To set out how we process your and your customer's data in line with data protection legislation.
Terms used in this article
Controller, Data Controller
the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.1
Data Protection Legislation
European Directives 95/46/EC and 2002/58/EC, and any legislation and/or regulation implementing or made pursuant to them, or which amends or replaces any of them (including the General Data Protection Regulation, Regulation (EU) 2016/679)
an identified or identifiable natural person.1
General Data Protection Regulation
Merchant, you, your
you, a customer of Aphix Software with a valid contract to use the Aphix Software platform and/or related services.
information relating to an identifiable or identified Data Subject (a “Customer”) who visits or engages in transactions through your store (you, the “Merchant”), which Aphix processes as a Data Processor in the course of providing you with the Services. Notwithstanding the foregoing sentence, Personal Data does not include information that Aphix processes in the context of services that it provides directly to a consumer, such as through its consumer-facing services such as its mailing list
Processor, Data Processor
a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.1
any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.1
an independent public authority who is responsible for ensuring compliance with data protection legislation1. Ireland's supervisory authority is the Data Protection Commission.
a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.1
Aphix Software and the GDPR
Aphix Software has implemented practices and procedures to ensure compliance with respect to specific articles within GPDR, as follows:
Article 152: Rights of access by the data subject
Data can be accessed through Aphix Management Interface to fulfil a data subject access request. This data can be exported and are digitally portable through spreadsheets or CSV files.
Our helpdesk are happy to help if any further assistance is required.
Article 273: Representatives of controllers or processors not established in the EU
This article does not apply since all data processing takes place within the EU.
Article 28.24: Processor - do use a sub-processor without the prior written authorisation of the controller
We obtain written authorisation from you for any new sub-processing activities that we need to carry out. A full list of service providers and sub-processors that we work with is listed here.
Article 295: Processing under the authority of the controller or processor
Any processing of your customer's personal data that we carry out will be done with your consent and on behalf of you only. Your customers' personal information is not shared with or combined with other personal information from other merchants using our platform.
Article 30.26: Records of processing activities
Ad-hoc or exceptional processing using our software occurs only at your request. Our helpdesk will log all relevant details. Any future features of our platform that allow you do this in an automated way will be documented and recorded.
Article 317: Cooperation with the supervisory authority
Procedures are in place to respond to requests received from Supervisory Authorities in a transparent and timely manner.
Article 328: Security of processing
We take the security of our platform and the processing of your and your customers' data on it very seriously. We regularly apply the latest security updates for all the software used.
Article 339: Notification of a personal data breaches to the supervisory authority
We have internal procedures in place to notify the Data Protection Commissioner in Ireland should a personal data breach occur.
Article 3710: Designation of the data protection officer
While a named DPO is not required for our business activities, we have a data protection function within the company which deals with data protection. Additionally, our staff have received appropriate training in line with the latest legislation, including external GDPR training.
Provide a copy of your confidentiality/non-disclosure agreement
Additionally please confirm in which country data is stored and if you are a Privacy Shield member.
All data has be moved to an EU based Amazon data-centre.
Links to other online services
Aphix Software products have functionality that allow you, as the Merchant, to integrate external tools/services into its software, which makes it easier and more efficient for your customers to use this service. Some examples of these tools include Google Analytics, Google Tag Manager and your payment gateway integration partner. In the context of GDPR, you are considered the Data Controller for these tools/services since they have been provided directly to you. Furthermore, these tools/services are considered to be the Data Processor for the service they provide to you.
Contact them directly to discuss the controller-processor relationship you have with them.