What is GDPR?
EU's General Data Protection Regulation (GDPR) is a game changer in Data Protection and Privacy laws.
The EU has realized that while technology has evolved drastically in the last few decades, privacy laws have not. In 2016, EU regulatory bodies decided to update the current Data Protection Directive to suit the changing times. This law creates a comprehensive list of regulations that govern the processing of EU residents’ personal data.
EU’s Privacy Law
The European Union has taken a monumental step in protecting the fundamental right to privacy for every EU resident with the General Data Protection Regulation (GDPR) which became effective from May 25, 2018.
EU residents now have a greater say over what, how, why, where, and when their personal data is used, processed, or disposed. This rule clarifies how the EU personal data laws apply even beyond the borders of the EU. Any organization that works with EU residents' personal data in any manner, irrespective of location, has obligations to protect the data.
Cloud Commerce Pro is well aware of its role in providing the right tools and processes to support its users and customers meet their GDPR mandates.
Our commitment to you
At Cloud Commerce Pro, we have always maintained our users' right to data privacy. We recognise that the GDPR will help all businesses move towards the highest standards of operations in protecting customer data and we fully embrace this move. All system design is now considered for compliance with both the letter and the spirit of the GDPR regulation.
Cloud Commerce Pro GDPR FAQs
Cloud Commerce Pro understand the regulations and what data we store as a business.
See our FAQs below:
When a sale happens on a channel we download the buyer contact details (which includes name, address, provided telephone numbers and email address), the delivery address, contact details and details of the order and subsequent payment amount. We do not ever handle credit or debit card information and are not party to any data that would expose the buyer to any financial risk.
We have where possible stopped storing data that we don’t require to maintain the minimum legal requirements. For example, Cloud Commerce Pro Ltd produces VAT invoice and our users have a requirement to maintain a minimum of 6 years data to comply with H.M.R.C. regulations, so we have to keep the data for each sale.
No, sale data does not contain any special category data such as personal information about buyers.
The term may have specific meanings in different jurisdictions. For example, under the General Data Protection Regulation (GDPR), special category data includes details that reveals a data subject, such as:
- Racial or ethnic origin.
- Political opinions.
- Religious and philosophical beliefs.
- Trade union membership.
- Genetic data.
- Biometric data for the purpose of uniquely identifying a natural person.
- Data concerning health.
- Sex life and sexual orientation.
We share delivery information with 3rd parties such as couriers and accounting services only for the purpose of processing an order through the system and obtaining shipping labels. We never share information for marketing purposes on our behalf. We do not use any third-party marketing services.
We maintain the data for the order and accounts transactions for at least 6 years due to our legal obligation for H.M.R.C. record keeping. We remove data for address labels after three weeks to allow for sellers to reprint labels. Sellers can regenerate a new label after this time.
In line with GDPR we have a duty to report a data breach to the regulator as soon as we are aware of it. The regulator in the U.K. where the head office of Cloud Commerce Pro Ltd is based, is the Information Commissions Office. https://ico.org.uk/
Wherever possible we encrypt data with secret keys and take all reasonable steps to ensure data access is kept to a minimum. Find details on our Data Processing here.
We have always constantly reviewed our processes and take regular opportunities to adopt new best practices. We believe that our obligations to meet GDPR regulations for storage and processing of our customers and user data was already met by Cloud Commerce Pro’s internal policies that pre-date GDPR. We constantly keep this under review.
Yes, Cloud Commerce Pro stores the values of orders and their payment history. Cloud Commerce Pro can be used to manage payments and refunds for your customers and also connects to leading accountancy packages. We, therefore, need to keep financial data in line with HMRC regulations in the UK or the country you operate in.
If you end your agreement with Cloud Commerce Pro we will fully delete all records including financial data.
We also will only store financial records for the minimum time required by HMRC or the governing authorities in the country you operate in.
We never hold or store credit or debit card information.
No. Cloud Commerce Pro does not allow user data to be used for email marketing purposes. Our system users may use their customers data for email marketing purposes through services like Mailchimp, but only with the recipient’s explicit permission which Cloud Commerce Pro does not gain on your behalf.
We store all data in our partner’s highly secure data centres in Glasgow and London. Our partner Iomart is one of Europe’s leading data centre specialists and you can read their GDPR information here https://www.iomart.com/secure/data-protection/