How to comply with GDPR?
In this article:
What is GDPR?
GDPR stands for General Data Protection Regulation and relates to the lawful right of individual (EU) citizens to protect their personal data and privacy. The regulation was enforced by the European Union on May 25, 2018, stipulating new global data protection rights for citizens of the European Union (EU) and the European Economic Area (EEA).
Further, the regulation includes provisions and requirements addressing the export and processing of personal data of individuals. The primary focus of the GDPR is to allow individuals authority over their personal information, as well as streamline the regulatory environment for global business.
How does GDPR relate to my business?
The GDPR relates to you on an individual (personal) and business level.
GDPR for individuals
If you're an EU citizen, your privacy and personal data associated with your store/business information is lawfully protected under this regulation.
GDPR for business
Regardless of your citizenship, as a store owner, you have an obligation to comply with the GDPR as it pertains to the data protection and privacy of your (EU) customers. You, as a seller, are responsible for treating your customers' data in accordance with GDPR.
Important! As an account owner, you are responsible for treating your customers' data in accordance with GDPR. We urge you to comply with these guidelines in all business actions and processes that involve your customers' personal data.
If you are a seller using Sellfy, we recommend applying the tools available in your Sellfy account to abide by GDPR guidelines:
We advise including the Opt-in box upon checkout to provide buyers with the option to give their consent to receiving further communication from you via their personal email address.
To make sure you include the Opt-in checkbox for customers, navigate to Store Settings → General settings and check that the toggle next to Opt-in buyers to your newsletter by default is turned off (the toggle color will remain grey).
When using the Email Marketing feature, please make sure you are including email addresses of customers only that have agreed to receive email communications from you. You can find out which of your buyers have agreed to this in the Opt-in column (I) of your Order export.
3rd party Email Services
When exporting personal data (in particular email addresses) via the Order export to use in conjunction with other email services, please ensure you check the Opt-in column in the report.
If customers did not check the opt-in box, their personal email address should not be used for marketing purposes.
What data does Sellfy collect?
Sellfy collects personal data of individuals that sign up for a Sellfy account and/or browse Sellfy-owned sites.
Upon registration, we collect:
- Your username
- Your password
- The e-mail address you sign up with
- Texts, photos, vector, and product files in any format that you upload to your account
If you decide to subscribe to a paid plan on Sellfy.com, we collect the following payment information:
- Credit card number
- Credit card expiration date
- CVV number
- The billing address and postal code
- PayPal account email (if applicable)
Server logs and Cookies
Sellfy GDPR compliance
Sellfy is GDRP-compliant supporting the privacy rights of users as well as their customers. There are several services we offer to ensure our and our users' compliance with GDPR.
Important! information related to paid invoices and order payments as well as data pertaining to it will remain in our records after account deletion due to legal regulations about payment information.
If a store owner decides to terminate their subscription and leave the platform, we are committed to deleting all personal account information and its contents.
Sellers are authorized to manage their own Terms & Privacy, About, and Contact pages to provide all necessary information for customers.
Clearing customer data
Sellfy collects personal data about buyers who purchase products in Sellfy-based online stores.
This is a full list of customers' personal data Sellfy collects in the Order export:
- Customer's email
- Payment processor customer used for checkout
- Consent to receive newsletters (opt-in)
- Customer's location
- Customer's IP address
Sellfy account owners have access to this data and can view if customers have given their consent to receiving further updates. Sellers can export data of a single order as well as all orders from any given date range.
As a seller, it is important to treat this data in accordance with GDPR.
At checkout, each customer has the option to opt-in for receiving newsletter meaning they can decide whether they want their personal email recorded in the seller's system for future communications/updates sent by the sellers.
How long will Sellfy keep personal data?
Sellfy retains data about users for the period necessary to fulfill the purposes for which the information was collected. After that, all information will be deleted.
If we are obliged by legal requirements to store information for tax purposes, or data for pre-trial investigation, Sellfy will keep the data for that purpose only. In any case, the retention period will not exceed 10 years after which the data will be deleted in such a way that it cannot be restored.