Three don’ts to protect your customer relationships

The relationships any organisation has with its customers is important if it is to succeed. Also, the retention of clients is a pretty big deal.  

But, at times, we understand our working lives can be testing and offering excellent customer service may be a challenge.

However, within any context, business owners and their teams must strive to deliver a strong service to its clients if it wishes to achieve a positive reputation… while protecting it too!

That’s why our top three don’ts are to support you with protecting the relationships you have with your customers.

  1. When things go wrong, don’t ignore them!

Most businesses treat their consumers well. How do we know this? Because, if they didn’t, there would be no business.

But what happens when things do go wrong? Firstly, it’s important you don’t bury your head in the sand if something, such as a complaint, takes place. Be prepared for any negative response from your clients; have a clear complaints process and be genuinely ready to help people when they’re not happy.

  1. Breathe! Don’t respond on the hoof…

Your focus must always be on protecting the relationships you have with your customers.

To have someone walk away after using your service or product with a negative opinion can be detrimental to how other people perceive your offering.

We’re only human, so it’s understandable if you’re upset as a result of some negative feedback.

Nonetheless, take a moment to consider how you are going to approach your response, as well as how what you say will have the ability to preserve an existing relationship.

  1. Understand the law behind consumer complaints, and don’t neglect it!

There is law around dispute resolution, complaints and mediation, so it’s important you understand what is appropriate/what isn’t if you’re to address the negative experience of a consumer correctly.

Let’s use a complaint from a customer as an example. Businesses have to comply with rules and regulations when dealing with an issue.

These rules don’t necessarily change from one industry to the next, but some sectors do offer an alternative dispute resolution.

Fancy some bedtime reading? The Consumer Rights Act 2015 is a good place to start.

The Act consolidates consumer protection law and legislation while also providing consumers with their rights and remedies, so it’s an essential read for any business that deals with consumers.

For further details on how to protect your consumer relationships, and the best tips on what to do if something does go wrong, get in touch with Crimson Crab today.

 

Is my company’s website legal?

Building a website is easy, right? With the click of a few buttons and some vibrant graphics, you’re ready to go. Yes, perhaps, but is it compliant?

Even though your website is your organisation’s shop window, it’s important for it to look good and entice your target audience, it’s also crucial for it to be legally compliant.

But – what does that mean and how can you ensure it is compliant? 

All websites must conform to the Data Protection Act (and GDPR Regulations).

“If a business can’t show that good data protection is a cornerstone of their practices, they’re leaving themselves open to a fine or other enforcement action that could damage bank balance or business reputation.”

“Three-quarters of us don’t trust businesses to do the right thing with our emails, phone numbers, preferences and bank details. I find that shocking.”

Elizabeth Denham UK Information Commissioner

Your website is a powerful tool to grow your business – but can also be detrimental to the business if it isn’t compliant.

That’s why our tips are some of the top things to consider when it comes to your company’s website.

Always have a valid reason: Personal information from individuals and organisations can be useful for many reasons – but do you have a valid reason to use it for your intentions? Be clear about WHY you’re collating peoples’ details – and what it’ll be used for. Always give them the opportunity to give you permission in the correct way if you need to.

Security is key: If your website isn’t secure, you’re leaving yourself and your visitors susceptible to hackers and cyber-attacks. Don’t be responsible for this!

Is your privacy information in check? One of the most important documents on your website – above any information about what you sell – should be your privacy notice. Many businesses use a privacy policy, whatever you call it, it must contain specific information about your use and processing of personal data and if it’s not there you are not covered. Feel free to get in touch for more details.

Crab Insight July 2020

Red Tape Busters Volume 7, Issue 10, Profile

Welcome to the July edition of Crab Insight

What has been your biggest learning in recent weeks, and how will this change the way you present yourself to people?

Our word of the month for July is PROFILE, it’s all about how you will present yourself so as to stand out from the crowd in a digital-focused world?

Crimson Crab is on your side and ready to help you meet the challenges ahead.

Stay safe.

