Cloud Commerce Pro GDPR (General Data Protection Regulation) Policy

What is GDPR?

EU's General Data Protection Regulation (GDPR) is a game changer in Data Protection and Privacy laws. The EU has realized that while technology has evolved drastically in the last few decades, privacy laws have not. In 2016, EU regulatory bodies decided to update the current Data Protection Directive to suit the changing times. This law creates a comprehensive list of regulations that govern the processing of EU residents’ personal data.

Introduction

The European Union has taken a monumental step in protecting the fundamental right to privacy for every EU resident with the General Data Protection Regulation (GDPR) which will be effective from May 25, 2018. EU residents now have a greater say over what, how, why, where, and when their personal data is used, processed, or disposed. This rule clarifies how the EU personal data laws apply even beyond the borders of the EU. Any organization that works with EU residents' personal data in any manner, irrespective of location, has obligations to protect the data. Cloud Commerce Pro is well aware of its role in providing the right tools and processes to support its users and customers meet their GDPR mandates.

Cloud Commerce Pro’s Commitment

At Cloud Commerce Pro, we have always maintained our users' right to data privacy. We recognise that the GDPR will help all businesses move towards the highest standards of operations in protecting customer data and we fully embrace this move. All system design is now considered for compliance with both the letter and the spirit of the GDPR regulation.

How has Cloud Commerce Pro prepared for GDPR?

We have understood the regulations and have examined what data we store as a business.

What data is passed to Cloud Commerce Pro from selling channels such as Amazon or eBay?

When a sale happens on a channel we download the buyer contact details (which includes name, address, provided telephone numbers and email address), the delivery address, contact details and details of the order and subsequent payment amount. We do not ever handle credit or debit card information and are not party to any data that would expose the buyer to any financial risk.

What data does Cloud Commerce Pro store?

We have where possible stopped storing data that we don’t require to maintain the minimum legal requirements. For example, Cloud Commerce Pro Ltd produces VAT invoice and our users have a requirement to maintain a minimum of 6 years data to comply with H.M.R.C. regulations, so we have to keep the data for each sale.

Does Cloud Commerce Pro store special category data?

No, sale data does not contain any special category data such as personal information about buyers.

The term may have specific meanings in different jurisdictions. Under the General Data Protection Regulation (GDPR), for example, special category data includes data that reveals a data subject's:

Racial or ethnic origin.
Political opinions.
Religious and philosophical beliefs.
Trade union membership.
Genetic data.
Biometric data for the purpose of uniquely identifying a natural person.
Data concerning health.
Sex life and sexual orientation.

Does Cloud Commerce Pro pass customers data to 3rd parties?

We share delivery information with 3rd parties such as couriers and accounting services only for the purpose of processing an order through the system and obtaining shipping labels. We never share information for marketing purposes on our behalf. We do not use any third-party marketing services.

Do Cloud Commerce Pro keep records of processing?

We maintain the data for the order and accounts transactions for at least 6 years due to our legal obligation for H.M.R.C. record keeping. We remove data for address labels after three weeks to allow for sellers to reprint labels. Sellers can regenerate a new label after this time.

Cloud Commerce Pro’s Breach of Data Policy

In line with GDPR we have a duty to report a data breach to the regulator as soon as we are aware of it. The regulator in the U.K. where the head office of Cloud Commerce Pro Ltd is based, is the Information Commissions Office. https://ico.org.uk/

How do we store data?

Wherever possible we encrypt data with secret keys and take all reasonable steps to ensure data access is kept to a minimum.

Do we review our processes?

We have always constantly reviewed our processes and take regular opportunities to adopt new best practices. We believe that our obligations to meet GDPR regulations for storage and processing of our customers and user data was already met by Cloud Commerce Pro’s internal policies that pre-date GDPR. We constantly keep this under review.

Do we store financial data?

Yes, Cloud Commerce Pro stores the values of orders and their payment history. Cloud Commerce Pro can be used to manage payments and refunds for your customers and also connects to leading accountancy packages. We, therefore, need to keep financial data in line with HMRC regulations in the UK or the country you operate in.

If you end your agreement with Cloud Commerce Pro we will fully delete all records including financial data.

We also will only store financial records for the minimum time required by HMRC or the governing authorities in the country you operate in.

We never hold or store credit or debit card information.

Do we allow data to be used for email marketing?

No. Cloud Commerce Pro does not allow user data to be used for email marketing purposes. Our system users may use their customers data for email marketing purposes through services like Mailchimp, but only with the recipient’s explicit permission which Cloud Commerce Pro does not gain on your behalf.

Where do Cloud Commerce Pro store data?

We store all data in our partner’s highly secure data centres in Glasgow and London. Our partner Iomart is one of Europe’s leading data centre specialists and you can read their GDPR information here https://www.iomart.com/secure/data-protection/