The EU-based Etsy sellers or merchants who offer their listings to shoppers in the territory are required to have a GDPR policy for their Etsy shop. However, merchants embarking on such a mission may wonder where to start. Here is a guide for sellers aiming to create a GDPR policy for an Etsy shop:
Understanding the GDPR
The General Data Protection Regulation (GDPR) guards how personal information is collected and used by businesses and protects the privacy rights of online shoppers. It grants buyers entitlement to certain information, including when, why, how, by whom, and for what purpose personal information is collected, used, and shared.
Creating a GDPR policy for Etsy shop
Sellers should first ask for ‘express consent’ from their buyers. Express consent means that merchants can send them marketing or promotional messages, if a buyer has indicated their consent for sellers to do so through an explicit affirmative action, such as a buyer agreeing in an Etsy Convo or email to receive marketing messages from merchants. Otherwise, merchants can run a risk of breaching an Etsy policy and face a criminal offence in some countries.
Merchants should also note that even once they have express consent to send marketing messages, they must respect buyers’ requests to opt out of receiving further marketing messages, as consent can be revoked at any time.
- the personal information a seller collects.
- the legal bases a merchant relies on to collect, use, and share personal information.
- how they will use it to fulfil orders.
- the third parties with whom a seller shares personal information.
- the length of time a seller keeps personal information.
- if their transferring personal information outside of Europe (for example, if a merchant moves their business to the United States and continues to sell to buyers in Europe, or uses a third-party provider located outside of Europe, or uses Google Cloud to host some of their buyers’ information), how the transfer will be handled.
- a buyers’ rights regarding the use of their personal information.
- how a buyer can contact a seller with privacy-related requests.
Etsy say that sellers can use this template to introduce the GDPR policy to their buyers:
However, Etsy says that this information is for educational and informational purposes only. The content should not be construed as legal advice. It is not intended to create, and receipt of it does not constitute a lawyer-client relationship.