Discussion Forum: Thread 236881

 Author: Admin_Jaclyn View Messages Posted By Admin_Jaclyn
 Posted: May 25, 2018 19:54
 Subject: BrickLink’s GDPR-Compliance Plan of Action
 Viewed: 917 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Admin_Jaclyn

Location:  USA, California
Member Since Contact Type Status
Sep 3, 2014 Contact Member Admin
Buying Privileges - OKSelling Privileges - OK
BrickLink Administrator
BrickLink’s GDPR-Compliance Plan of Action

To satisfy the requirements of the EU General Data Protection Regulation (known
as the 'GDPR' ), BrickLink will be making a few small changes to our
system in the next few weeks.

You can read more about GDPR here: https://gdpr-info.eu/

BrickLink’s commitment to safeguarding your data hasn't changed--your
privacy is of the utmost importance to us. Our current privacy policy outlines
how we collect, use, share and protect your personal data. You can view our privacy
policy here: https://www.bricklink.com/help.asp?helpID=47

In addition, we are in the process of developing tools to give users more control
over their personal data.

Requesting the removal of personal data

-For now, BrickLink members can request that their personal data is removed from
BrickLink during the unregister process by contacting the Helpdesk--our admins
will manually remove personal account data on a case-by-case basis. We’re working
on a tool that will automate this process and hope to have it ready within the
next few weeks.

-Even though security questions/answers were removed from the registration process
several years ago, there are many users who still have this information internally
tied to their account. We’ll develop a tool to be able to view/edit your security
question (if one is present) on the Account Information page.

New Seller Verification page update

To combat scammers, we require new users to submit personal information (i.e.
proof of identity, proof of address, etc.) to verify their account before they
can open their store and sell on BrickLink. To comply with GDPR, we will outline
exactly how this information is used, how long it’s stored, and the method by
which it is destroyed/removed from our system on the New Seller Verification
page.

Personal information vs order data

-Under this new legislation, personal data that is necessary to fulfil
a contract--such as personal information tied to a BrickLink order--does
not fall within the new rights of the customer. Users have the right to request
that their account information (name, address, email, and security question)
is removed from our system but they cannot request to have any order information
removed from our system. We must retain order data for tax/financial reporting
and in the event that it should be turned over to law enforcement.


Additional Details / FAQ

-We do not store any kind of payment information on BrickLink.
-Catalog contributions and order feedback do not qualify to be removed under
GDPR.
-In regards to appointing a dedicated Data Protection Officer (DPO), we do not
think that it's necessary since we are not handling a significant amount
of sensitive data.

If you have any concerns or think that we’ve missed something, please let us
know by replying to this post or by sending a message to the Helpdesk.

Thanks!

Sincerely,
Team BrickLink
 Author: SylvainLS View Messages Posted By SylvainLS
 Posted: May 25, 2018 20:04
 Subject: Re: BrickLink’s GDPR-Compliance Plan of Action
 Viewed: 121 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

SylvainLS (26)

Location:  France, Nouvelle-Aquitaine
Member Since Contact Type Status
Apr 25, 2014 Contact Member Buyer
Buying Privileges - OK
In Administrative, Admin_Jaclyn writes:
  BrickLink’s GDPR-Compliance Plan of Action
[…]

Many thanks.

As you might note with this very recent thread https://www.bricklink.com/message.asp?ID=1091730
, some sellers (well, at least one) are wondering if and how they should comply
with the GDPR.
Could you expand on that?
 Author: Admin_Jaclyn View Messages Posted By Admin_Jaclyn
 Posted: May 25, 2018 20:22
 Subject: Re: BrickLink’s GDPR-Compliance Plan of Action
 Viewed: 168 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Admin_Jaclyn

Location:  USA, California
Member Since Contact Type Status
Sep 3, 2014 Contact Member Admin
Buying Privileges - OKSelling Privileges - OK
BrickLink Administrator
Hi Sylvain,

Thanks for your question! I'm certainly not an expert on this new legislation
but my understanding is that retaining transaction information for tax purposes
is not considered a violation of the GDPR.

