iPaaS Statement of Compliance for the GDPR
The EU’s General Data Protection Regulation (GDPR) is the most significant piece of European privacy legislation in the last twenty years. It replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC), strengthening the rights that EU individuals have over their data, and creating a uniform data protection law across Europe.
Patchworks support the GDPR and have put the appropriate policies, procedures and safeguards in place in order that our Integration Platform as a Service (iPaaS) complies with the applicable GDPR regulations as a Data Processor.
How Patchworks iPaaS Processes the Personal Data that you Control
Patchworks Integration Platform as a Service (iPaaS) handles personal data when transmitting and / or transforming customer and order data between eCommerce, Enterprise Resource Planning (ERP), Warehouse Management Systems (WMS), Customer Relationship Management (CRM), Email Service Providers (ESP) and other systems and platforms.
All data is transmitted and received via secure communication methods and, where appropriate, data is encrypted.
Where Patchworks iPaaS transmits and / or transforms customer / contact data independently (i.e., not as part of a shipping notification, order update or other associated service) email addresses are stored for logging and matching purposes.
Personal Data is retained, from the point of initial transmission / transformation, for up to 6 months from the end of the client’s relationship with Patchworks Media Ltd.. Personal Data can be deleted more frequently. For any access, update or deletion requests with regards to your customers’ personal data, please email email@example.com.
In order to make our customers’ ongoing GDPR compliance easier, users of Patchworks Tapestry will be able to search for, export, update and / or delete personal data from their customers that is stored in their individual iPaaS database.
This functionality will be rolled out during June 2018 and Patchworks Tapestry users will be notified once this is available.
Upgrade pathways for customers on v4 and v5 will be offered to customers once the functionality has successfully rolled out to Tapestry instances.
Who Else Processes Your Customers’ Personal Data?
If you haven’t already done so, we strongly recommend that you contact your other key suppliers. Whilst we are not in a position to provide an exhaustive list, that will include companies that work with you on the following:
- eCommerce (i.e. Shopify Plus, Magento, WooCommerce etc..)
- ERP (NetSuite ERP, Microsoft Dynamics Nav, Cegid etc..)
- WMS (Peoplevox, Snap Fulfil, Red Prairie etc..)
- PoS (Shopify PoS, Lightspeed, Cybertill etc..)
- Accounts (Xero, Quickbooks, Sage etc..)
- Payments (SagePay, WorldPay, PayPal etc..)
- Email Service Providers (ESPs) (Mailchimp, DotMailer, Campaign Monitor etc..)
- CRM (Hubspot, Salesforce, Act etc..)
- Marketing & Sales Automation (Infusionsoft, Emarsys, Marketo etc..)
Patchworks as a Data Controller
Whilst Patchworks are a Data Processor for the purposes of our iPaaS, we are a Data Controller with respect to our own day to day business operations.
Patchworks store some, or all, of the following personal data for contacts at their clients, partners and prospects, where those contacts have freely provided the information:
- Job Title
- Company Name
- Phone Number
- Mobile Phone Number
- Fax Number
- Email Address
Patchworks has invested in modern, cloud-based technologies for storing and processing personal data, ensuring that data is encrypted, where necessary, secure and audited.
Personal data is retained and processed in accordance with the appropriate lawful bases defined in the GDPR. For a copy of Patchworks’ Retention Schedule, or for any further questions with regards to the portability, security and auditing of data, please contact us. Either by emailing firstname.lastname@example.org or by calling +44 (0) 115 727 0404.
Do You Want to Know More?
This statement was last updated on 22nd May, 2018.