🔒100% SSL Secure Shopping🔒

Menu
0

🔒100% SSL Secure Shopping🔒

    0

    Your Cart is Empty

    • Login

    GDPR

    GDPR COMPLIANCE PLAN

    1.     ALL EMPLOYEES OF AFRICAPENDANT.COM ARE BRIEFED AND AWARE OF THE NEW RULES IMPOSED BY GDPR

    2.     AFRICAPENDANT COLLECTED DATA MAP

    1. Customer Data:
      1. Through Shopify
        1. First Name
        2. Last Name
        3. Personal Email
        4. Email of the person receiving the gift
        5. Name of the person receiving a gift
        6. Address Details
          1. Billing Name
          2. Billing Street
          3. Billing Address1
          4. Billing Address2
          5. Billing Company
          6. Billing City
          7. Billing Zip
          8. Billing Province
          9. Billing Country
          10. Billing Phone
          11. Shipping Name
          12. Shipping Street
          13. Shipping Address1
          14. Shipping Address2
        7. Received by email
          1. First Name
          2. Last Name
          3. Corrected Email address
          4. Email of the person receiving the gift
          5. Name of the person receiving a gift
    • Stripe
      1. Card ID
      2. Card Last4
      3. Card Brand
      4. Card Funding
      5. Card Exp Month
      6. Card Exp Year
      7. Card Name
      8. Card details
        1. Card Address Line1
        2. Card Address Line2
        3. Card Address City
        4. Card Address State
        5. Card Address Country
        6. Card Address Zip
        7. Card Issue Country
        8. Card Fingerprint
        9. Card CVC Status Card AVS Zip Status
        10. Card AVS Line1 Status
        11. Card Tokenization Method
      9. Email
    1. PayPal
      1. Name
      2. Email Address
      3. Shipping Address
      4. Address Line 1
      5. Address Line 2/District/Neighborhood
      6. Town/City
      7. State/Province/Region/County/Territory/Prefecture/Republic
      8. Zip/Postal Code
      9. Country
      10. Country Code
      11. Balance Impact
    2. Business Outreach
      1. Linked In
        1. Profile link
        2. First Name
        3. Middle Name
        4. Last Name
        5. Title
        6. Company
        7. Company Profile
        8. Company Website
        9. Twitter
        10. Location
        11. Industry
      2. Email

     

    3.     DATA PERMISSIONS & CONSENT

    1. Customer Data
      1. The customer is informed of all the gathered data in the privacy statement
      2. The customer will always have to consent or can say no to sharing their data
    • Email consent is obtained through a double opt-in registration
    1. Business Outreach Data
      1. All sourced data is pattern matched from publicly available information and verified against the server
      2. All data sourced relates to business contact information
    • All data sourced and subsequent contacts are contacted only for business inquiries

    4.     DATA STORAGE & PROTECTION MEASURES:

    1. Existing Data
      1. All existing unencrypted data in hard drives and folders is to be moved to a secure location or permanently deleted
      2. All existing data has to be moved to a new google folder, protected under Google’s strict GDPR rules
    1. Ensuring future compliance
      1. All data required for processing will be used and then either deleted or added to a protected folder

    5.     AFRICA PENDANT's LAWFUL BASIS FOR PROCESSING DATA

    1. Payment Data (Paypal, Stripe, Shopify): required to process all the payments correctly
    2. Contact information (Shopify, Mailchimp, Reply): required for the delivery of the service, an email containing media and information the customer requested.
    3. Business Outreach data: it is public information which AfricaPendant will use for business contacts

    6.     INDIVIDUAL’S RIGHTS

    1. the right to be informed;
    2. the right of access;
    3. the right to rectification;
    4. the right to erasure;
    5. the right to restrict processing;
    6. the right to data portability;
    7. the right to object;
    8. the right not to be subject to automated decision-making including profiling

     

    When thinking about customer data all employees should ensure that they can find and erase any and all data relevant to an individual

    7.     ROLES & OBLIGATIONS

    1. All employees will disclose what data they handle
    2. Director Duarte de Zoeten will be responsible for the overall compliance of Africa Pendant's employees

    8.     ACTIONS TAKEN

    1. Secure all data
    2. Update Privacy Terms
    3. Ensure lawful basis for data processing is made clear
    4. Create new Mailchimp subscription form with double opt-in consent
    5. Immediate transaction email to secure consent from Shopify
    6. Modify the delivery process for gifts

     

    Additional information:

    https://ico.org.uk/media/for-organisations/documents/1624219/preparing-for-the-gdpr-12-steps.pdf

    https://blog.mailchimp.com/gdpr-tools-from-mailchimp/

    https://ico.org.uk/for-organisations/guide-to-data-protection/privacy-notices-transparency-and-control/

    Subscribe