If we learn anything different we will inform our sellers immediately.

Thanks again!

-Jaclyn
BrickLink Admin Team


In Administrative, SylvainLS writes:
  In Administrative, Admin_Jaclyn writes:
  BrickLink’s GDPR-Compliance Plan of Action
[…]

Many thanks.

As you might note with this very recent thread https://www.bricklink.com/message.asp?ID=1091730
, some sellers (well, at least one) are wondering if and how they should comply
with the GDPR.
Could you expand on that?
 Author: SylvainLS View Messages Posted By SylvainLS
 Posted: May 25, 2018 21:06
 Subject: Re: BrickLink’s GDPR-Compliance Plan of Action
 Viewed: 113 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

SylvainLS (26)

Location:  France, Nouvelle-Aquitaine
Member Since Contact Type Status
Apr 25, 2014 Contact Member Buyer
Buying Privileges - OK
In Administrative, Admin_Jaclyn writes:
  Hi Sylvain,

Thanks for your question! I'm certainly not an expert on this new legislation
but my understanding is that retaining transaction information for tax purposes
is not considered a violation of the GDPR.

Okay, though don’t they need a “we only collect transaction information for tax
purposes” in their ToS?

Or something like that: https://xkcd.com/1998/
(For those who don’t know the XKCD, hover over the image to get more, er, info.)


By the way, are there sellers who collect more / for other purposes?


  If we learn anything different we will inform our sellers immediately.
 Author: NelisSolis View Messages Posted By NelisSolis
 Posted: May 26, 2018 03:42
 Subject: Re: BrickLink’s GDPR-Compliance Plan of Action
 Viewed: 85 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

NelisSolis (1974)

Location:  Netherlands, Zuid-Holland
Member Since Contact Type Status
Nov 4, 2013 Member Does Not Allow Contact Seller
Buying Privileges - OKSelling Privileges - OK
Store: NelisSolis Toys
In Administrative, SylvainLS writes:
  In Administrative, Admin_Jaclyn writes:
  Hi Sylvain,

Thanks for your question! I'm certainly not an expert on this new legislation
but my understanding is that retaining transaction information for tax purposes
is not considered a violation of the GDPR.

Okay, though don’t they need a “we only collect transaction information for tax
purposes” in their ToS?


What I learned when working on the GPDR-implementation for a sportclub, GPDR
is mainly about:
- having a legit purpose for collecting the personal data;
- being transparent and specific about which data you collect;
- being transparent about how you store the data;
- being transparent about with who you share the data;
- being transparent about how long you store the data.

To focus it on sellers here on Bricklink: if a seller collects/stores personal
data of buyers outside Bricklink you must have something like a Privacy Statement
on a easy to find place where a buyer can give consent or can decide to walk
away. Likely this would be a paragraph in your Store Terms, since those are shown
on check-out.

Examples of storage outside the Bricklink-environment:
- mail-account: the order notification emails contain the personal information
of the buyer;
- financial / tax administration: Not in all cases, but if you need (or want)
to store personal information here, you have to deal with GPDR.
- marketing database: the newsletter option on Bricklink shouldn't be a big
deal for sellers in relation to GPDR, but if you have your own marketing database
(or list of mail adresses), this should comply with GPDR
- postal services: some couriers have the ability to save (address) information
in their system for easy use with follow-up orders. No big deal, as long as you
have it mentioned in your Privacy Statement.


Or something like that: https://xkcd.com/1998/
  (For those who don’t know the XKCD, hover over the image to get more, er, info.)


Something like this, only you are not allowed to hide the relevant information
in a big bowl of non-information (although this example is funny )

  By the way, are there sellers who collect more / for other purposes?

