Data transfers and disclosures

The personal data of residents of EU member states can only be transferred to recipients outside of the EU if the recipient has adequate protections in place.

Such protections may include adherence to domestic laws deemed adequate by the European Commission, or negotiated agreements such as the EU-U.S. Privacy Shield.

Where contractual protections are in place or approved sets of internal policies these may also be sufficient to ensure adequate protections are in place for the processing of personal data, but care must be taken to ensure this is the case.

At the moment, ShopWired does not transfer data to any recipients outside of the EU.

Disclosures to third parties

ShopWired does not sell personal data for commercial purposes.

ShopWired will however disclose personal data to third parties or allow third parties to access personal data to assist in providing the ShopWired service, for example

• The storage of platform data
• To help and support users of the ShopWired platform
• To investigate illegal conduct or potential fraud

Platform 21 Ltd, registered in England and Wales, has disclosure agreements in place with Platform 43 Limited, registered in England and Wales, and ShopWired Operations Ltd, registered in England and Wales, to assist in the above named activities.

Strict controls are in place to ensure that disclosure is only conducted on a need to know basis.

Where a merchant uses a third-party service provider such as a payment processor or an accountancy programme, the disclosure of data by the ShopWired user (the controller) to the processor of that data (the third-party service provider) is not governed by any contractual arrangements between ShopWired and its user.

ShopWired is not responsible for the data practices of these third party service providers. Please note, this is not a contractual exclusion determined by ShopWired but a result of the obligations imposed on data controllers by the GDPR.