Claudia Crab’s July Focus

Claudia the Crimson Crab icon

“A website is a shop window to the world – it is also a great way to showcase breaches of the law”

If you have a website you need to make sure that you comply with the law in the following areas:

Disclosure

You should identify yourself correctly and give an address at which you can be contacted, there are specific requirements for a registered business, (e.g. Ltd, PLC, LLP).

Copyright

It’s imperative that you protect your copyright effectively and make sure that you do not breach other peoples copyright. It makes sense to also have a document setting out the terms of use of the website.

Disability Discrimination

Businesses have an obligation to make reasonable adjustments to help disabled individuals access their goods, facilities and services. The Equalities Act 2010 requires that websites are accessible to disabled people including Blind people. One way of meeting this responsibility is for website owners to comply with the WCAG 2.0 standard at Level AA the UK Governments recommended best practice for accessibility. 

Data Protection

You need to make sure that you comply with the Data Protection laws (including the GDPR) for all contact forms and any personal data collection. You also need to make sure that you have an appropriate Cookies policy detailing the cookies used and their purpose (and for example use a pop-up or other means to obtain ‘consent’).

Provision of Services

If you provide any services on or offline you have to make sure you comply with the Provision of Service Regulations. They require service providers to make available contact details where information requests and complaints can be sent, together with other specified information.  One way of complying is to include the required information on a web page and proactively provide the link to clients when discussing your services.

E-commerce

When using a website for e-commerce purposes then you still need to comply with the law that relates to a bricks and mortar outlet along with some special rules for an online business.

So there must be for example no unfair commercial practices and suitable control of sales of age-sensitive products (e.g. alcohol, tobacco, fireworks, knives, solvents, videos & games). If any products are sold to which safety legislation applies, for example, toys, bicycles, electrical goods the rules have to be followed, as they do when food of any type is sold. 

The Consumer Contracts Regulations require that you provide certain information when selling online, and also require you to tell the customer about their right to cancel the purchase within 14 days (not 7 any more). Failure in this respect can mean that the customer can enjoy a much longer cancellation period (up to 12 months)!

You also have to be careful to comply with the requirements of Card Providers and you cannot make additional charges for using such payment methods.

There are also rules around the way that complaints are dealt with and the provision of access to Alternative Dispute Resolution and the European Commissions Online Dispute Resolution Platform.

Top tip – We can check out your website


F2 Business Huddle Online

The next online F2 Business Huddle is FREE

It’s on Friday 10 July 2020

12 noon to 2 pm

It is going to be the biggest F2 Business Huddle ever – so far

All the favourite features that you have come to know and love at the F2 Business Huddle – online


Reputation Advocates

When you need a reliable and dependable expert click on the crab

Accredited Crimson Crab Reputation Advocate Logo

Feedback

We love to receive feedback and it really helps us to improve our services for everyone.


Until next month look after your reputation!!

Ethical, legal, responsible trading wave
T:023 9263 7190 | E: enquiries@crimsoncrab.net | W: www.crimsoncrab.co.uk

Copyright (c) 2020 Crimson Crab Ltd, all rights reserved.

Data Protection Essential Questions

Data protection essentials, 23 questions do you know all the answers?

  1. Do you understand what data flows through your business and have recorded:
    • what personal data you hold;
    • where it came from;
    • who you share it with; and
    • what you do with it?

  1. Have you recorded at least one of the six legal reasons for processing the data?
    • If you use consent
      • it is good consent;
      • you record how it has been given; and
      • you record and manage ongoing consent.
    • If you are relying on legitimate interests
      • you have done the three-part test; and
      • you can demonstrate that you have fully considered and protected individual’s rights and interests.

  1. Are you are currently registered with the Information Commissioner’s Office?

  1. Do you provide privacy information to individuals, e.g. clients, customers, employees and suppliers?

  1. Can you deal with a Subject Access Request i.e. requests from people to access their personal data within one month?

  1. Do you make sure that the personal data you hold remains accurate and up to date?

  1. Do you securely dispose of personal data that is no longer required or where an individual has asked you to erase it?

  1. Do you know what to do when someone asks you to restrict the processing of their personal data?

  1. Can someone move, copy or transfer their personal data from your system to another safely?

  1. Can you deal with an individual’s objection to the processing of their personal data?

  1. Do you know if you carry out automated decision making and if so, do you have procedures in place to deal with the requirements?