Probably some of the bigger sellers (likely those who sell on multiple platforms)
do collect data for marketing purposes through an offside system.
 Author: 62Bricks View Messages Posted By 62Bricks
 Posted: May 26, 2018 11:21
 Subject: Re: BrickLink’s GDPR-Compliance Plan of Action
 Viewed: 66 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

62Bricks (733)

Location:  USA, Missouri
Member Since Contact Type Status
Jan 27, 2002 Member Does Not Allow Contact Seller
Buying Privileges - OKSelling Privileges - OK
Store Closed Store: 62 Bricks
In Administrative, NelisSolis writes:
  In Administrative, SylvainLS writes:
  In Administrative, Admin_Jaclyn writes:
  Hi Sylvain,

Thanks for your question! I'm certainly not an expert on this new legislation
but my understanding is that retaining transaction information for tax purposes
is not considered a violation of the GDPR.

Okay, though don’t they need a “we only collect transaction information for tax
purposes” in their ToS?


What I learned when working on the GPDR-implementation for a sportclub, GPDR
is mainly about:
- having a legit purpose for collecting the personal data;
- being transparent and specific about which data you collect;
- being transparent about how you store the data;
- being transparent about with who you share the data;
- being transparent about how long you store the data.

To focus it on sellers here on Bricklink: if a seller collects/stores personal
data of buyers outside Bricklink you must have something like a Privacy Statement
on a easy to find place where a buyer can give consent or can decide to walk
away. Likely this would be a paragraph in your Store Terms, since those are shown
on check-out.

Examples of storage outside the Bricklink-environment:
- mail-account: the order notification emails contain the personal information
of the buyer;
- financial / tax administration: Not in all cases, but if you need (or want)
to store personal information here, you have to deal with GPDR.
- marketing database: the newsletter option on Bricklink shouldn't be a big
deal for sellers in relation to GPDR, but if you have your own marketing database
(or list of mail adresses), this should comply with GPDR
- postal services: some couriers have the ability to save (address) information
in their system for easy use with follow-up orders. No big deal, as long as you
have it mentioned in your Privacy Statement.


Or something like that: https://xkcd.com/1998/
  (For those who don’t know the XKCD, hover over the image to get more, er, info.)


Something like this, only you are not allowed to hide the relevant information
in a big bowl of non-information (although this example is funny )

  By the way, are there sellers who collect more / for other purposes?

I do not now how widespread this was, but there was one person here who kept
and distributed a list of people who did not agree with his particular interpretation
of the Paypal terms of service. He was very vocal about it, and offered to share
his list with anyone who wanted it. It was a blacklist of sorts. It was probably
a violation of existing privacy rules at the time, and I believe would still
be.

  
Probably some of the bigger sellers (likely those who sell on multiple platforms)
do collect data for marketing purposes through an offside system.

The GDRP is drawing attention to this, but people may not be aware that the payment
processor they are using possibly already has similar terms in their agreements.
Paypal, for example, prohibits you from using data gathered through use of their
service for marketing purposes unless the customer gives explicit consent.
 Author: ZacharyWathen97 View Messages Posted By ZacharyWathen97
 Posted: May 26, 2018 12:21
 Subject: Re: BrickLink’s GDPR-Compliance Plan of Action
 Viewed: 69 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

ZacharyWathen97 (10)

Location:  USA, Kansas
Member Since Contact Type Status
Jan 24, 2015 Contact Member Buyer
Buying Privileges - OK
  I do not now how widespread this was, but there was one person here who kept
and distributed a list of people who did not agree with his particular interpretation
of the Paypal terms of service.

Oh, it's wide spread. I do not even live in Europe and I have already received
a dozen privacy update notices for a dozen different sites. Can any other American
here vouch for this?
 Author: Teup View Messages Posted By Teup
 Posted: May 26, 2018 09:17
 Subject: Re: BrickLink’s GDPR-Compliance Plan of Action
 Viewed: 68 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Teup (3898)

Location:  Netherlands, Utrecht
Member Since Contact Type Status
May 6, 2004 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: The T-workshop
Could you check if we sellers need a Data Processing Agreement with you? I think
it's not so much about holding data being a violation, more that it needs
to be specified and there needs to be an agreement between parties. I don't
know much at all about law, but I can imagine there needs to be some contract
between Bricklink and each seller, something that Bricklink can generate a template
for or that even applies automatically, after a mail to the sellers telling them
to read it. I don't know, but if you google Data Processing Agreement I think
you will figure it out.

