Purpose

To set out how we process your and your customer's data in line with data protection legislation.

Terms used in this article

Term

Definition

Controller, Data Controller

the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.1

Customer

your customers

Data Protection Legislation

European Directives 95/46/EC and 2002/58/EC, and any legislation and/or regulation implementing or made pursuant to them, or which amends or replaces any of them (including the General Data Protection Regulation, Regulation (EU) 2016/679)

Data Subject

an identified or identifiable natural person.1

GDPR

General Data Protection Regulation

Merchant, you, your

you, a customer of Aphix Software with a valid contract to use the Aphix Software platform and/or related services.

Personal data

information relating to an identifiable or identified Data Subject (a “Customer”) who visits or engages in transactions through your store (you, the “Merchant”), which Aphix processes as a Data Processor in the course of providing you with the Services. Notwithstanding the foregoing sentence, Personal Data does not include information that Aphix processes in the context of services that it provides directly to a consumer, such as through its consumer-facing services such as its mailing list

Processor, Data Processor

a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.1

Processing

any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.1

Supervisory Authority

an independent public authority who is responsible for ensuring compliance with data protection legislation1. Ireland's supervisory authority is the Data Protection Commission.

Third-party, Sub-processor

a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.1

Aphix Software and the GDPR

Aphix Software has implemented practices and procedures to ensure compliance with respect to specific articles within GPDR, as follows:

Article 152: Rights of access by the data subject

Data can be accessed through Aphix Management Interface to fulfil a data subject access request. This data can be exported and are digitally portable through spreadsheets or CSV files. 

Our helpdesk are happy to help if any further assistance is required.

Article 273: Representatives of controllers or processors not established in the EU

This article does not apply since all data processing takes place within the EU.

Article 28.24: Processor - do use a sub-processor without the prior written authorisation of the controller

We obtain written authorisation from you for any new sub-processing activities that we need to carry out. A full list of service providers and sub-processors that we work with is listed here.

Article 295: Processing under the authority of the controller or processor

Any processing of your customer's personal data that we carry out will be done with your consent and on behalf of you only. Your customers' personal information is not shared with or combined with other personal information from other merchants using our platform.

Article 30.26: Records of processing activities

Normal day-to-day use of our software is included and defined in our full Privacy Policy.

Ad-hoc or exceptional processing using our software occurs only at your request.  Our helpdesk will log all relevant  details. Any future features of our platform that allow you do this in an automated way will be documented and recorded.

Article 317: Cooperation with the supervisory authority

Procedures are in place to respond to requests received from Supervisory Authorities in a transparent and timely manner.

Article 328: Security of processing

We take the security of our platform and the processing of your and your customers' data on it very seriously. We regularly apply the latest security updates for all the software used. 

Article 339: Notification of a personal data breaches to the supervisory authority

We have internal procedures in place to notify the Data Protection Commissioner in Ireland should a personal data breach occur.

Article 3710: Designation of the data protection officer

While a named DPO is not required for our business activities, we have a data protection function within the company which deals with data protection. Additionally, our staff have received appropriate training in line with the latest legislation, including external GDPR training.

Provide a copy of your confidentiality/non-disclosure agreement  

Click here to view our privacy policy. 

Additionally please confirm in which country data is stored and if you are a Privacy Shield member.

All data has be moved to an EU based Amazon data-centre.

Links to other online services

Aphix Software products have functionality that allow you, as the Merchant, to integrate external tools/services into its software, which makes it easier and more efficient for your customers to use this service. Some examples of these tools include Google Analytics, Google Tag Manager and your payment gateway integration partner. In the context of GDPR, you are considered the Data Controller for these tools/services since they have been provided directly to you. Furthermore, these tools/services are considered to be the Data Processor for the service they provide to you.

Contact them directly to discuss the controller-processor relationship you have with them.

Contact us

For more information on Aphix Software's privacy practices, please visit our Privacy Policy. Contact us if you have any questions about this page.

References

  1. https://gdpr-info.eu/art-4-gdpr/

  2. https://gdpr-info.eu/art-15-gdpr/

  3. https://gdpr-info.eu/art-27-gdpr/

  4. https://gdpr-info.eu/art-28-gdpr/

  5. https://gdpr-info.eu/art-29-gdpr/

  6. https://gdpr-info.eu/art-30-gdpr/

  7. https://gdpr-info.eu/art-31-gdpr/

  8. https://gdpr-info.eu/art-32-gdpr/

  9. https://gdpr-info.eu/art-33-gdpr/

  10. https://gdpr-info.eu/art-37-gdpr/