  1. Do you have a data protection policy, and demonstrate your compliance with it?

  1. Do you regularly review the effectiveness of your data handling and security controls?

  1. Do you provide data protection awareness training for all staff?

  1. If you engage third parties to process your businesses personal data on your behalf (e.g. email marketing companies, database providers, cloud-based service providers), do you have a written contract with them which meets the legal requirements and carry out suitable and sufficient diligence?

  1. Do you know the information risks you have and their business impact so that you can manage them in a structured way?

  1. Have you have implemented technical measures and policy to integrate data protection into your data processing?

  1. Do you understand when you must conduct a Data Protection Impact Assessment?

  1. Have you nominated a data protection lead, or a Data Protection Officer (DPO) if required or preferred (note this role can be outsourced)?
    • If you have a DPO have you notified the ICO?

  1. Do you champion a positive culture of data protection compliance in your business?

  1. Do you have an information security policy supported by suitable security measures?

  1. Do you record all personal data breaches no matter how trivial?
    • Can you manage and resolve them?
    • Do you know which must be reported to the ICO?
    • Do you know which must be reported to the data subject?

  1. Do you know what must be done if any personal data processed by others on your behalf is transferred outside the European Economic Area?

If you don’t know an answer you had better find out fast!

Remain resilient during the COVID-19 outbreak, yes, but keep compliant too

It will be some time before life returns to “normal” in the UK and even then, things will no doubt be different.

Teams up and down the county have responded to what’s happening and stayed resilient by working from home.

But, how is remote working supporting many companies in their attempt to be resilient through these strange economic times? And, how are they remaining compliant every step of the way?

Working from Home

Thousands, if not millions, of employees, are working from home as a result of this pandemic.

From Microsoft Teams calls to Zoom, progress in using technology has proven to be an excellent benefit for businesses across the country.

Technology (and a reliable Internet line) hasn’t been relied on as much as it has in these unprecedented times.

While working away from the office is allowing businesses to continue efficiently, it does come with risk:

Data Protection

With an increase in the number of employees working from home, your people must understand the importance of protecting personal data on the IT they are using.

It’s all well and good if your company is following Data Protection legislation within an office environment, you must still ensure this doesn’t get thrown out the window with your remote workers. Especially if they are new to working at home or remotely.

If you need any help check out our Data Protection Solutions here: https://www.crimsoncrab.co.uk/our-solutions/data-protection-information-risks

Cyber Security

Producing an effective Cyber Security Policy comes with an understanding of where your own security is currently at.

If your business is susceptible to a cyber-attack then you must be ready to deal with this unfortunate risk… both for those working in an office and from their own home. Any system is only as good as the weakest link and regrettably, this is most likely to be an individual away from the discipline of the office environment.

Similar to protecting data, think about how you can remain compliant while keeping resilient throughout the lockdown.

Understand more about Cyber Security at the NCSC website here: https://www.ncsc.gov.uk/section/about-ncsc/what-is-cyber-security

Scams

Stay safe from online scams by taking simple steps while working from home.

Check your privacy settings, be aware of unsolicited emails, always use unique, strong passwords (use a trusted password manager – not the browser), update your software regularly, make sure your network is set up correctly, change all the default passwords on devices to a secure one and avoid using public Wi-Fi connections.

There is more information about Fraud and Cyber Crime on the Action Fraud website here: https://www.actionfraud.police.uk

Remember – your business must trade legally and it is your responsibility to do so ethically – no matter where your staff are based. Take full responsibility and get in touch with us on how you can remain compliant while focused on being resilient.

Operating Ethically – Do you have an anti-bribery policy?

“Desperate Times Call for Desperate Measures” is the phrase that comes to mind when someone bribes another for their gain in a business context.