In Administrative, Admin_Jaclyn writes:
  Hi Sylvain,

Thanks for your question! I'm certainly not an expert on this new legislation
but my understanding is that retaining transaction information for tax purposes
is not considered a violation of the GDPR.

If we learn anything different we will inform our sellers immediately.

Thanks again!

-Jaclyn
BrickLink Admin Team


In Administrative, SylvainLS writes:
  In Administrative, Admin_Jaclyn writes:
  BrickLink’s GDPR-Compliance Plan of Action
[…]

Many thanks.

As you might note with this very recent thread https://www.bricklink.com/message.asp?ID=1091730
, some sellers (well, at least one) are wondering if and how they should comply
with the GDPR.
Could you expand on that?
 Author: StarBrick View Messages Posted By StarBrick
 Posted: May 26, 2018 10:40
 Subject: Re: BrickLink’s GDPR-Compliance Plan of Action
 Viewed: 64 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

StarBrick (4954)

Location:  Netherlands, Gelderland
Member Since Contact Type Status
Oct 18, 2008 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: StarBrick's BrickShop
In Administrative, Teup writes:
  Could you check if we sellers need a Data Processing Agreement with you? I think
it's not so much about holding data being a violation, more that it needs


That's my point: have an agreement and one thinks one complies..... guess
not.
 Author: Teup View Messages Posted By Teup
 Posted: May 26, 2018 11:45
 Subject: Re: BrickLink’s GDPR-Compliance Plan of Action
 Viewed: 59 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Teup (3898)

Location:  Netherlands, Utrecht
Member Since Contact Type Status
May 6, 2004 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: The T-workshop
In Administrative, StarBrick writes:
  In Administrative, Teup writes:
  Could you check if we sellers need a Data Processing Agreement with you? I think
it's not so much about holding data being a violation, more that it needs


That's my point: have an agreement and one thinks one complies..... guess
not.

The DPA is an integral part of the new law. I have one with my web hosting provider
so I can very well imagine I need one with Bricklink.
 Author: StarBrick View Messages Posted By StarBrick
 Posted: May 26, 2018 12:27
 Subject: Re: BrickLink’s GDPR-Compliance Plan of Action
 Viewed: 63 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

StarBrick (4954)

Location:  Netherlands, Gelderland
Member Since Contact Type Status
Oct 18, 2008 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: StarBrick's BrickShop
  The DPA is an integral part of the new law. I have one with my web hosting provider
so I can very well imagine I need one with Bricklink.

Having one at one side doesn't automatically make it necessary to have it
at all.
Most of these DPA's are set up to waive off liability for potential risks
(and claims and costs). "Look I got a DPA so don't blame me!" is not the
way to get rid off stupid behaviour
 Author: yorbrick View Messages Posted By yorbrick
 Posted: May 26, 2018 04:44
 Subject: Re: BrickLink’s GDPR-Compliance Plan of Action
 Viewed: 68 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

yorbrick (599)

Location:  United Kingdom, England
Member Since Contact Type Status
Apr 11, 2011 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: Yorbricks
Who is the European representative for GDPR for BL?
 Author: Teup View Messages Posted By Teup
 Posted: May 26, 2018 04:59
 Subject: Re: BrickLink’s GDPR-Compliance Plan of Action
 Viewed: 71 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Teup (3898)

Location:  Netherlands, Utrecht
Member Since Contact Type Status
May 6, 2004 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: The T-workshop
In Administrative, Admin_Jaclyn writes:
  BrickLink’s GDPR-Compliance Plan of Action

To satisfy the requirements of the EU General Data Protection Regulation (known
as the 'GDPR' ), BrickLink will be making a few small changes to our
system in the next few weeks.

You can read more about GDPR here: https://gdpr-info.eu/

BrickLink’s commitment to safeguarding your data hasn't changed--your
privacy is of the utmost importance to us. Our current privacy policy outlines
how we collect, use, share and protect your personal data. You can view our privacy
policy here: https://www.bricklink.com/help.asp?helpID=47

In addition, we are in the process of developing tools to give users more control
over their personal data.

