How to comply with GDPR
In this article:
What is GDPR?
GDPR stands for General Data Protection Regulation and relates to the lawful right of individual (EU) citizens to protect their personal data and privacy. The regulation was enforced by the European Union on May 25, 2018, stipulating new global data protection rights for citizens of the European Union (EU) and the European Economic Area (EEA).
The regulation includes provisions and requirements addressing the export and processing of personal data of individuals. The primary focus of the GDPR is to allow individuals authority over their personal information, as well as streamline the regulatory environment for global business.
How does GDPR relate to my business?
The GDPR relates to you on an individual (personal) and business level.
GDPR for individuals
If you're an EU citizen, your privacy and personal data associated with your store/business information are lawfully protected under this regulation.
GDPR for businesses
Regardless of your citizenship, as a store owner, you have an obligation to comply with the GDPR as it pertains to the data protection and privacy of your (EU) customers. You, as a seller, are responsible for treating your customers' data in accordance with GDPR.
Important! As a store owner, you are responsible for treating your customers' data in accordance with GDPR. We urge you to comply with these guidelines in all business actions and processes that involve your customers' personal data.
If you are a seller using Sellfy, we recommend applying the tools available in your Sellfy account to abide by GDPR guidelines.
Tools for compliance
Sellfy is GDPR-compliant, supporting both the privacy rights of users as well as their customers. There are several services we offer to ensure our and our users' compliance with GDPR.
When using the built-in Sellfy Email Marketing feature, we'll help by only allowing you to contact the customers that have given permission to be contacted. You'll be able to contact newsletter subscribers and customers that have given their consent. You can also export email addresses to use with other email services and manage your customers' data.
Newsletter subscription opt-in checkbox
You can offer a newsletter subscription option to your customers during checkout. This allows buyers the option to opt-in or give their consent to receive email communications from you. This helps you legally ensure that you have their permission to contact them. This is essential for complying with GDPR.
To enable this:
- Navigate to Store Settings > Customize store
- Select the Checkout page > click on the Checkout module
- Scroll down to checkout features > turn the toggle next to Enable newsletter subscription
- To opt-in customers by default, turn the toggle next to Opt-in newsletter by default (optional)
Exporting data for 3rd party email services
When exporting data (in particular email addresses) via the Order export to use with other email services, please ensure you check the Opt-in column in the report. If customers did not check the opt-in box, their personal email address should not be used for marketing purposes.
You can find out which of your buyers have agreed to receive emails by viewing the "Consent to receive" column (I) of your Order export.
- Customer's email
- Payment processor customer used for checkout
- Customer's location
- Customer's IP address
Sellfy is GDRP-compliant supporting the privacy rights of users as well as their customers. There are several services we offer to ensure our and our users' compliance with GDPR.Account deletion
Important! information related to paid invoices and order payments as well as data pertaining to it will remain in our records after account deletion due to legal regulations about payment information.
If a store owner decides to terminate their subscription and leave the platform, we are committed to deleting all personal account information and its contents.
Sellers manage their own Terms & Privacy, About, and Contact store pages to provide all necessary information for customers.
- Go to Customers
- Select the customer
- Select Unsubscribe from all lists
Deleting customer data
Under GDPR, your customers located in the EU have the right to request that all data you have stored about them be removed or deleted. If your customer requests that to be done, you can do this in your Customers section. Deletion of data is permanent and it can not be restored.
- Go to Customers
- Select the customer
- Select Clear data
What data does Sellfy collect?
Sellfy collects personal data of individuals that sign up for a Sellfy account and/or browse Sellfy-owned sites.
Upon registration, we collect:
- Your username
- Your password
- The e-mail address you sign up with
- Texts, photos, vectors, and product files in any format that you upload to your account
If you decide to subscribe to a paid plan on Sellfy.com, we collect the following payment information:
- Credit card number
- Credit card expiration date
- CVV number
- The billing address and postal code
- PayPal account email (if applicable)
Server logs and Cookies
How long will Sellfy keep personal data?
Sellfy retains data about users for the period necessary to fulfill the purposes for which the information was collected. After that, all information will be deleted.
If we are obliged by legal requirements to store information for tax purposes, or data for pre-trial investigation, Sellfy will keep the data for that purpose only. In any case, the retention period will not exceed 10 years after which the data will be deleted in such a way that it cannot be restored.