GDPR and Cookies

General Data Protection Regulation terms

The value of the GDPR

The European Union has introduced a landmark regulation that was called General Data Protection Regulation on May 25 2018.

The correct ways of processing and storage of personal data were laid on the basis of the creation of a new regulation system that raises the level of use and security of the provision of personal data for EU citizens. Thanks to the GDPR system, individual rights to privacy of European residents have been radically updated and improved, and the protection of personal information has passed completely to the control of the customers themselves. Now only they decide when it is necessary to give consent and what reasons for that are suitable. The regulation system is now even better protected against privacy breaches and leaks.

Every company is concerned about collecting, keeping, processing, using in marketing, and tracking the personal information of European citizens. The way, how to provide the highest level of security of clients’ data, is especially important for software organizations, even if they are not based in Europe. All companies, that produce or sell software around the world, will apply for this new kind of regulation system, as they need it to ensure a high level of security of their customers’ personal data.

It is common knowledge that organizations will be fined if they do not respect privacy rights. The penalties can be up to €20 millions or 4% of the global annual turnover of an organization. The method of punishment is chosen by comparing what is higher between the two options.

We would like to assure you that we have been designed to follow the correct privacy policy of our customers, that we have used all collected personal information of our clients with no errors and omissions. Our goal is to provide current and future buyers with an excellent service experience that we have been doing in recent months. Let’s list the main concepts of the GDPR:

Personal data must be processed legally

All our customers and users should not purchase email lists when they do not know the exact sources of it and how consent was obtained. On the other hand, we can’t allow the newsletter to be sent to clients until we are sure that they confirmed their consent to these actions.

Customers have to specify their preferences in the information they want to receive

It is necessary to explain clearly and in detail to the emailing system what kind of content you are ready to receive and what requirements they must meet. This approach will dramatically reduce the number of unsubscriptions and spam messages, as well as lower customer dissatisfaction.

Customers will get entitled to full transparency of data collection and processing.

Now our customers can request all their personal information at any time that is stored by us on them. That is, buyers get full access to their own data on our website, they are well aware of what kind of knowledge about their personal and financial data we have.

Customers are able to ask for the right to be forgotten                                                                                

Buyers can request the removal and deletion of all their personal details that we will be obliged to perform.

The implementation of the new system is a very difficult process, as our experts describe the GDPR and its application. We run only updates and changes that we ensure that are simple and available for everyone.

Our way of operating as the MoR

First of all, we need to explain what the MoR means. So, the Merchant of Record is a responsible entity that is authorized by the financial institution to process the consumer’s credit and debit card transactions.

In our way, it means that we operate on our clients’ behalf. That is, we become your legal representative in the resale of software. More importantly, we are responsible for compliance with all local laws and regulations relating to our operations. In addition, we also handle taxes on your behalf. We will act as if we have created and developed the software ourselves.

The MoR will do everything to make you free from a lot of difficulties and workflows adding advantages over competitors. Signing a contract with the Merchant of Record will keep you from complications with tax payments anywhere in the world. All processes and applications are processed by our organization automatically for your convenience, which is part of our multi-functional service. If you would like to learn more information about the cooperation process, please read the detailed description.

As for the GDPR in all this history, we can say this: when buyers purchase one of your products, they automatically become our partners thereby concluding a contract with us as well. Their personal data is completely safe in accordance with the requirements of the GDPR, and if you need the personal information of the buyers, you will need to have a legal basis that allows us to be able to give it to you.

Our way of processing customer data

Basically, we get all the information we need about the customer from the payment data. In the process of making payment, the customer automatically provides us with the personal data and payment data. All the information is stored in our system and can be used in the future for processing an order. The checkout process actually does not cover many data, during this process we can take out only the name of the buyer, his location, contact details, and payment information. That is all we need.

Please note that all personal data you provide to us is securely protected under the terms of the GDPR. As we have already noticed, when we use the MOR model during the working process, the buyer actually enters into a contract with us, but not with the real seller. Therefore, we can’t pass the personal data of our customers to the seller without any valid and legitimate reason. The terms of the GDPR present two convenient and legal ways to pass the personal data on, legitimate interest and consent.

