ShopKitify's Commitment to GDPR
ShopKitify is committed to taking care of our customer’s data protection and compliance. We make sure that we do not collect any personal data more than anything required for the better functioning of the website, all while protecting your customer’s personal data. We’ve opted for a lot of changes about how to process related to data security.
What is GDPR?
GDPR or General Data Protection Regulation is EU-wide privacy that came into effect in May 2018. It is for regulating how the EU residents’ data is protected by companies and enhancing the control of EU personal data.
The GDPR is designed for any globally operating company and not only for EU-based businesses and residents. We make it most effective to protect our customers’ data irrespective of where they reside.
What is Personal Data?
Personal data is nothing but any data that is related to an individual. This law covers a wide spectrum of information of any individual to identify a person. Personal data just does not mean the person’s name or email id. It also includes genetic data, IP address, physical address, and ethnicity.
The Framework of GDPR Compliance
1.Collection of Personal Data
The GDPR is for identifying and documenting all the personal data collected from the EU data subjects. We categorize and map the type of personal data that are collected for better identification.
2.Data Minimization
It is to manage all the collected data for the only purpose why it was collected. We also remove or delete the personal data of the accounts that are not active anymore.
3.Data Protection Impact Assessment
The data protection impact assessments (DPIA) are for identifying assess or minimizing privacy risks with data processing activities.
4.Legal Basis for Processing Data
ShopKitify makes use of Consent, legitimate interest, and contracts as a legal basis to process data based on the personal information we’ve collected.
5.Customer’s Rights
ShopKitify has its own internal process for how we respond and resolve queries related to individual rights. This individual has all the customer rights which include the right to information, right to rectification, right to access, right to erasure, right to restrict processing, right to data portability, and right to object for making including profiling.
6.Privacy Policy and Data Processing Agreement
At regular intervals, we keep updating our privacy policy which gives detailed information about how we collect, use, process, protect, and manage the personal data of both the controller and processor.
We also have designed a Data Processing Agreement (DPA) to allow our clients to have GDPR-compliant sites themselves. This document clearly states how we protect our customer’s data without violating any law.
7. Processing of Personal Data Outside of the EU
As per the GDPR, the EU does not allow you to transfer any of the customer’s data unless an adequate mechanism is in place to ensure the security of the personal data.
8. Website Update
We regularly update all our policies like cookies, terms of services, and privacy policy we also require our user's consent to our terms of service and privacy policy prior to using our software.
GDPR is a continuous process of safeguarding everyone’s data. Also, we make sure that we do not violate any of the rules set forth by GDPR and keep a regular eye on GDPR law. If you require any information about our GDPR, get in touch with us.
Individuals' Privacy Rights and Consent
Data Subject Rights
Our tools and applications assist customers in meeting obligations under the GDPR right to be forgotten to make it easy to delete personal data from our database.
Inactive end users may also request to delete personal data by initiating the account deleting request from the ShopKitify profile.
FAQs:
What is GDPR?
The EU's General Data Protection Regulation (GDPR) is designed for protecting data and privacy laws. The EU has realized that while technology has evolved drastically, the privacy policy also needs to. In 2016, EU regulatory has decided to update the current data protection directive to match the evolving technologies and their uses. This law is to create a list of regulations that govern the processing of the personal data of EU residents.
Where does the GDPR apply?
This law is applicable to any organization that deals with personal data. It doesn't matter where your organization is located- if your organization deals with the personal data of subjects of the EU, you are under the jurisdiction of the law.
What does a Data Protection Officer (DPO) mean and does my business need one?
The DPO is responsible for informing employees and conducting monitoring, training, and audits required by the GDPR. DPO is important to appoint in multiple cases given below:
Process huge amounts of personal data
Carry out large-scale systematic monitoring of individuals
Are a public sector authority.
Should the GDPR require EU data to stay in the EU?
No, there is no rules and regulation in practice. The GDPR does not require EU personal data to stay in the EU nor there is any restrictions on the transfer of personal data outside the EU. Data transfer from the EU can be legitimated in multiple ways:
EU-US Privacy Shield
Model or contractual clauses
What are the lawful ways the data controller can use to process customer data?
The data controller can choose from the six data processing bases given below:
Contract:
It is when you process the personal data to fulfill your contractual obligations or to take some actions based on the customer's request.
Consent:
Consent of the data means', any freely given, specific, informed indication of the data subject's wishes by a statement or by clear affirmative action related to personal data processing.
Legal Obligations:
This particularly applies when you have to comply with an obligation under any applicable law. For e.g; providing information in response to a valid request.
Vital Interests:
This is applicable to the urgent matters of life and death, especially related to health data.
Public Task:
This is applicable to the activities of public authorities.
Legitimate Interests:
This applies when it is commercial interests. The controller should have everything documented and recorded on decisions of legitimate interests.
What does GDPR mean by “data protection by design and by default”?
Data protection by default means businesses need to implement appropriate measures to mitigate privacy risks while collecting the data and extending it while processing it.
Data protection by design means comes into the role of ensuring only the personal data that is required is collected and incorporates privacy features and functionality into the products since it was stated in the design.