Data transfers and disclosures
Under the EU GDPR the personal data of residents of EU member states can only be transferred to recipients outside of the EU if the recipient has adequate protections in place. The UK GDPR applies similar regulations to personal data of residents of the UK being transferred outside of the UK.
Your data transfers may be covered by an adequacy decision, an appropriate safeguard or an exception. You can read the guidance published by the Information Commissioner's Office (the UK body responsible for Data Protection) about international transfers here. Their guidance is also the best place to find all of the up to date information about how the UK leaving the EU has affected the transfer of data between the EU and the UK.
Where contractual protections are in place or there are approved sets of internal policies these may also be sufficient to ensure adequate protections are in place for the processing of personal data, but care must be taken to ensure this is the case.
Disclosures to third parties
ShopWired does not sell personal data for commercial purposes.
ShopWired will however disclose personal data to third parties or allow third parties to access personal data to assist in providing the ShopWired service, for example
• The storage of platform data
• To help and support users of the ShopWired platform
• To investigate illegal conduct or potential fraud
Platform 21 Ltd, registered in England and Wales, has disclosure agreements in place with Platform 43 Limited, registered in England and Wales, and ShopWired Operations Ltd, registered in England and Wales, to assist in the above named activities.
Strict controls are in place to ensure that disclosure is only conducted on a need to know basis.
Where a merchant uses a third-party service provider such as a payment processor or an accountancy programme, the disclosure of data by the ShopWired user (the controller) to the processor of that data (the third-party service provider) is not governed by any contractual arrangements between ShopWired and its user.
ShopWired is not responsible for the data practices of these third party service providers. Please note, this is not a contractual exclusion determined by ShopWired but a result of the obligations imposed on data controllers by the GDPR.