Requesting the removal of personal data

-For now, BrickLink members can request that their personal data is removed from
BrickLink during the unregister process by contacting the Helpdesk--our admins
will manually remove personal account data on a case-by-case basis. We’re working
on a tool that will automate this process and hope to have it ready within the
next few weeks.

-Even though security questions/answers were removed from the registration process
several years ago, there are many users who still have this information internally
tied to their account. We’ll develop a tool to be able to view/edit your security
question (if one is present) on the Account Information page.

New Seller Verification page update

To combat scammers, we require new users to submit personal information (i.e.
proof of identity, proof of address, etc.) to verify their account before they
can open their store and sell on BrickLink. To comply with GDPR, we will outline
exactly how this information is used, how long it’s stored, and the method by
which it is destroyed/removed from our system on the New Seller Verification
page.

Personal information vs order data

-Under this new legislation, personal data that is necessary to fulfil
a contract--such as personal information tied to a BrickLink order--does
not fall within the new rights of the customer. Users have the right to request
that their account information (name, address, email, and security question)
is removed from our system but they cannot request to have any order information
removed from our system. We must retain order data for tax/financial reporting
and in the event that it should be turned over to law enforcement.


Additional Details / FAQ

-We do not store any kind of payment information on BrickLink.
-Catalog contributions and order feedback do not qualify to be removed under
GDPR.
-In regards to appointing a dedicated Data Protection Officer (DPO), we do not
think that it's necessary since we are not handling a significant amount
of sensitive data.

If you have any concerns or think that we’ve missed something, please let us
know by replying to this post or by sending a message to the Helpdesk.

Thanks!

Sincerely,
Team BrickLink

Hi Jaclyn,
Thanks for your quick reply to my message and thanks for this update!
Mathieu
 Author: StarBrick View Messages Posted By StarBrick
 Posted: May 26, 2018 07:53
 Subject: Re: BrickLink’s GDPR-Compliance Plan of Action
 Viewed: 72 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

StarBrick (4954)

Location:  Netherlands, Gelderland
Member Since Contact Type Status
Oct 18, 2008 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: StarBrick's BrickShop
Thanks for the update of the privacy regulations layed out by the EU.
Sometimes they are helpful, the EU, but in this case it looks like overkill....
 Author: Teup View Messages Posted By Teup
 Posted: May 26, 2018 08:49
 Subject: Re: BrickLink’s GDPR-Compliance Plan of Action
 Viewed: 74 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Teup (3898)

Location:  Netherlands, Utrecht
Member Since Contact Type Status
May 6, 2004 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: The T-workshop
In Administrative, StarBrick writes:
  Thanks for the update of the privacy regulations layed out by the EU.
Sometimes they are helpful, the EU, but in this case it looks like overkill....

Actually I think this is finally one positive move, after so many privacy invasions
and scandals we've been seeing over the past years. There's not much
left of the privacy human right nowadays, and few people bother to stand up for
it anymore. I'm surprised that the big money didn't seem to have won
this time, and it restores my faith a little.
 Author: StarBrick View Messages Posted By StarBrick
 Posted: May 26, 2018 10:31
 Subject: Re: BrickLink’s GDPR-Compliance Plan of Action
 Viewed: 63 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

StarBrick (4954)

Location:  Netherlands, Gelderland
Member Since Contact Type Status
Oct 18, 2008 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: StarBrick's BrickShop
  Actually I think this is finally one positive move, after so many privacy invasions
and scandals we've been seeing over the past years. There's not much
left of the privacy human right nowadays, and few people bother to stand up for
it anymore. I'm surprised that the big money didn't seem to have won
this time, and it restores my faith a little.

I can hardly agree here.
It's like giving a kid a box of matches that sets fire to a school and the
firemen that put out the school get all the credits.... Who let them first acquire
all of the personal data? Who gave (you, me, everybody!) it to these companies?
Right. Not so nice a reflection you get from that mirror....

You can not expect a kid to be safe with matches.... So why is everyone so spooked
with the Cambridge Analytics scheme etc.? This legislation was in the making
for several years, keep that in mind.

