Skip to main content
GDPR Compliance

All of our apps will be fully compliant with GDPR (General Data Protection Regulation) before May 25th.

Bjorn Forsberg avatar
Written by Bjorn Forsberg
Updated over a week ago

GDPR (General Data Protection Regulation) aims to strengthen data privacy and data protection for European Union (EU) citizens and must be followed by all companies that have customers from the EU. GDPR will come into effect in May 25th, 2018 and if you have EU customers, you will need to become compliant.

Will FORSBERG+two's apps become GDPR compliant?

Yes. FORSBERG+two is fully committed to achieving compliance with GDPR prior May 25th, 2018. We are working to make sure everything will be ready when GDPR becomes enforceable on this date.

Information we hold

There are two type of entities we store personal data for:

  • Our customers - We store details about your store and the store owner, such as name, contact information, address and location information provided by Shopify. If you contact us via email, chat or phone, we will also store any personal information included in those messages.

  • Your order data and associated customers - In order for our applications to function, they do require access to your order, transaction and fulfillment information which can contain personal information about your customers. This includes name, contact information and address details. Note: Order data is not saved in our databases, but pulled in from Shopify as needed and discarded after use.

Data security and data breaches

We take data protection and security very seriously at FORSBERG+two. We constantly monitor for security flaws and unauthorised access and we will take action immediately if something suspicious is detected. In an unlikely case of a data breach, we will notify all of our customers within 72 hours after the breach was detected.

Some of the preventive measures we take include:

  • encrypted HTTPS communication layers for all data transfers

  • isolated data containers and data network

  • powerful firewalls to prevent and mitigate different types of attacks and data leaks

  • multiple encrypted backups at database and disk level, stored for 3 months.

Data subject rights

All individual rights regarding GDPR will be enforced by our FORSBERG+two team. We will also allow customers to make requests about their data including:

  • Right To Be Informed: for the parties where we act as a controller, we inform our users what we do with their data

  • Right To Access: we can show all data stored of customers and orders, and how it is being used

  • Right To Be Forgotten: we can erase data we hold about any individual either manually or by API

  • Right To Data Portability: we can export data held by an individual as a CSV on request

  • Right To Rectification: a person's data can be updated either from the user account or manually by us on request

Where can I learn more?

We have already updated our Terms of Service and Privacy Policy to comply with GDPR requirements and to give more information about the data we collect and for what reasons. 

All customers will be asked to accept these new terms before the 25th of May 2018, when accessing the applications to continue using our services.

Data Processing Addendum (DPA) document

If needed, you can print, sign and return to us the Data Processing Addendum document.

If you have any questions or concerns, please do get in contact on [email protected]

Did this answer your question?