The General Data Protection Regulation (GDPR) is a new EU data protection law that comes into effect on 25 May 2018.
It adds some new requirements on the way companies handle the personal data of EU citizens. Any business (even those outside the EU) that holds personal data on EU citizens must ensure that they comply with the new law.
We have created a standard Data Processing Agreement (DPA), which meets the GDPR requirements and reflects our data privacy and security commitments to our customers.
Customers that need this can download our agreement and follow the instructions on the first page to put it into effect.
As a small team we are unable to make any changes to our standard agreement or sign customers own agreements, as seeking legal advice would be cost prohibitive.
EU data subjects have the right to access, update retrieve and remove their personal data. Existing Orderspace functionality already helps you to do this for your customers. We've made a few small changes to help with this including the ability to delete a customer and all associated orders with a single click, and the ability to export all the data associated with a specific customer.
We have performed an internal review to identify the personal data we process and updated our internal policies where necessary to ensure they comply with the requirements of the GDPR.
We have reviewed each of the third parties we use to help us provide our service to ensure that they comply with the GDPR. Where necessary, we have taken out a Data Processing Agreement or similar written contract with each one. As part of providing our service, we use the following third party services:
|Amazon Web Services (AWS)||Cloud hosting infrastructure|
|Sentry||Application logging and debugging|
|Help Scout||Support services|