I run a small "haute" couture shop and I have some questions regarding sole GDPR aspects:
- Are the measurements taken for custom suites considered biometric data?
- If we collect the measurements and name and surname is there any information we need to provide the customers?
- We use CCTV in our shop are there any specific requirements?
- We use a contractor on XYZ where we sent the measurements to cut the clothes is this a transfer of personal data?
- Do we need to keep records for our activities?
- We also do marketing campaigns for our customers by telephone. Do we need consent?
- Can we collect the consent via telephone?
- Are we allowed to record the calls?
- Can we buy potential clients databases?