The funny part: every time I post something here, I must (EVERY TIME) agree that
this is posted here and shared by the forum of BL. THAT is what this guideline
implies. Impossible to adhere to.....
 Author: Teup View Messages Posted By Teup
 Posted: May 26, 2018 11:58
 Subject: Re: BrickLink’s GDPR-Compliance Plan of Action
 Viewed: 68 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Teup (3898)

Location:  Netherlands, Utrecht
Member Since Contact Type Status
May 6, 2004 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: The T-workshop
In Administrative, StarBrick writes:
  
  Actually I think this is finally one positive move, after so many privacy invasions
and scandals we've been seeing over the past years. There's not much
left of the privacy human right nowadays, and few people bother to stand up for
it anymore. I'm surprised that the big money didn't seem to have won
this time, and it restores my faith a little.

I can hardly agree here.
It's like giving a kid a box of matches that sets fire to a school and the
firemen that put out the school get all the credits.... Who let them first acquire
all of the personal data? Who gave (you, me, everybody!) it to these companies?
Right. Not so nice a reflection you get from that mirror....

You can not expect a kid to be safe with matches.... So why is everyone so spooked
with the Cambridge Analytics scheme etc.? This legislation was in the making
for several years, keep that in mind.

The funny part: every time I post something here, I must (EVERY TIME) agree that
this is posted here and shared by the forum of BL. THAT is what this guideline
implies. Impossible to adhere to.....

You make it sound as if it's some kind of free choice, but it's not.
Of course I have platform applications switched off on Facebook. But the day
before yesterday I was on the airport in Moscow and wanted to contact some people
through wifi. In the terms it stated that all of my info would be shared with
3rd parties and kept for 25 (!!) years. That would be impossible under the new
EU law. I ended up not doing it, but sometimes in such situations there is just
no choice. Imagine you need some medication they sell in some webshop and they
have such a crazy policy. There are tons of cases where the companies just have
power over you. Imagine someone in the local shopping center following you around
and taking notes of everything you buy, offers you look at, and follow you home
and record your address, get into your documents and record your name, age etc.
To me, this is just creepy. That guy is Google Analytics. I am glad that under
the new laws there are restrictions to such things, such as the right to be forgotten.
It's not a solution to everything that gives us back our privacy, it's
always a compromise. But at least it's something..
 Author: StarBrick View Messages Posted By StarBrick
 Posted: May 26, 2018 12:31
 Subject: Re: BrickLink’s GDPR-Compliance Plan of Action
 Viewed: 78 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

StarBrick (4954)

Location:  Netherlands, Gelderland
Member Since Contact Type Status
Oct 18, 2008 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: StarBrick's BrickShop
In Administrative, Teup writes:
  That would be impossible under the new EU law. I ended up not doing it, but sometimes in such situations there is just
no choice.

See, that's the point. You DO have a choice. And you mad it in Moscow. So
WHY won't you consider the same thing at the Dutch airports? It is up to
YOU to make well thought decisions instead of now point at the companies that
so called gained your trust but abused your data..... Echelon, Sleepwet, all
programs and systems and laws that gather data you can't even protect oneself
from. That is the scary part.
I have a day job at a government agency, and trust me, you don't want to
trust the government......
 Author: ZacharyWathen97 View Messages Posted By ZacharyWathen97
 Posted: May 26, 2018 13:52
 Subject: Re: BrickLink’s GDPR-Compliance Plan of Action
 Viewed: 105 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

ZacharyWathen97 (10)

Location:  USA, Kansas
Member Since Contact Type Status
Jan 24, 2015 Contact Member Buyer
Buying Privileges - OK
In Administrative, StarBrick writes:
  In Administrative, Teup writes:
  That would be impossible under the new EU law. I ended up not doing it, but sometimes in such situations there is just
no choice.

See, that's the point. You DO have a choice. And you mad it in Moscow. So
WHY won't you consider the same thing at the Dutch airports? It is up to
YOU to make well thought decisions instead of now point at the companies that
so called gained your trust but abused your data..... Echelon, Sleepwet, all
programs and systems and laws that gather data you can't even protect oneself
from. That is the scary part.
I have a day job at a government agency, and trust me, you don't want to
trust the government......

