Data protection and security
The GDPR requires both controllers and processors to implement the appropriate technical and organisational measures required to ensure the protection of personal data of data subjects.
This requirement is placed on the controller (the ShopWired user) and the processor (ShopWired) individually.
This means you are responsible for ensuring that data is protected and processed securely.
ShopWired measures
ShopWired has implemented many of the controls and processes identified in the GDPR.
• We ensure that the processing systems that are in place are resilient against outside attack.
• We restrict who has access to personal data that we process on a need to know basis.
• We ensure that personal data is available in a redundant system in the event of an incident which makes that data unavailable on the usual systems.
• We perform regular testing and assessments in order to evaluate the technical and organisational security measures we have in place.
Data is also anonymised and encrypted.
ShopWired has a range of organisational measures in place to ensure that data is handled and processed in a secure way. This includes the implementation of an information security programme involving various personnel within ShopWired who are responsible for data protection and security including the appointment of a Data Protection Officer whose role it is to oversee data protection and security measures implemented at ShopWired.
ShopWired maintains a log of any internal access by team members to personal data in its operation of the platform and in assisting ShopWired users in a help and support capacity. Such logs remain available for at least 12 months.
Your use of the ShopWired platform is encrypted using the HTTPS protocol. Any sensitive stored information such as salts and hashes that we use to store passwords securely, are also protected by encryption.
Where you use the user accounts app you should change permissions for users that have access to your account to restrict access to data so that it can only be accessed by team members that have a 'need to know'.