We are an ethical company. That statement means a lot more to us than getting a few recycling bins and overusing the word natural. Ethical business practices go beyond the ecological and enter every decision that a company makes. Many temptations and short cuts exist in the business world to take short cuts with fiscal and legal compliance as well as information security and customer privacy issues. But our ethics weigh on us to resist those temptations and do everything correctly, in the interests of our customers whilst complying to relevant legislation.
When we started up Natural Intimacy we acknowledged that online security and data protection would be a big deal.
Our first decision was to host our websites in a data centre located in Switzerland. It’s not just physically safe. Being in Switzerland means it’s unlikely any governments would be snooping on our customers data due to the legal protections offered by Swiss law.
Then we took a look at where our customers email addresses might end up being stored or used.
On our web store we enabled a ‘guest’ option which allows customers to make a purchase without providing an email address. About half of our customers use the option which is a significant sign of our customers thinking on this issue.
We decided not to maintain a mailing list for a newsletter, balancing the responsibility of storing so many private email addresses with the low perceived success of mailshots, we felt more comfortable not harvesting emails to stay in touch. Sorry MailChimp. But hey, isn’t that what social media is for? And speaking of social media, we don’t connect our contacts lists or upload our customers email addresses to social networks either. And neither should anyone else!
For online purchases, the little padlock icon on the browser’s address bar confirms that payments are secure over SSL and we use Stripe, Apple Pay and Google Pay to process our card transactions, which in our opinion are pretty safe bets. All three of these providers process the payments on their own servers (an iframe or a popup window on our site) so we never have your payment details or card number handled by our servers.
Many companies who process high volumes of online sales have really cool software that downloads their sales data from their web store to their accountancy programme, saving huge amounts of time with the accounts. From personal experience working at other companies I can tell you that all of the sales data including the customer’s full name, billing address, delivery address, email and of course the purchase data is probably being downloaded by default from the shopping cart to their accounts programme. Is that a problem?
Our take on customer privacy is that if you don’t need it you don’t store it. So the question arises whether we need to download our customers email or delivery address for our accountancy?
The tax regime in which we trade is such that we can operate with ‘simplified invoices’, pretty much the same as an anonymous till receipt from a high street store. So after lengthy consultations we decided that for our European online sales to only save and use our customers name and the delivery country on our accounts programme. This means that neither our accountants, the tax man, the company which maintains our accounts software or anyone else in our company with access to our accounts programme would see any of our customers personal data. That’s safer for our customer privacy than downloading excess information which we really don’t need and then trying to keep it safe. Just don’t download it.
We’re not special in being thoughtful with our customer’s privacy. Most businesses are. The message is that being an ethical company means that you approach the issues acknowledging that people matter more than profits. You treat your customer’s concerns with dignity. You apply a lot of ‘what if it were me’ into the thought process and you keep it transparent.