I can't believe people still blame the Russians. And yes, big government
is bad.
 Author: WoutR View Messages Posted By WoutR
 Posted: May 26, 2018 10:45
 Subject: Re: BrickLink’s GDPR-Compliance Plan of Action
 Viewed: 68 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

WoutR (674)

Location:  Netherlands, Zuid-Holland
Member Since Contact Type Status
Mar 8, 2011 Contact Member Buyer
Buying Privileges - OK
In Administrative, Admin_Jaclyn writes:
  BrickLink’s GDPR-Compliance Plan of Action

To satisfy the requirements of the EU General Data Protection Regulation (known
as the 'GDPR' ), BrickLink will be making a few small changes to our
system in the next few weeks.

You can read more about GDPR here: https://gdpr-info.eu/

BrickLink’s commitment to safeguarding your data hasn't changed--your
privacy is of the utmost importance to us. Our current privacy policy outlines
how we collect, use, share and protect your personal data. You can view our privacy
policy here: https://www.bricklink.com/help.asp?helpID=47

In addition, we are in the process of developing tools to give users more control
over their personal data.

Requesting the removal of personal data

-For now, BrickLink members can request that their personal data is removed from
BrickLink during the unregister process by contacting the Helpdesk--our admins
will manually remove personal account data on a case-by-case basis. We’re working
on a tool that will automate this process and hope to have it ready within the
next few weeks.

-Even though security questions/answers were removed from the registration process
several years ago, there are many users who still have this information internally
tied to their account. We’ll develop a tool to be able to view/edit your security
question (if one is present) on the Account Information page.

New Seller Verification page update

To combat scammers, we require new users to submit personal information (i.e.
proof of identity, proof of address, etc.) to verify their account before they
can open their store and sell on BrickLink. To comply with GDPR, we will outline
exactly how this information is used, how long it’s stored, and the method by
which it is destroyed/removed from our system on the New Seller Verification
page.

Personal information vs order data

-Under this new legislation, personal data that is necessary to fulfil
a contract--such as personal information tied to a BrickLink order--does
not fall within the new rights of the customer. Users have the right to request
that their account information (name, address, email, and security question)
is removed from our system but they cannot request to have any order information
removed from our system. We must retain order data for tax/financial reporting
and in the event that it should be turned over to law enforcement.


Additional Details / FAQ

-We do not store any kind of payment information on BrickLink.
-Catalog contributions and order feedback do not qualify to be removed under
GDPR.
-In regards to appointing a dedicated Data Protection Officer (DPO), we do not
think that it's necessary since we are not handling a significant amount
of sensitive data.

If you have any concerns or think that we’ve missed something, please let us
know by replying to this post or by sending a message to the Helpdesk.

Thanks!

Sincerely,
Team BrickLink

Thank you
 Author: Teup View Messages Posted By Teup
 Posted: Aug 7, 2018 21:10
 Subject: Re: BrickLink’s GDPR-Compliance Plan of Action
 Viewed: 65 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Teup (3898)

Location:  Netherlands, Utrecht
Member Since Contact Type Status
May 6, 2004 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: The T-workshop
In Administrative, Admin_Jaclyn writes:
  Requesting the removal of personal data

-For now, BrickLink members can request that their personal data is removed from
BrickLink during the unregister process by contacting the Helpdesk--our admins
will manually remove personal account data on a case-by-case basis. We’re working
on a tool that will automate this process and hope to have it ready within the
next few weeks.

-Even though security questions/answers were removed from the registration process
several years ago, there are many users who still have this information internally
tied to their account. We’ll develop a tool to be able to view/edit your security
question (if one is present) on the Account Information page.


I'm just wondering if these tools are now in place. I cannot find that second
one, at least. What's the status? I'm just asking not because I need
these fixes personally but it tells something about how Bricklink manages development.

