GDPR imposes duties on both sides - an online store and a company entrusted with the processing data. This solves many problems in the field of technical data processing such as security, back-ups or privacy-by-design, but on the side of the online store lays the issue of preparing their procedures, describing and implementing them, appointing Data Protection Inspectors. We (IAI) can not go so deep into the procedures in the stores.
No, but it is highly recommended. It is something that everyone pays attention to. Secondly, it is extremely beneficial from the point of SEO view. Therefore, one way or another you should have an SSL certificate on every page.
We do not anticipate changes in layouts in connection with the entry of the GDPR.
All customer data from the European Union is stored in the European Union, at the moment the data is stored on the territory of Poland.
The order without registration is treated in the same way as any other order: the client does not create an account, but transfers data in order to execute the transaction, allows the processing of data and accepts standard regulations. Anyway, this data needs to be saved somewhere to process it to handle the order. There is no difference here, the rules are the same.
Yes, if such a general record allowing us to do so will be in the regulations that the client will accept. Evaluation of products or the entire purchasing process may be a natural element of validation or evaluation of the purchase experience, and in this respect the processing of personal data seems to have business justification.
Unless it violates the regulations of Allegro or eBay you can indicate which software the store uses to process transactions.
No, there is no need. Everything is settled by our Terms and Conditions and the Agreement. Latest and subsequent planned changes define the principles of our cooperation.
We recommend a contact with a specialized law firm, preferably a few, for price verification. At the moment there are many specialized companies on the market, and we can not provide legal advice.
Yes, the system in which we obtain the data does not matter. They can be written on a piece of paper, said through the phone or by exchanging information through the API. The important thing is who ultimately processes the data, not what the tool is used.
This type of profiling consists of the automatic analysis / forecast of a given person's behavior on the website, for example by adding some product to the cart, browsing a particular item in the store, analyzing the Customer's purchase history. The categories of this personal data are customer identification data (name, surname, e-mail address, telephone number) and data on their purchase preferences. Processing operations are primarily the collection of this data, their arrangement, storage, modification and use.
Just block cookies in your browser.
The system collects data on interactions with products (product display, comparison, favorites, adding to basket, product evaluation, product order).
If the client does not have an account, we collect data for an anonymous client and we associate it with the cookie set on the client's device. At the time of registration / order placement, we combine previously recorded behavioral data with the customer who registered.
It is impossible to identify a person. We do not store IP or any personal data. IAI RS has only the client's ID, the IDs of the products ordered and the order number.
When it comes to profiling, especially if we use the IAI RS system it is only necessary to inform the buyer, e.g. about the Terms and Conditions. Information that the shop for the purpose of better customer service and better matching offer uses recommendation systems, which idea is that they profile the customer in the context of the shopping preferences.