Last updated on April 29, 2023
What is GDPR?
The General Data Protection Regulation (GDPR) is a law that came into effect on 25th May 2018 to regulate how the personal data of European residents can be collected, used, and processed by businesses. It seeks to provide and emphasise the fundamental rights and freedoms of individuals regarding their right to the protection of personal data.
The introduction of this law extends to all companies who handle personal data of European individuals, regardless of size and even if the company originated or exists outside of the EU.
Under the GDPR, Okendo is considered a “data processor”. As your business has a direct relationship with your customers, it is likely to be considered a “data controller”. This means that we have obligations to you with respect to GDPR compliance, and in turn you have obligations to your customers.
Okendo is committed to maintaining GDPR compliance and to ensuring our customers and end users are protected.
How does Okendo support you and your GDPR obligations?
Okendo has also prepared a Data Processing Addendum applicable to all Okendo merchants located in the European Union or to whom the GDPR applies, which is based on the European Commission’s Standard Contract Clauses. This enables secure transfer of end user data outside of the European Union, and ensures we are able to provide our service to you in a GDPR compliant manner.
What does this mean for us and our customers?
Ease of Data Access – Your customers may request to access the personal information your company keeps about them. To access this data, follow the instructions outlined in Shopify’s documentation. Shopify will forward the data request to Okendo as part of their process. Okendo will automatically email the store owner with a temporary link to download the customer’s personal information. The link expires in 12 hours. The downloaded information can then be passed on to the requesting individual.
Data Rectification and Amendment – If a customer would like to change or amend any personal data that Okendo may be storing, please reach out to firstname.lastname@example.org
Data Deletion – Customers now have the right to request that you remove their personal data from your records. As your data processor, we do store information about your customers while our app remains installed on your Shopify store. If you need this data deleted, follow the instructions outlined in Shopify’s documentation.
Data portability – Similar to a customer’s right to Data Access, this same process also allows customers to receive their data in a portable, interoperable format.
Right to restriction of processing – Your customers may request to freeze the processing of his or her data. Using your Okendo admin, you can quickly remove this customer email address from Okendo’s email delivery system and blocklist their email as well. You can also reach out to email@example.com to have our team remove all published content so that it will no longer be displayed on your site.
Data Protection Officers – Okendo has trained staff available to respond to enquiries and ensure ongoing GDPR compliance. If you have any questions about Okendo and the GDPR, please reach out to firstname.lastname@example.org.
Do I need to do anything as a Merchant?
There are some changes to the way you can use the information you hold to communicate with your customers, particularly where the information is collected for a specific purpose. For example, Including marketing such as product recommendations in a review request email is now against GDPR regulations
We may contact you via email to invite you to review any services and/or products you received from us.
We use an external company, Okendo Pty Ltd (“Okendo”), to collect your feedback which means that we will share your name, email address and order details with Okendo.
If you choose to provide feedback, we may use your first name and an initial, as well as any pictures, images, or videos you provide to Okendo on our behalf for our advertising and promotional purposes.
Our Data Sub-Processors
Just as we offer services to you as a data processor, we also use data processors in the operation of our business. You can find the list of data process we use below:
- Sendgrid, Inc.
- Google LLC
- Location: California, USA
- Location: Massachusetts, USA
- Amazon Web Services