Commonly asked questions about GDPR

Commonly asked questions about GDPR

At Cleverific, we value your privacy and took our preparation for the EU General Data Protection Regulation (GDPR) very seriously. If you are looking for more details about GDPR compliance for Edit Order, here’s a list of some great questions asked by our Shopify merchants:

Do you have a data protection officer?

Cleverific is not required to appoint a DPO under the GDPR. The reasoning is because (1) we don’t fall under the classification of a public authority or body, (2) our core processing activities do not require regular and systematic monitoring of individuals on a large scale, and (3) we don’t process a large scale volume of personal data and have a very short duration and permanence of the core processing activity.

Although we have not voluntarily appointed a DPO and are not required to do so, our co-founder and CTO of Cleverific, Inc, Andrew Le, ensures that our data security and privacy practices meet the highest standard possible for the protection of personal data for our merchants and their customers and maintain our company’s compliance with GDPR. These responsibilities have many overlaps with a DPO as defined by the GDPR.

How do you use the customer data you collect? Specifically customer names, e-mail addresses, phone numbers, physical addresses, geolocations, IP addresses, browser user agents, blog commenter e-mail addresses, IP addresses, and browser user agents.

We only use the above information as necessary per your request to create, edit, and otherwise manage orders in the Shopify platform and to provide platform tools in Edit Order for your convenience when using the product (such as searching for customers or products).

Do you have any subprocessors for data? If so, what are they and what data do they process? Can you clarify on the Third Party Service providers?

At Cleverific, we use Third Party Service Providers for critical parts of Edit Order’s infrastructure, which runs in the cloud. These providers include Amazon Web Services, cloud database vendors, and server monitoring software. As part of our GDPR process, we performed a Data Protection Impact Assessment to ensure that any and all vendors or Third Party Service Providers who we use will also be GDPR compliant and be able to assist us in responding to any merchant or customers’ request when exercising their rights with regard to their personal data. We can provide you with a complete list of our vendors and Third Party Service Providers at your request.

When there is a change in data processing that has a high risk to an individual’s privacy rights, do you have a Data Protection Impact Assessment process in place?

Yes, it is now part of our product development process to carry out a DPIA before any new feature enters development. If there is any change in risk to an individual’s privacy rights, we will disclose the risk and the nature of the risk upon release of the feature and require opt-in acknowledgement from the merchant to use it.

Do you only process our customer data when asked by us, the controller?

Yes, we only process your customer data upon your request, at the time of your request and possibly at a later time depending on the nature of your request. Your personal data and your customers’ personal data is never sold and is never disclosed to third parties for any purpose other than to fulfill your specific request and for activities involved with improving our service.

In the DPA, it mentions that you will delete data if requested. If customer data is deleted on Shopify, is it then in turn automatically deleted on Edit Order?

Edit Order has full support for the erasure request process as described by Shopify here: Processing GDPR Data Requests on Shopify. When you issue this request through the Shopify Admin on behalf of a customer, we will automatically receive the notification and will begin processing it accordingly as quickly as possible.

What is your breach reporting policy?

Please see our DPA (GDPR Contractual Terms, Section 7) for our full explanation of our breach reporting policy

Where can I find Cleverific’s DPA? You can find it here

If you have any additional questions regarding GDPR please email us.