What is GDPR?
The EU’s General Data Protection Regulations (GDPR) take effect May 25, 2018, and we are in support of the spirit of these regulations for a safe and secure Internet. We are committed to the privacy rights for our community, clients, and partners.
These regulations govern how companies collect and handle personal data, and may impact companies that are not located in the EU. Please visit https://www.eugdpr.org/ for more information.
How is Reaction complying with GDPR?
International Data Transfer Certification
The EU-US Privacy Shield is a framework negotiated and agreed by the European Commission and U.S. Department of Commerce as a lawful way of transferring personal data.
We have audited all areas of Reaction Commerce to determine what personal data we collect and for what purpose. In cases where we are collecting personal data that is not essential, that collection process has been removed.
We have worked with our legal team to ensure that our policy clearly communicates any instances of personal data collection.
Data Modification and Deletion
A user has the right to request that we modify or delete all of their personal data. Those who want to inquire about modifying or deleting the personal data can contact us at firstname.lastname@example.org
Access / Portability
A user can request access to a copy of the personal data that we have collected. Users who wish to request portability can contact us at email@example.com
We have documented all current sub-processors in use by Reaction. A sub-processor includes any third party that we share personally identifiable info with. A full list of sub-processor can be made available upon request.
Data Processing Agreements (DPAs)
As affirmation of our commitment to GDPR, we have a Data Processing Agreement (DPA) that reflects the requirements of the GDPR available upon request.
Are changes required to Reaction Commerce code to be compliant with GDPR?
GDPR regulations give individuals the right to access, change, and delete personal information when requested.
We are working on mapping personal information that is stored by Reaction Commerce but there are no anticipated changes required to become compliant. However, merchants should put in their own process to ensure they are in compliant with GDPR.
How can merchants using Reaction become GDPR compliant?
Merchants should contact their own legal counsel to help them understand what they must do to be compliant.
How do plugins and integrations impact GDPR compliance?
Merchants should review services from any contracts with external companies providing the plugin and integration services.
How do EU merchants ensure that their data and their customers data remain in the EU?
Merchants should work with their hosting provider to ensure that they are hosted in EU locations.