EU General Data Protection Regulation (GDPR)

What is the GDPR?

The General Data Protection Regulation (GDPR) is a new EU data protection law that comes into effect on 25 May 2018.

It adds some new requirements on the way companies handle the personal data of EU citizens. Any business (even those outside the EU) that holds personal data on EU citizens must ensure that they comply with the new law.

What has OrderSpace done to comply with the GDPR?

Updated Terms & Conditions and Privacy Policy

We have updated our Terms & Conditions and Privacy Policy to make sure they are in line with the requirements of the GDPR. In particular we have added extra information in our Privacy Policy covering specific details about the personal data we hold and how it is used.

Data Processing Agreement

We have created a standard Data Processing Agreement (DPA), which meets the GDPR requirements and reflects our data privacy and security commitments to our customers.

Customers that need this can download our agreement and follow the instructions on the first page to put it into effect.

As a small team we are unable to make any changes to our standard agreement or sign customers own agreements, as seeking legal advice would be cost prohibitive.

Data Subject Rights

EU data subjects have the right to access, update retrieve and remove their personal data. Existing OrderSpace functionality already helps you to do this for your customers. We've made a few small changes to help with this including the ability to delete a customer and all associated orders with a single click, and the ability to export all the data associated with a specific customer.

Internal Review

We have performed an internal review to identify the personal data we process and updated our internal policies where necessary to ensure they comply with the requirements of the GDPR.

Review of Third Party Contracts

We have reviewed each of the third parties we use to help us provide our service to ensure that they comply with the GDPR. Where necessary, we have taken out a Data Processing Agreement or similar written contract with each one. As part of providing our service, we use the following third party services:

Sub-ProcessorPurpose
Amazon Web Services (AWS)Cloud hosting infrastructure
SentryApplication logging and debugging
PostmarkTransactional email
Help ScoutSupport services