IDHURRY.COM service and the real sellers of goods have a legitimate interest in using the personal data of buyers, but only for certain purposes, such as processing and execution of the order, customer support during the order processing, protection against fraud and scam. All these targets are absolutely legal and safe for buyers. This kind of using their personal data is under the control of our service and the terms of the GDPR. That is why the passing the personal data of our customers on only for the purpose of using them for the benefit of the customer is an only acceptable option and does not require additional consent and confirmation from the buyer. It is important to remember that only such developments and correctly chosen goals meet the requirements of the GDPR and allow us to share personal data about buyers with real sellers of goods. The terms and conditions of cooperation with the seller in our case are also updated reflecting the new circumstances.

The second option, which allows transferring the personal information of our customers to the sellers in a legal way, is based on explicit consent. The buyer gives this kind of confirmation to the seller usually for the marketing and promoting purposes. There are several such situations that do not cover the legitimate interests of the customer, so he easily agrees to the passing his personal data on. We’ve made some product changes to make it easier for you to work with us.

Legal terms and conditions documentation

A group of our high-qualified professionals in the field of law and jurisdiction is constantly updating the terms and conditions for both sellers and buyers. The legal department is regularly making changes and amendments to the privacy policy to protect and support customers. All conditions and updates are published before a certain deadline, which is also discussed in advance. Prior to publication, the sellers are invited to meet and agree to the new terms.

Data Passing and Sharing

The main provisions and rules for the transfer of customers’ personal data outside the European Union have not changed due to the introduction of the GDPR terms. That is why the processing and passing data on processes, that take place outside the Union, are completely compliant to the law.

Actually, the processing and storage of personal information are based in the United States. Amazon platform provides us with its infrastructure and data solutions for partnerships. We consider this organization a trusted partner because Amazon is certified according to the EU-US Privacy Shield. In this case, the transfer and processing of data are absolutely consistent with all the terms of the contract, and therefore occurs without the additional consent of the customers.

Payment information is highly protected during the payment processing. When you make your order, your personal information is passing by our partners to payment services. You don’t have to worry, because our suppliers agree on the terms with both GDPR and PCI DSS systems. This type of sharing facilitates the process of making payments in the system. Moreover, the confidentiality and anonymity of data are maintained through the work of special platforms to combat and monitor fraud on the Internet. All of these platforms are also confirmed to protect data and not share it with others in accordance with the GDPR.

This web service creates the new and best practices for providing personal data of our buyers with full security that can include encryption, access control, monitoring, and auditing. We know how to collect and keep all the necessary customer information and make it be private and secure. IDHURRY.COM is the best online form that is very knowledgeable and prepared in all the process from the making an order to the saving the personal data as well.

Cookies and Tracking   

According to the terms of the GDPR, we can only use a limited number of tracking and monitoring platforms that meet all the requirements of the new system of regulations. These services use a special combination of temporary and long-lasting cookies for high productivity that allows identifying unique journey of users. We use these platforms only to diagnose product improvements.

As we mentioned earlier, all personal information received in any case cannot be given to external parties. Also, we do not apply our clients ‘ data for any kind of transactions that will require further compliance with the GDPR or an opt-out. To be compliant to the provisions of the GDPR is a necessary condition for entering into a partnership agreement with us or a contract, in any other case, cooperation will lead to nothing.

 

The seller’s way of access to customer data

We are a company that supplies software, that is, our entire business is built on this. This is why we want to make sure that you, our sellers and partners, also adhere to the new rules of the GDPR regulation. We have made some changes to our products that will make this transition and adoption of new rules easier and more understandable for both our customers and sellers. We are always at your service.

  • Note that there are a few GDPR Legitimate Interests that are not required to take explicit consent from customers for transferring the personal data to sellers. These exceptional cases include order fulfillment, order and product support, order processing, but not using for the marketing purposes. All our partners are obligated to follow these rules and interests.
  • There is an absolutely non-complicated method to give customer consent for marketing during the checkout process. We make it by using the GDPR terms as permission for marketing updates and changes in the future. We will be able to transfer this consent information back to sellers in our Dashboard and APIs.
  • Our customers, who have signed the marketing consent in the past, have to check out their current contracts as they can be not compliant to the GDPR. In that case, their consents will be automatically canceled until the customers opt-in the updating version of this kind of consent again.

Go to the GDPR announcement link, if you would like to find out more about our product changes and all updates in connection with the adoption of a new system of the General Data Protection Regulation.