Dell XPS 13 9370 (2018) review
I have a friend who lives in France. He is thinking of building a website offering prospective property buyers a full service package. ie. sourcing, help with buying, surveying, tax laws, opening a French bank account etc?
He has asked me to put a questionnaire form on the site to be filled in. It will ask for Name, Address, Telephone number and email address, along with other details, but no bank account or card details will be asked for. This will not be a secure site. In doing this would it cause any legal problems. I have checked out a few other sites that have similar questionnaires (also not secure) so it seems not to be a problem.
My own personal opinion is: I wouldn?t fill in my address or telephone number until I was sure, I think an email address is sufficient for first contacts? The main point of course is, would it be contravening any UK/EU laws?
handful, thanks for the link but it isn't working?
Although registered in the UK this is a French website, does that make any difference?
that specifically prohibits asking for personal information - whether you do the asking on a secure website or not.
In the UK the law states that if you collect and store personal data belonging to living individuals, and you subsequently 'process' the data, you have a statutory obligation to register with the UK Information Commissioner as a data processor. There's a fee for registering (Which, if my memory serves me well is currently £45 or thereabouts) and if you should register and do not do so you may be prosecuted and fined a hefty amount. If the registration is on behalf of a company or other legal entity (such as a registered charity) there must be a nominated individual who will be responsible for data protection - this person will be held responsible in the case of any infringrement of the data protection laws, and will be prosecuted if there is a serious breach.
Once registered, you may not transfer data outside the UK unless you are satisfied that the country into which you transfer the data has adequate data protection legislation in place, and that the person to whom you transfer the data has adequate protection measures in place. In any event - you must not transfer the data to another country without the data owner's prior consent. If you intend to do so, make it very clear on the web form.
A good way of getting it right on the web is to imagine that you're the one providing the details - if you wouldn't be happy doing so you can be sure that other people will feel the same.
If you would like me to provide you with suitable text for your form (or to look over your own wording prior to publication) I will be happy to do so - just ask.
that although my comments refer to UK legislation I know your friend lives in France. If he intends to publish the site to a French server he will not have to comply with the UK data protection laws. It would be prudent however, to tell people that the site is based in France, and therefore the French data protection laws will apply. I'm not up to speed with French legislation at the moment, but shortly I will be - I'm currently travelling back and forth to France on a project that will involve information gathering on a server in Paris, and I'll need to do some homework.
In broad terms you must comply with the laws that apply in the country where your site is hosted.
Thanks all for the reply's. All noted and copied for future reference. The site hasn't been started yet, also still trying to think of a domain name that hasn't already been taken.
This thread is now locked and can not be replied to.