Position Statement Regarding Compliance
As a global company, ConnectPOS is subject to various privacy and data protection laws regarding the personal data that it processes or that is under its control. The applicable data protection laws may vary based on the particular legal entity.
In consultation with outside advisors, ConnectPOS has developed a roadmap to modify and enhance its current data protection program to meet the requirements of the General Data Protection Regulation (“GDPR”). As such, GDPR compliance will be an ongoing initiative and ConnectPOS will continue to monitor developments and adapt as necessary.
What is GDPR?
GDPR is short for General Data Protection Regulation, which is a European privacy law that went into effect in May 2018. This law contains regulations that require companies, government agencies, non-profits, and other organizations that sell goods, services or collect and analyze data of people in the European Union to gain customer permission before they share or store customer data.
To whom does the GDPR apply?
It applies to organizations established in the EU that process personal data and to organizations based outside the EU that either offer goods or services directly to individuals in the EU or monitor the behavior of individuals in the EU.
What does GDPR regulate?
GDPR is a single privacy framework that aims to ensure that individuals’ personal data is handled with caution and care.
Which steps has ConnectPOS taken to comply with the GDPR?
- A critical step in furtherance of GDPR compliance is understanding ConnectPOS’s collection, use, and transfer of personal data, regardless of whether that data pertains to employees or customers. ConnectPOS has conducted extensive reviews of the data that they collect and has memorialized such collection a data inventory. We also inform all site visitors, explain how their data is used, and gain and record their consent.
- ConnectPOS has identified any notices/consent forms (whether to employees, customers, otherwise) that need to be updated, and is in the process of preparing such updates.
- ConnectPOS will continue to evaluate data transfer agreements for intragroup transfers. Users are able to change their information, withdraw consent, or see their data at any time
- ConnectPOS has evaluated whether any changes need to be made internally to address data subject rights.
- ConnectPOS has evaluated vendor relationships and is obtaining updated GDPR terms, as applicable.
- ConnectPOS has maximized the security of our site by upgrading to HTTPS to ensure data is transported securely.
We follow the GDPR requirements by collecting customer and client data with consent. Customers are not marketed to without first asking permission. We do not sell clients or clients’ customer information. Information that is shared with partners is for transactional purposes to complete a customer-approved purchase.
Where can you find more information?
For more information about data protection, visit the Information Commissioner’s Office (ICO) website. Some other useful resources are the ICO’s 12 steps to prepare for the GDPR, the NCVO’s preparation guide for charities and not-for-profits, and the main EU GDPR website.