At Refersion, our top priority is protecting our customers’ privacy and maintaining a secure environment to store personal data. We are dedicated in our commitment of standing on the forefront of digital security. We wanted to share with you how we’re upholding the recent regulation passed by the EU.
What is the GDPR?
The General Data Protection Regulation, known as the GDPR, was passed by the European Union in 2016. These regulations will give EU citizens more control over their personal data that businesses use and store. The new law goes into effect on May 25, 2018.
The three main principles discussed in this new regulation are transparency, control and accountability of storing and processing a customer’s data.
How Does the GDPR Affect Refersion?
The GDPR holds a company accountable for how it controls and/or processes personal data. In instances where Refersion is collecting information regarding merchants and affiliates, such as when a merchant signs up for our services or an affiliate joins our Marketplace, we are considered the data controller. This means that in relation to the services we provide, we decide why and how we handle the personal data we collect.
In other instances, such as where we are sent data by merchants or affiliates regarding customers or customer orders, we serve as data processors. Here, we are merely processing the personal data for you, in line with what you ask us to do. If you identify to us that we are required to process personal data in line with your instructions only, we will comply with the requirements on Processors as set out in the GDPR.
What we have accomplished
As Data Controller
As a controller, Refersion stores our merchants’ and our Marketplace affiliates’ data such as names, emails, phone number, and credit card information for billing purposes. This data is strictly used to provide services and communicate important updates relating to our software application. The data is stored within our cloud hosting infrastructure.
- We are creating a consent mechanism to inform our customers on what data we store, how we store it, and why we store it.
- We have defined data request, removal, and deletion processes to ensure that you have control over your data. Any user can request to access, rectify, restrict or transmit their personal data as described in the GDPR from Refersion within 30 days by emailing [email protected] with your request.
- We are in the process of defining the Data Protection Officer position to oversee all processes that involve personal data.
- Similar in scope, we are always reviewing our data retention policy to ensure ongoing compliance ensuring that Refersion stays ahead of any upcoming changes.
As Data Processor
As a processor we handle customers’ transaction data, such as sales details, on behalf of Refersion’s merchants and clients to provide commission calculation, tracking, and order attribution services. Our architecture stores this data segmented by client.
- We are adding relevant validation features to ensure merchants are creating compliant referral networks.
- Data controllers (merchants) may act on Personal Data within their Refersion account by contacting our support staff.
- We have greatly restricted private data exports to email addresses only registered with their matching merchant account.
- We are continuously investigating new features and revamping existing ones to help merchants become and stay GDPR compliant.
How do I access, erase, restrict or rectify data within Refersion?
Merchants, please contact your Refersion account manager or email us at [email protected]. The team can point you to the relevant features, such as deleting affiliates, help remove transaction data, and etc.
Will Refersion enter into Data Processing Agreements with its merchants?
Refersion has a default DPA for merchants. Please email us at [email protected] for a copy to review and execute.
We are also happy to review DPAs from our Enterprise customers. Please email [email protected] with your request to help kick-off the process.