shopify使用GDPR时数据泄露和国际数据转移的相关介绍-ESG跨境

shopify使用GDPR时数据泄露和国际数据转移的相关介绍

shopify新闻
shopify新闻
2022-03-28
点赞icon 0
查看icon 941

如果 GDPR 适用于您并且您遇到数据泄露,则您可能需要通知受影响的用户或特定的监管机构。

数据泄露通知

如果 GDPR 适用于您并且您遇到泄露,则您可能需要通知受影响的用户或特定的监管机构。

要特别注意的是,GDPR 要求在发生很可能对个人权利和自由产生不利影响的数据泄露时发出通知。

如果泄露的信息符合以下特征,则可能需要这样做:

  • 包括付款详细信息。

  • 可能会被用于泄露尴尬信息或个人信息。

  • 可能会被用于访问个人的账户或服务。

在适用的情况下,您需要在发现违规行为后 72 小时内尽快发出通知。

考虑以下问题:

  • 您是否曾咨询过律师以确定在遇到数据泄露时您需要针对哪些所收集和处理的信息提供相关通知?

  • 您是否有针对您业务的数据泄露响应计划,从而为此类事件做好准备?

  • 包括付款详细信息。

  • 可能会被用于泄露尴尬信息或个人信息。

  • 可能会被用于访问个人的账户或服务。

GDPR 对使用第三方供应商和服务提供商来处理其用户的个人数据的所有公司提出了要求。

Shopify 使用多个分支处理机构来处理客户的数据。有关 的分支处理机构的更多信息,请参阅 Shopify 的分支处理机构

请考虑以下问题:

  • 您是否审查过您使用的供应商和服务提供商(包括 Shopify)的隐私保护措施,从而确保您对他们如何保护您客户的个人数据感到满意?

第三方应用

GDPR 要求您采取一些与您和您的第三方服务提供商收集和使用个人数据相关的肯定步骤。其中包括 Shopify,以及您可能用于 Shopify 商店的第三方应用。

Shopify 已采取措施,让您更容易了解您安装的应用可以访问哪些个人数据。

步骤:

  1. 在 Shopify 后台中,点击应用

  2. 在要查看其权限的应用上点击查看详细信息

在应用商店的安装屏幕上安装应用之前,您还可以查看应用权限。

此外,针对每个应用,应用商店中还有一个链接到隐私政策的部分,更详细地解释了应用开发者正在收集什么数据,以及他们将如何使用这些数据。

Shopify 希望使您尽可能轻松地评估您选择安装的应用的数据实践,但您需要确保使用的是符合 GDPR 的第三方应用。

请考虑以下问题:

  • 基于您的地点、您客户的地点、您应用开发人员的地点以及每个应用的实现情况,您是否使用的是符合 GDPR 的第三方应用?如果您对特定应用的数据实践是否涉及其他考虑事项或是否能使您符合 GDPR 存在疑问,请咨询律师。

国际数据转移

除非个人数据得到充分保护,否则 GDPR 禁止将欧洲人员的个人数据输出到欧洲外部。

Shopify 按照 GDPR 的要求保护个人数据,在数据转移至美国和加拿大并在这些地方进行处理的过程中,对其进行保护。

Shopify 已对自身的数据流进行了设置,从而满足商家的这些需求。如 Shopify 隐私政策中所述,所有欧洲的个人数据最初均接收自商家,并由 Shopify 位于的子公司 Shopify International Ltd. 在爱尔兰进行处理。Shopify 随后将根据 GDPR 的规定传输此类数据。

有关 Shopify 如何按照 GDPR 标准和信息安全最佳做法接收和处理来自欧洲经济区 (EEA) 和英国的个人数据的详细信息,请参阅 Shopify 的 GDPR 白皮书(英文版)。

请考虑以下问题:

您是否确保您向其转移数据的其他方将在遵守 GDPR 的情况下跨国际边境转移该数据?要实现此目的,您可以查看第三方应用、渠道、支付网关或其他供应商的隐私政策,了解其是否说明了将如何保护欧盟数据。

下载 Shopify 的 GDPR 白皮书

有关 Shopify 如何遵守 GDPR 并确保您在使用 Shopify 时能够遵守 GDPR 的详细信息,请下载 Shopify 的 GDPR 白皮书文档(英文版)。

Data breach notification

If the GDPR applies to you and you experience a data breach, then you might be required to notify affected users or specific regulatory bodies.

In particular, the GDPR requires notice where a data breach is likely to cause a high risk of adversely affecting individuals’ rights and freedoms.

This is likely to be the case if the breached information:

  • Includes payment details.

  • Could be used to reveal embarrassing or personal information.

  • Could be used to access an individual’s accounts or services.

