Cloud Commerce Pro GDPR (General Data Protection Regulation) Policy

When a sale happens on a channel we download the buyer contact details (which includes name, address, provided telephone numbers and email address), the delivery address, contact details and details of the order and subsequent payment amount. We do not ever handle credit or debit card information and are not party to any data that would expose the buyer to any financial risk.

We have where possible stopped storing data that we don’t require to maintain the minimum legal requirements. For example, Cloud Commerce Pro Ltd produces VAT invoice and our users have a requirement to maintain a minimum of 6 years data to comply with H.M.R.C. regulations, so we have to keep the data for each sale.  

No, sale data does not contain any sensitive data such as personal information about buyers.

We share delivery information with 3rd parties such as couriers and accounting services only for the purpose of processing an order through the system and obtaining shipping labels.  We never share information for marketing purposes on our behalf. We do not use any third-party marketing services.

We maintain the data for the order and accounts transactions for at least 6 years due to our legal obligation for H.M.R.C. record keeping. We remove data for address labels after three weeks to allow for sellers to reprint labels. Sellers can regenerate a new label after this time.  

In line with GDPR we have a duty to report a data breach to the regulator as soon as we are aware of it. The regulator in the U.K. where the head office of Cloud Commerce Pro Ltd is based, is the Information Commissions Office. https://ico.org.uk/

Wherever possible we encrypt data with secret keys and take all reasonable steps to ensure data access is kept to a minimum.

We have always constantly reviewed our processes and take regular opportunities to adopt new best practices. We believe that our obligations to meet GDPR regulations for storage and processing of our customers and user data was already met by Cloud Commerce Pro’s internal policies that pre-date GDPR. We constantly keep this under review.

No.

No. Cloud Commerce Pro does not allow user data to be used for email marketing purposes. Our system users may use their customers data for email marketing purposes through services like Mailchimp, but only with the recipient’s explicit permission which Cloud Commerce Pro does not gain on your behalf.

We store all data in our partner’s highly secure data centres in Glasgow and London.  Our partner Iomart is one of Europe’s leading data centre specialists and you can read their GDPR information here https://www.iomart.com/secure/data-protection/