- You are entitled by law to ask for a copy of your personal information at any time by Contacting Us.
- In the unlikely event that you have any concerns about how we use your personal information, please contact us. This includes situations where you want to request the rectification or erasure of your personal information, restrictions to be placed around how we use your personal information, or to object to a particular use.
- If you make a complaint about our handling of your personal information, it will be dealt with in accordance with our complaints handling procedure. In the first instance it will be reviewed by an appropriate member of our team who will respond to you within 28 days. If you are dissatisfied with this response, you may request that your complaint, be escalated, in which case it will be passed to a senior person in our business who will review your complaint and the initial response and provide a further response within 28 days of your request to escalate the matter.
Customer data processing appendix:
Customer Data” means any personal data that processes on behalf of Customer via the Service, as more particularly described in this DPA.
“Data Protection Laws” signifies all information protection laws and guidelines appropriate to a gathering’s handling of Customer Data under the Agreement, including, where pertinent, EU Data Protection Law and Non-EU Data Protection Laws.
GDPR-EU data protection law
“EU Data Protection Law” signifies all data protection laws and guidelines appropriate to Europe, including (I) Regulation 2016/679 of the European Parliament and of the Council on the insurance of common people with respect to the preparing of individual information and on the free development of such information (General Data Protection Regulation) (“GDPR”); (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector; (iii) applicable national implementations of (i) and (ii); and (iii) in respect of the United Kingdom (“UK”) any applicable national legislation that replaces or converts in domestic law the GDPR or any other law relating to data and privacy as a consequence of the UK leaving the European Union).
“Europe” signifies, for the motivations behind this DPA, the European Union, the European Economic Area as well as their part states, Switzerland and the United Kingdom.
“Non-EU Data Protection Laws” means the California Consumer Privacy Act (“CCPA”); the Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”); and the Brazilian General Data Protection Law (“LGPD”), Federal Law no. 13,709/2018.
- Parties’ roles: If EU Data Protection Law or the LGPD applies to either party’s processing of Customer Data, the parties acknowledge and agree that with regard to the processing of Customer Data, Customer is the controller and is a processor acting on behalf of Customer, as further described in Annex A (Details of Data Processing) of this DPA.
- Purpose limitation: ECR Retail Systems shall process Customer Data only in accordance with Customer’s documented lawful instructions as set forth in this DPA, as necessary to comply with applicable law, or as otherwise agreed in writing (“Permitted Purposes”). The parties agree that the Agreement sets out Customer’s complete and final instructions. In relation to the processing of Customer Data, and processing outside the scope of these instructions (if any) shall require prior written agreement between the parties.
- Customer compliance: Customer represents and warrants that (i) it has complied, and will continue to comply, with all applicable laws, including Data Protection Laws, in respect of its processing of Customer Data and any processing instructions it issues to. ECR Retail Systems; and (ii) it has provided, and will continue to provide, all notice and has obtained, and will continue to obtain, all consents and rights necessary under Data Protection Laws for. ECR Retail Systems to process Customer Data for the purposes described in the Agreement. Customer shall have sole responsibility for the accuracy, quality, and legality of Customer Data and the means by which Customer acquired Customer Data. Without prejudice to the generality of the foregoing, Customer agrees that it shall be responsible for complying with all laws (including Data Protection Laws) applicable to any emails or other content created, sent or managed through the Service, including those relating to obtaining consents (where required) to send emails, the content of the emails and its email deployment practices.
- Lawfulness of Customer’s instructions: Customer will ensure that Europe processing of the Customer Data in accordance with Customer’s instructions will not cause ECR Retail Systems to violate any applicable law, regulation, or rule, including, without limitation, Data Protection Laws. ECR Retail Systems shall promptly notify Customer in writing, unless prohibited from doing so under EU Data Protection Laws, if it becomes aware or believes that any data processing instruction from Customer violates the GDPR or any UK implementation of the GDPR.
How do we protect your details?
- We do not use vulnerability scanning and/or scanning to PCI specifications.
- We only provide articles and information. We never require credit card volumes.
- We use regular Malware Scanning.
- Your individual information is comprised behind secured systems and is merely accessible by a restricted number of folks who’ve special access privileges to such systems, and must keep carefully the information confidential. Furthermore, all very sensitive/credit information you resource is encrypted via Secure Socket Layer (SSL) technology.
- We implement a number of security measures whenever a user gets into, submits, or accesses their information to keep up the protection of your individual information.
All deals are processed through the gateway service provider and aren’t stored or refined on our machines.
Changes to this notice
We reserve the right to alter this policy at any time. Such alterations will be posted on our website. You can also obtain an up-to-date copy of our privacy notice by contacting us.
If you would like to contact us to understand more about this Policy or wish to contact us concerning any matter relating to individual rights and your Personal Information, you may do so via the contact us or email us at firstname.lastname@example.org
Address: Church House, Church Lane, Kings Langley WD4 8JP
Phone Number: +44 (0)208-205-7766
This document was last updated on July 30, 2021