Where applicable, you're required to provide notice as quickly as 72 hours after you become aware of the breach.

Think about the following questions:

  • Have you spoken with a lawyer to determine what information you collect and process might require you to provide notice if you experience a data breach?

  • Do you have a data breach response plan for your business so you are prepared for such an incident?

  • Includes payment details.

  • Could be used to reveal embarrassing or personal information.

  • Could be used to access an individual’s accounts or services.

The GDPR imposes requirements on any company that uses third-party vendors and service providers to process the personal data of its users.

Shopify uses a number of subprocessors to process your customers’ data. For more information about Shopify's subprocessors, see Shopify's subprocessors.

Think about the following question:

  • Have you ed the privacy practices of the vendors and service providers that you use, including Shopify, to make sure that you are comfortable with how they protect your customers’ personal data?

Third-party apps

The GDPR requires that you take a number of affirmative steps relating to your and your third-party service providers’ collection and use of personal data. This includes Shopify, but also any third-party apps that you might use in connection with your Shopify store.

Shopify has taken action to make it easier for you to understand what personal data the apps you install have access to.

Steps:

  1. From your Shopify admin, click Apps.

  2. Click View details on the app you want to review permissions for.

You can also review app permissions before you install an app on the install screen in the app store.

Additionally, there is a section of the app store for each app to link to a privacy policy that explains in more detail exactly what data app developers are collecting and how they are using it.

While Shopify wants to make it as easy as possible for you to assess the data practices of the apps you choose to install, it is up to you to ensure that you are using third-party apps in a way that complies with the GDPR.

Think about the following question:

  • Based on your location, your customers' locations, your app developers' locations, and your implementation of each app, are you using third-party apps in a way that complies with the GDPR? Consult with a lawyer if you have questions about whether a particular app’s data practices may require additional consideration or work on your part to ensure compliance with the GDPR.

International data transfers

The GDPR prohibits exporting the personal data of Europeans outside of Europe unless that information will be adequately tected.

Shopify protects personal data according to the requirements of the GDPR as it is transferred to and processed in the United States and Canada.

Shopify has set up its data flows to take care of these requirements for merchants. As described in Shopify's Privacy Policy, all European personal data is initially received from merchants and processed in Ireland by Shopify's Irish affiliate Shopify International Ltd. Shopify then transfers that data onward in compliance with the GDPR.

For more information about how personal data from the European Economic Area (EEA) and United Kingdom is received and processed by Shopify according to GDPR standards and information security best practices, see Shopify’s GDPR whitepaper (in English).

Think about the following question:

Have you ensured that other parties you transfer data to will transfer that data across international borders in a way that complies with the GDPR? You can do this by looking at the privacy policies of your third-party apps, channels, payment gateways, or other vendors, and seeing if they explain how they protect European data.

Download Shopify's GDPR whitepaper

For more information about how Shopify complies with the GDPR, and to make sure that you will be in a position to comply in relation to your use of Shopify, download Shopify's GDPR whitepaper document (in English).



特别声明:以上文章内容仅代表作者本人观点,不代表ESG跨境电商观点或立场。如有关于作品内容、版权或其它问题请于作品发表后的30日内与ESG跨境电商联系。

搜索 放大镜
韩国平台交流群
加入
韩国平台交流群
扫码进群
欧洲多平台交流群
加入
欧洲多平台交流群
扫码进群
官网询盘
加入
官网询盘
扫码进群
美国卖家交流群
加入
美国卖家交流群
扫码进群
ESG跨境专属福利分享群
加入
ESG跨境专属福利分享群
扫码进群
拉美电商交流群
加入
拉美电商交流群
扫码进群
亚马逊跨境增长交流群
加入
亚马逊跨境增长交流群
扫码进群
亚马逊跨境增长交流群
加入
亚马逊跨境增长交流群
扫码进群
拉美电商交流群
加入
拉美电商交流群
扫码进群
《TikTok综合运营手册》
《TikTok短视频运营手册》
《TikTok直播运营手册》
《TikTok全球趋势报告》
《韩国节日营销指南》
《开店大全-全球合集》
《开店大全-主流平台篇》
《开店大全-东南亚篇》
《CD平台自注册指南》
《开店大全-俄罗斯篇》
通过ESG入驻平台,您将解锁
绿色通道,更高的入驻成功率
专业1v1客户经理服务
运营实操指导
运营提效资源福利
平台官方专属优惠

立即登记,定期获得更多资讯

订阅
联系顾问

平台顾问

平台顾问 平台顾问

微信扫一扫
马上联系在线顾问

icon icon

小程序

微信小程序

ESG跨境小程序
手机入驻更便捷

icon icon

返回顶部