Crimson Crab explores bribery and the means to protect your company from this illegal action which can have serious consequences.

So, what is bribery?

The dictionary definition “to bribe a person is to “dishonestly persuade someone to act in one’s favour by a gift of money or other inducement: they attempted to bribe opponents into losing.”

Bribery is unethical. It’s bad for business, can lead to a hefty jail sentence and other unpleasant sanctions.

It is illegal to offer, promise, give, request, agree, receive or accept bribes – an anti-bribery policy can help protect your business.

We hear you, business is important. Whether it’s your own company or one you work for, having a stable model offers an element of security for everyone. Therefore, it’s pretty important you invest in protecting it.

Regards the concern of being affected by bribery, you can safeguard your business with an anti-bribery policy.

Your anti-bribery policy needs to be written with the level of risk your company faces in mind and gives reassurance to your people about what to do in potentially difficult situations.

It should include:

  • Your approach to reducing and controlling the risks of bribery
  • Rules about accepting gifts, hospitality or donations
  • Guidance on how to conduct your business, e.g. negotiating contracts
  • Rules on avoiding or stopping conflicts of interest

Even though it is not a legal requirement to have an anti-bribery policy, you are obliged by law to manage the business risks effectively. That’s why we’d suggest having the policy.

For more information on how to manage business risks – and to discuss anti-bribery policies in detail – please get in touch!

Governance

The system of rules, practices and procedures by which a business is directed and controlled.

It essentially involves balancing the interests of a business’s many stakeholders, including shareholders, owners, management, employees, customers, suppliers, financiers, government and the community.

This may include policies on:

  • ethical trading
  • social responsibility and
  • carbon reduction.

Dealing with such things as:

  • regulatory compliance e.g. the Provision of Services Regulations;
  • supplier payments and
  • credit control and debt management including late or non-payment of invoices.

Trading Disclosure and Business Names

Your clients have a legal right to know who they are dealing with (i.e the legal entity that they are trading with).

If you use a name to trade under other than that of the legal entity, then you need to disclose the full details of the legal entity including an address where you will accept service of documents.

For corporate bodies, there are specific disclosure requirements.

All of this needs to go on business documents including letters and emails and websites amongst other things.

Legal Entity

An association, corporation, partnership, proprietorship, trust, or individual that has legal standing in the eyes of law. A legal entity has the legal capacity to enter into agreements or contracts, assume obligations, incur and pay debts, sue and be sued in its own right, and to be held responsible for its actions.

Business Names

There are specific requirements relating to the name a business wishes to trade under and rules to prevent the use of misleading names. Business names must not:

  • be the same as an existing trademark
  • include ‘limited’, ‘Ltd’, ‘limited liability partnership, ‘LLP’, ‘public limited company’ or ‘plc’
  • contain a ‘sensitive’ word or expression unless you get permission

There are requirements about the details business have to disclose to their customers:

  • An individual trading under a name which is not their surname, with or without initials, has to give their name and an address at which the service of documents will be accepted;
  • Partnerships that use a name other than the surnames, with or without initials, of the individual partners, have to give the names of all the partners and an address at which the service of documents will be accepted; and
  • Incorporated bodies such as limited liability companies or partnerships (Ltd and LLP) have to make Trading Disclosures.

What are Trading Disclosures?

This is the term used in the Companies Act 2006 to cover the rules about the information companies must provide.

The Companies (Trading Disclosures) Regulations 2008

These Regulations deal with trading disclosures to be made by companies registered in any part of the United Kingdom.

The disclosures have to be made at certain locations (the registered office and other places of business), in company documentation e.g. letters (including electronic equivalents e.g. emails) and on company websites.

The Regulations also require companies to respond to enquiries about where their company records are kept available for inspection.

What do I need in my business letterheads?

From a compliance perspective your clients are entitled to know the details of the legal entity that they are dealing with, especially if a business or trading name is being used. If the legal trading entity is a registered body there are some very specific disclosure requirements.

The information must appear in business letters and electronic equivalents including emails. To give you peace of mind we can check out your letterheads for compliance read more…