General Data Protection Regulation (GDPR)

How EffectConnect handles privacy with care

GDPR

We’ve added a Data Processing Agreement to our General Terms and Conditions to make sure the agreement between EffectConnect and its users is GDPR compliant. Everyone who starts or keeps using EffectConnect on May 25th 2018 or thereafter agrees to these new terms.

What data do we store and why?

You’re using EffectConnect to import orders you receive from marketplaces you’re selling on into your own backoffice/webshop. To do this, we need to import and store orderdata.

The orderdata consists of, but is not limited to, personal customerdata. The customerdata consists of names, addresses, (hashed) email addresses and sometimes telephone numbers.

We also store some of your information that we need to get in touch with you, to make sure our support team can help you with questions and to invoice you for the use of our system. We store company information, your name, your e-mail address and your telephone number.

How and where do we store the data?

Customerdata is being stored encrypted. This means that if you were to open our database and took a look at the data, you wouldn’t understand what it said without decrypting it. EffectConnect uses the (amazing!) Amazon AWS infrastructure to host its application and databases. We use the Frankfurt Datacenter for that (and thus make sure all data is stored in the EU). Amazon took quite some measures to make sure their infrastructure is GDPR compliant. You can read about it here.

How do we make sure data is handled with care?

We’ve taken technical and organisational measures to ensure safety of customer data. Below are some, but not all, of our measures.

Technical measures:
  • Every EffectConnect account has its own database in which the encrypted customerdata is being stored.
  • Access to every database is also encrypted and only allowed from servers and locations with explicit permission.
  • We’ll be implementing a pseudonimizing feature to pseudonimize customerdata in your database once an order has been completed. This will likely be 1 month after order completion. It means that when the data is pseudonimized, you will no longer be able to see customerdata for that order in EffectConnect.
  • We’ll be hiding all customerdata for our support team. At this moment, our support team can help you with questions about the order process, based for example on a customer’s name. This will no longer be possible in the future, we can still help you based on order numbers ofcourse.
Operational measures:
  • Our staff complies to our internal security guidelines.
  • Our staff makes sure that, if you cancel your subscription, the customer data stored in your account is being deleted.
  • We make sure that any subprocessor we work with is GDPR compliant.
  • Our staff is on a “need to know” basis. They will only have access to that part of our systems they need to properly do their job.
  • Our staff signed a confidentiality statement, to make sure it is clear to everyone working at EffectConnect that what they might see while they do their job is for their eyes only.

We’ll keep updating this page to keep informing you on how we handle privacy related data. You can check out our General Terms and Conditions (with the Data Processing Agreement included) here.