Selz’s commitment to the GDPR

The European Union’s General Data Protection Regulation (GDPR) came into effect on 25th May 2018. The regulation makes significant changes to how companies and individuals can use and process personal data and impacts everyone doing business in the EU.

Selz has always been committed to following the world’s best standards for data privacy and we’re likewise committed to complying with the GDPR. Importantly, we’re committed to making sure all our retailers have the tools they need to comply with these new regulations. So over the last few weeks, we’ve rolled out a series of GDPR related updates.

This post explains some of the implications of the GDPR and the updates we have released to address them. It’s for informational purposes only and isn’t a substitute for legal advice. If you’re unsure about your obligations under the GDPR we encourage you to take professional legal advice.


What is the GDPR?

The GDPR is new EU legislation which regulates the processing of personal data. The GDPR requires companies or individuals to implement safeguards to ensure personal data is adequately protected. It also gives individuals rights over their data, for example when giving their consent, accessing and correcting their data. The GDPR applies to anyone established in Europe but also to anyone who offers goods and services for sale to European customers.


How has Selz prepared for the GDPR?

Selz has prepared for the GDPR in these ways:

  • We appointed an experienced Data Protection Officer to oversee our data protection program and GDPR implementation plan.
  • We updated our Privacy Policy to include disclosures required by the GDPR.
  • We reviewed our contractual arrangements with sub-processors, to make sure that they are required to protect personal data through robust technical and organizational measures.
  • We started to deliver GDPR-focused training to key teams and personnel so that they are aware of the law’s requirements and can design our products and business plans with privacy in mind.
  • We implemented a detailed procedure to deal with data subject access requests, deletion requests, and government access requests.
  • We created a Data Processing Addendum and incorporated it into our Terms of Service, as required by Article 28 of the GDPR.
  • We have developed a more robust Cookie Policy to make sure that merchants have the information they need to get effective consent for us to place the cookies necessary to provide our services.
  • We created informational materials about our data protection program for merchants who are looking to conduct due diligence and make sure that Selz can support their data protection needs.
  • We are preparing a detailed register of our data processing activities, as required by Article 30 of the GDPR.

I am a Selz Merchant – how does the GDPR affect me?

1. Does the GDPR apply to me?

Generally speaking, the GDPR applies to anyone established in Europe, but also to anyone who offers goods and services for sale to European customers.  If you are based in the United States but you sell your goods and services to customers based in Europe, for example, the GDPR applies to you.

It is important to understand what you need to do to prepare for the GDPR.  The information below is meant to help you do that, however it is not legal advice.  Our recommendation to merchants is that they should consult with a lawyer to understand what they need to do to ensure they comply with the GDPR.  

2. Key Concept: data controller and data processors

Under the GDPR, entities which process personal data may fall into two categories: data controller and data processor.  Data controllers, alone or jointly with others, determine the means and purpose of the processing of personal data. A data processor is the entity which processes the data on behalf of and according to the instructions of the data controller.  

Because we process personal data on your behalf, Selz is a data processor. So we have prepared a  Data Processing Addendum which governs our relationship with you.  

3. Privacy Policy and Consent

One of the most important concepts of the GDPR is the requirement to obtain consent from your customers to process their data. The easiest way to do this is to ask them to agree to your privacy policy.  Your privacy policy should include all of the information that you are required to provide under the regulation. We encourage our merchants to obtain legal advice on drafting a compliant privacy policy.  Our system makes it easy to obtain consent from your customers in two ways: 1. Tick box opt-in at checkout and 2. Privacy policy upload.

4. Data subjects’ Rights

The GDPR expands the rights of data subjects, in this case, the customers whose personal data you collect.  These rights include the right to access their data, to rectify their data, to request erasure of their data and to port their data.  We have released new features which will allow you to process these requests. These features include:

5. Data breach notification

If you or your business experiences a breach of customer data, you may be required to notify supervisory authorities in the EU, and in some instances your customers. The same applies to Selz.  As part of our undertaking to you, which is outlined in the  Data Processing Addendum which forms part of our terms of service, we commit to notifying you of data breaches, as required by GDPR regulation.  

The GDPR is a complex piece of legislation and we encourage merchants to review their business operations and inform themselves. As part of your review, you should consider:

  • How and when does my business process personal data?
  • What measures are in place to ensure that personal data is secure?
  • Am I obtaining appropriate, affirmative consent to process this personal data?

Some additional resources:

ICO: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

IAPP: https://iapp.org/resources/article/top-10-operational-impacts-of-the-gdpr/

Still need help? Contact Us Contact Us