If you do or your company operate in the EU or European Economic Area (EEA) or if you do business with anyone located there you’ve likely already heard about the General Data Protection Regulation (GDPR) that goes into effect today. In essence, GDPR is a set of laws and regulations backed by stiff penalties that apply to all organizations worldwide who collect, store, or process information about individuals in the EU. Since GDPR is a far-reaching and complex set of laws and regulations it’s important to seek other resources to understand GDPR and your obligations under it. For example, IAPP and DMA provide useful resources and companies like MailChimp and DotMailer have done an excellent job of compiling important information you should know.
We’ve always placed a high value on the privacy of the information shared with us by merchants using ShipperHQ. Because of this and by keeping the personal information we gather to the minimum required for ShipperHQ’s functionality, we’ve been compliant with many of the requirements of GDPR for a long time and nothing changes in how ShipperHQ functions. In the past few months, we’ve undergone an extensive review of our policies and procedures and can confirm that effective May 25th, 2018 we are compliant with GDPR.
We’ve taken a number of steps to ensure compliance:
- Updated our User Agreement to make privacy and data handling much more clearly defined for ShipperHQ customers
- Updated our Privacy Policy with additional tools and safeguards for your data and your customers’ data
- Provide an optional Data Processing Addendum (DPA) providing additional protection to our customers who need it
- Compiled a list of sub-processors we use which is available to our customers
- Established training for current and future employees in data privacy
To help you understand how these changes impact you and your customers, we’ve also compiled this summary. This summary is not legal advice but we hope it serves as a useful outline for you. If you have a ShipperHQ account and are impacted by GDPR it’s important that you understand what we’re doing to be compliant by reading our updated Privacy Policy and User Agreement and contacting us if you have any questions.
For Retailers Using ShipperHQ
We collect some information from you when you set up your ShipperHQ account or as you set up additional features and functionality. This information can include:
- Your name and contact info so that we can get in touch with you about your account or, if you allow us to, send product updates and messages about new features from us or our partners.
- Billing information which might include credit or debit card details, billing addresses, or bank details. This information is only used to pay for your ShipperHQ account.
- Information you provide while setting up your ShipperHQ account which may include warehouse addresses, account details for your service providers, etc. This information is only ever used to allow ShipperHQ to do what you tell it to do.
- Information from shipping quote requests you send to ShipperHQ while using our system. See the section for Customers of Retailers below for more information on what information is collected and how we use it.
If you’re using ShipperHQ, you’re also providing us with some information about your customers. This information and how it’s used is explained more fully below but it’s important to understand that it is your responsibility to ensure that you have the right to collect this information from your customers and protect this information while it is in any system you control and while it’s being sent to us.
Your data is your own
All of the configuration and usage information in your ShipperHQ account is your data. For personal information contained in configuration and usage data, you can ask us at any time to remove this information from our system and we will do that within a reasonable timeframe. Since this data is used to enable specific functionality in ShipperHQ, if you ask us to delete some or all of your data we may inform you that this will mean you can not use certain functionality or would need to cancel your ShipperHQ account entirely. If this is the case, the decision is always yours under the terms of our User Agreement.
We are required by law to keep a record of some information for a certain amount of time even if you cancel your ShipperHQ account. We will only keep the information required by law and let you know exactly what we will keep and for how long if requested. It may not be possible to delete some information immediately (for example, when stored in a backup system) even if we’re allowed to by law but if so this information will be prevented from being used until it can be deleted.
In order to provide our team with additional information to ensure that ShipperHQ operates correctly or to improve the operation of ShipperHQ we aggregate some data from all of our customers. We also may use aggregated data for marketing purposes, for example to describe the number of shipping quote requests processed by ShipperHQ. When used for any of these purposes, the data is fully anonymized and extremely limited so that no one can identify data originating from you or your customers. You can request that we do not use your data in this way or a full explanation of exactly what data may be used and how by contacting us.
We safeguard your data
We employ industry-standard best practices to keep your data safe including a variety of security practices and tools internally to make sure that members of the ShipperHQ team only have access to the information they need to do their job.
If we identify any data breaches which may expose personal information, we will notify you as appropriate and work with you to take whatever steps are necessary to address the issue.
ShipperHQ uses some third party applications or services (sub-processors) in order to operate correctly and your data may pass through or be stored by these applications as described in our Privacy Policy and User Agreement. These may include providers of application hosting or storage, payment processors, or analytics tools. All sub-processors used by ShipperHQ agree to protect your data with the same or greater security practices used by ShipperHQ and no sub-processor is permitted to access your data except for the specific purpose of ShipperHQ’s operational needs. You can contact us at any time for a list of sub-processors used by ShipperHQ.
For Customers of Retailers Using ShipperHQ
If you shop on a website which uses ShipperHQ, we may collect some information that you provide to that website in order to give you shipping information on behalf of the retailer. This information may include: your name, your company name, contact information such as telephone number or email address, the address you are shipping to, or other pieces of data required to provide you with shipping information.
We limit our use of your data
We store all of the information we collect about a shipping information request for up to 90 days in order to allow us to support the retailers using our system. This information is only used by our technical support team to identify issues when necessary and access is limited to only those members of our team who need access to do their job.
We also store a very limited set of information indefinitely. This information may include the city, state or region, post or ZIP code, and country that you enter as well as the total weight, price, and quantity of the products in your order. This information is used to give the retailer you are buying from analytical information about shipping information requests. This information may also be anonymized in such a way that no one can reasonably identify you and used by ShipperHQ to track performance of our system or for marketing purposes.
Your data is your own
At any time you can ask the retailer using ShipperHQ to request that all of your data is deleted. They can request that ShipperHQ deletes your information and we will do so as described in our User Agreement with that retailer.
For All Visitors to Our Websites
We use standard tools for tracking visitors to our website. This is in the form of cookies that are stored on the device you use to browse our website. This information is used so that we can see how visitors are interacting with our website and measure the success of our online marketing. You can use your web browser settings to stop us from creating or using these cookies at any time but if you do so you may not be able to use certain features or functionality of our websites.
If You Have Questions
We want you to know how we use your information and what your rights are with respect to your data. You can find full details in our Privacy Policy and User Agreement or contact us if you have any questions.
If you expect to collect and send to us information which is more sensitive than usual, operate in or work with companies or individuals within the European Economic Area or EU, or if you otherwise need additional safeguards than those provided by our standard policies, please contact us to discuss an additional Data Processing Addendum (DPA).