GDPR (General Data Protection Regulation) aims to strengthen data privacy and data protection for European Union (EU) citizens and must be followed by all companies that have customers from the EU. GDPR will come into effect in May 25th, 2018 and if you have EU customers, you will need to become compliant.
Will FORSBERG+two's apps become GDPR compliant?
Yes. FORSBERG+two is fully committed to achieving compliance with GDPR prior May 25th, 2018. We are working to make sure everything will be ready when GDPR becomes enforceable on this date.
Information we hold
There are two type of entities we store personal data for:
- Our customers - We store details about your store and the store owner, such as name, contact information, address and location information provided by Shopify. If you contact us via email, chat or phone, we will also store any personal information included in those messages.
- Your order data and associated customers - In order for our applications to function, they do require access to your order, transaction and fulfillment information which can contain personal information about your customers. This includes name, contact information and address details. Note: Order data is not saved in our databases, but pulled in from Shopify as needed and discarded after use.
Data security and data breaches
We take data protection and security very seriously at FORSBERG+two. We constantly monitor for security flaws and unauthorised access and we will take action immediately if something suspicious is detected. In an unlikely case of a data breach, we will notify all of our customers within 72 hours after the breach was detected.
Some of the preventive measures we take include:
- encrypted HTTPS communication layers for all data transfers
- isolated data containers and data network
- powerful firewalls to prevent and mitigate different types of attacks and data leaks
- multiple encrypted backups at database and disk level, stored for 3 months.
Data subject rights
All individual rights regarding GDPR will be enforced by our FORSBERG+two team. We will also allow customers to make requests about their data including:
- Right To Be Informed: for the parties where we act as a controller, we inform our users what we do with their data
- Right To Access: we can show all data stored of customers and orders, and how it is being used
- Right To Be Forgotten: we can erase data we hold about any individual either manually or by API
- Right To Data Portability: we can export data held by an individual as a CSV on request
- Right To Rectification: a person's data can be updated either from the user account or manually by us on request
Where can I learn more?
All customers will be asked to accept these new terms before the 25th of May 2018, when accessing the applications to continue using our services.
Terms of Service: https://www.forsbergplustwo.com/pages/terms-of-service
If you have any questions or concerns, please do get in contact on firstname.lastname@example.org