You’ve heard a lot of buzz about the General Data Protection Regulation (or “GDPR”) in the news or social media. As a TCGplayer seller, it’s important to know what GDPR is and how it applies to your store.
What Is GDPR and Why Does It Matter?
GDPR stands for the General Data Protection Regulation, a European Union (EU) law that regulates how personal information can be collected, stored, and used in an effort to protect online users. Under this law, residents of the European Union have the right to know who is collecting their personal information and for what purpose it is being used.
How Does GDPR Apply to Me?
If you sell to individuals residing within the European Union, the law applies to you. In addition, as a TCGplayer seller, you must adhere to the GDPR regulations and follow best practices when handling a buyer’s personal information. You may receive certain information about buyers, such as names, mailing addresses, phone numbers, and email addresses. It’s important that you keep this information confidential and secure.
How Do I Make Sure I’m Compliant?
Though many of these regulations may sound rather complex or confusing, adhering to the GDPR regulations and privacy best practices is rather easy.
Any information you receive from buyers must remain confidential. In general, you should not share your TCGplayer login information with anyone other than authorized employees. Any employees or individuals who have access to your TCGplayer account must also keep login and buyer information secure. If you store buyer information anywhere outside of the TCGplayer Seller Portal, you must store that information securely where unauthorized individuals cannot access the information. In addition, you may not share buyer information through social media platforms, such as the TCGplayer Pro Retailers Group on Facebook.
If you are collecting buyer information for the purpose of marketing, you must obtain consent before doing so. For example, if a customer provides you with their email address to contact them about an order status or problem they’re experiencing, it’s not okay to use that information to send them marketing emails. However, getting customers to opt into marketing communications is easy. If you use TCGplayer Pro, your Online Store allows you to create a Contact Us page and other types of forms that you may use to connect to customers. Just make sure to add a field where customers can opt into email marketing. There are also many third-party email services that make this process simple.
In addition, residents in the European Union (EU) have the “right to be forgotten,” which means that if they ask a company to delete all their personal data, that company must comply within 30 days. If we forward you a buyer’s request to be forgotten, you must comply and delete all personal information you have in your possession.
If you ever have any questions or concerns in regard to information you collect on buyers or appropriate use, please contact your Customer Success Manager or email firstname.lastname@example.org.