},{"id":11954,"title":"How to get more email subscribers","url":"\/blog\/grow-email-newsletter-subscribers-teemill\/","urlTitle":"grow-email-newsletter-subscribers-teemill","division":12,"description":"Building a mailing list of engaged subscribers is a journey that takes time. Customers who shop with you will automatically be added to your mailing list and you can also add a Subscribe block to your pages so anyone can receive your newsletters. The principles of building a high quality list are easy to grasp so in this blog we're sharing the things we\u2019ve learned building email lists with millions of subscribers. You can replicate the same results.","published":true,"metaImage":{"thumbnail":"https:\/\/images.podos.io\/ck2eeot7meiz0f1ts8fssgc94fbigoub6zwx1xititqeltkk.png.jpg?w=1140&h=855","banner":"https:\/\/images.podos.io\/ck2eeot7meiz0f1ts8fssgc94fbigoub6zwx1xititqeltkk.png.jpg?w=1920&h=1440"},"hidden":0},{"id":11964,"title":"Your advanced email marketing strategy and technical tips for successful campaigns","url":"\/blog\/advanced-email-marketing-strategy-technical-tips-teemill\/","urlTitle":"advanced-email-marketing-strategy-technical-tips-teemill","division":12,"description":"There is a huge amount of technical work that goes into building an email marketing system with a high deliverability rate. We've done all the setup work for you inside Teemail. So this blog can skip straight to the important bit: The advanced techniques to help you get more from your mailing list, boost engagement, retain subscribers and keep those click-throughs high.","published":true,"metaImage":{"thumbnail":"https:\/\/images.podos.io\/2mnvlo2xezzmmrprlgcqqsgku5x1zzuwaucjqtixfzdlpepk.png.jpg?w=1140&h=855","banner":"https:\/\/images.podos.io\/2mnvlo2xezzmmrprlgcqqsgku5x1zzuwaucjqtixfzdlpepk.png.jpg?w=1920&h=1440"},"hidden":0}],"labels":{"monitorCheckExcluded":"1"}}