It's been quite some time since the GDPR deadline. I wonder if BL now really
IS compliant. This last-minute message was thrown out on the day of the deadline,
that basically says BL is working on it. I wonder if that work is now finished
and there will be no chance of fines for either BL or its sellers.
 Author: Admin_Russell View Messages Posted By Admin_Russell
 Posted: Aug 8, 2018 00:40
 Subject: Re: BrickLink’s GDPR-Compliance Plan of Action
 Viewed: 75 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Admin_Russell

Location:  USA, California
Member Since Contact Type Status
May 9, 2017 Contact Member Admin
Buying Privileges - OKSelling Privileges - OK
BrickLink Administrator
In Administrative, Teup writes:
  In Administrative, Admin_Jaclyn writes:
  Requesting the removal of personal data

-For now, BrickLink members can request that their personal data is removed from
BrickLink during the unregister process by contacting the Helpdesk--our admins
will manually remove personal account data on a case-by-case basis. We’re working
on a tool that will automate this process and hope to have it ready within the
next few weeks.

-Even though security questions/answers were removed from the registration process
several years ago, there are many users who still have this information internally
tied to their account. We’ll develop a tool to be able to view/edit your security
question (if one is present) on the Account Information page.


I'm just wondering if these tools are now in place. I cannot find that second
one, at least. What's the status? I'm just asking not because I need
these fixes personally but it tells something about how Bricklink manages development.

It's been quite some time since the GDPR deadline. I wonder if BL now really
IS compliant. This last-minute message was thrown out on the day of the deadline,
that basically says BL is working on it. I wonder if that work is now finished
and there will be no chance of fines for either BL or its sellers.

No tool has yet been developed, but our Help Desk will cover any requests that
come in. To my knowledge, not one has come in since the deadline passed.

We have, however, done considerable work internally to make sure user data is
treated carefully and legally. This has affected some of the methods we use and
our workflow.

Also affected is the development of our new XP platform. We have steered clear
of any possible violations in the new software, and the copy, especially on transactional
pages, is being written to inform and assure our users of their privacy.

We released the above statement on the date compliance was due, but we had actually
been working on it during the weeks preceding.
 Author: Teup View Messages Posted By Teup
 Posted: Aug 8, 2018 07:38
 Subject: Re: BrickLink’s GDPR-Compliance Plan of Action
 Viewed: 80 times
 Topic: Administrative
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Teup (3898)

Location:  Netherlands, Utrecht
Member Since Contact Type Status
May 6, 2004 Contact Member Seller
Buying Privileges - OKSelling Privileges - OK
Store: The T-workshop
In Administrative, Admin_Russell writes:
  In Administrative, Teup writes:
  In Administrative, Admin_Jaclyn writes:
  Requesting the removal of personal data

-For now, BrickLink members can request that their personal data is removed from
BrickLink during the unregister process by contacting the Helpdesk--our admins
will manually remove personal account data on a case-by-case basis. We’re working
on a tool that will automate this process and hope to have it ready within the
next few weeks.

-Even though security questions/answers were removed from the registration process
several years ago, there are many users who still have this information internally
tied to their account. We’ll develop a tool to be able to view/edit your security
question (if one is present) on the Account Information page.


I'm just wondering if these tools are now in place. I cannot find that second
one, at least. What's the status? I'm just asking not because I need
these fixes personally but it tells something about how Bricklink manages development.

It's been quite some time since the GDPR deadline. I wonder if BL now really
IS compliant. This last-minute message was thrown out on the day of the deadline,
that basically says BL is working on it. I wonder if that work is now finished
and there will be no chance of fines for either BL or its sellers.

No tool has yet been developed, but our Help Desk will cover any requests that
come in. To my knowledge, not one has come in since the deadline passed.

We have, however, done considerable work internally to make sure user data is
treated carefully and legally. This has affected some of the methods we use and
our workflow.

Also affected is the development of our new XP platform. We have steered clear
of any possible violations in the new software, and the copy, especially on transactional
pages, is being written to inform and assure our users of their privacy.

We released the above statement on the date compliance was due, but we had actually
been working on it during the weeks preceding.

Thanks for the reply Russell. These things are invisible from the outside, so
it really helps hearing some updates about what's going on behind the scenes
- even when they don't affect us. Good to hear.