CONSENT AND ANTI-PATTERNS
Proposal is that P3 collect examples of consent anti-patterns... i.e. if we see real instances of poor practice in the collection of user data, or presumed consent, or making service provision conditional on acceptance of privacy-hostile terms, etc to record these instances (not with the intent of alienating the service provider concerned).
In the first instance, we will need to collect some examples of policies which are not necessarily "poor", but which serve as discussion points for the topic.
Hopefully out of the process of collection and categorization would come a list of common mistakes. P3 could then propose alternatives.
Excisions from the original statement are indicated thus: [...]
I make no express or implied comment about whether the policy statement is "good" or "bad", but present it as an illustrative example for discussion.
2 – Supply of personal information
To process your order we will ask you for personal information at the time you register as a customer (which you are required to provide before you place your first order). We may also collect personal information for Sample competitions for which entries are accepted online. We may also ask you for your personal information when you request information from us, submit any comments to us or if you report a problem with the Website. No personal information will be collected without your consent. We may collect and process the following information about you:
* your name;
* date of birth;
* contact telephone numbers (including mobile);
* e-mail and postal address;
* details of any prescription supplied to you by your healthcare professional or medical practitioner;
* information that you provide by filling in forms on the Website;
* details of your visit to the Website and any transactions you carry out on the Website.
3 - Our use of your personal information – order placement, competition entry, contacting Sample and Website browsing
You expressly consent to the Group:
* processing data relating to your credit/debit card and order details to enable the fulfilment of your order;
* processing your personal information so that the Group can inform you about new healthcare related products and services available from the Group;
* processing your personal information to enhance the services and goods the Group makes available to its customers;
* processing your personal data to conduct research about your health and shopping habits;
* transferring personal data to offices located in Offshore and the United Kingdom for the purposes of processing by the Group (OFfshore has Data Protection laws which are largely the same as the UK) ;
* using cookies and traffic data as per Clause 4 below.
If you are simply browsing our Website we will not collect any personal information which will identify you however, we will collect information using cookies and/or traffic data which uses IP addresses or other numeric identifiers which analyse navigation and use of the Website.
Personal information collected will be retained by the Group for as long as is reasonably necessary (or as defined under applicable healthcare laws and regulations) to provide products and services (including after sales service) to you.
4 - Cookies and traffic data
5 – Disclosure to third parties
We will not pass your personal information to anyone outside of the Group, without your prior consent, except the following:
* health authorities including NHS or national equivalent bodies;
* third party service providers for the purpose of fulfilling your order
* in the event that the Group sells or buys any business or assets, in which case we may disclose your personal information to the prospective buyer or seller;
* any agents or subcontractors that process data on our behalf;
* where we are otherwise legally required to do so (for example to the Inland Revenue, Benefits Agency, any court of competent jurisdiction or any law enforcement agency with statutory authority)