shopify卖家任何使用GDPR任命数据保护官和处理数据-ESG跨境

shopify卖家任何使用GDPR任命数据保护官和处理数据

shopify新闻
shopify新闻
2022-03-28
点赞icon 0
查看icon 867

GDPR(尤其是第 12 至 14 条)要求您向您处理其数据的个人提供特定信息,通常采用隐私声明或隐私政策的形式。

隐私声明

GDPR(尤其是第 12 至 14 条)要求您向您处理其数据的个人提供特定信息,通常采用隐私声明或隐私政策的形式。

您可使用 Shopify 的隐私政策生成器来帮助您制定隐私政策。您可在“结账”或在线下的设置中找到它。

请考虑以下问题:

  • 您的网站上是否有隐私政策,其中包含您需要根据法规提供的所有信息?它是否至少包括客户如何就隐私问题与您联系,以及客户如何行使其权利(例如删除或更正(修改或更正)其数据的权利以及访问该数据的权利)的相关信息?

  • 您的隐私政策是否包括 Shopify 如何将您客户的个人数据用于自动的风险和欺诈评分?您(或您的服务提供商)将客户信息用于自动决策时,GDPR 要求您披露这些信息。Shofy 使用您客户的个人信息,通过自动决策阻止某些看似有欺诈性质的交易。Shopify 的隐私政策生成器包含此信息。有关此系统的详细信息,请参阅自动决策

任命数据保护官

数据保护官 (DPO) 监督组织收集和处理个人数据的方式。如果公司的核心活动涉及大规模的在线跟踪,则 GDPR 要求您任命 DPO 并在隐私政策中提供 DPO 的联系信息。

GDPR 包括 DPO 需要完成的特定任务,例如,在您的组织更改其收集和处理个人数据的方式时,进行数据保护影响评估。DPO 可以由在 GDPR 和保护要求方面具有专业知识的内部人员担任,但您也可考虑与顾问或公司合作,由他们担任外部 DPO。

考虑以下问题:

  • 有多少人受到您店面跟踪技术的影响?这些可能包括行为广告应用,甚至重定向应用。受影响的人数是否为“大规模”是一项法律决策,您应根据您的具体情况咨询律师。

  • 您应主动任命 DPO 吗?即使法律上不要求您指定 DPO,如果您在欧洲占据举足轻重的地位,您可能希望主动这样做以确保您充分保护客户的数据。

数据处理协议

作为 GDPR 适用的数据控制方,第 28 条要求您在通过数据处理方(如 Shopify)处理客户数据时,您应对其可能使用和处理该数据的方式规定严格的协议要求。这通常通过数据处理附录或 (DPA) 完成。

Shopify 已自动将数据处理协议 (https://www.shopify.com/legal/dpa) 纳入服务条款,从而满足第 28 条要求。

对于 Shopify Plus 商家,他们与 Shopify 之间的关系将由他们的协商合同决定。Shopify Plus 商家可签署数据处理附录以满足他们的需求。未签署数据处理附录的 Shopify Plus 商家将受 Shopify 在线数据处理附录的监管。

考虑以下问题:

  • 您在 Shopify 外部使用的其他数据处理者是否依照协议承诺保护您客户的数据?许多第三方应用、渠道、支付网关或其他数据处理者也会自动将数据处理协议纳入他们的条款中。您是否就这些事宜咨询过这些第三方?

  • 您是具有协商合同的 Shopify Plus 商家吗?如果您想签署数据处理附录,请联系 Plus 客服。他们可以为您提供 Shopify 的模板 DPA 以进行签署。

Privacy notice

The GDPR (and particularly Articles 12 to 14) requires that you provide specific information to individuals whose data you are processing, generally in the form of a privacy notice or privacy policy.

You can use Shopify's privacy policy generator to get you started. You can find it in your settings under Checkout or online.

Think about the following question:

  • Do you have a privacy policy on your site that includes all of the information that you are required to provide under the regulation? At minimum, does it include how customers can get in contact with you about privacy questions and how customers can exercise their rights, for example the rights to erasure (deletion) or rectification (modification or correction) of their data and the right to access it?

  • Does your privacy policy include how Shopify may use your customers' personal data for automated risk and fraud scoring? The GDPR requires you to disclose when you (or your service providers) use their information in connection with automated decision-making. Shopify uses your customers’ personal information to block rtain transactions that appear to be fraudulent through automated decision-making. Shopify's Privacy Policy Generator includes this information. For more information about this system, see Automated decision-making.

Appointing a Data Protection Officer

A Data Protection Officer (DPO) oversees how your organization collects and processes personal data. If your business’s core activities include large scale online tracking, the GDPR requires that you appoint a DPO and provide contact information for the DPO in your Privacy Policy.

The GDPR includes specific tasks that a DPO needs to do, such as conducting data protection impact assessments when your organization changes how it collects and processes personal data. The DPO can be an internal person who has expertise in the GDPR and data protection requirements, but you can also consider working with an consultant or firm to serve as an external DPO.

Think about the following questions:

  • How many people are affected by tracking technologies on your storefront? These can include behavioral advertising apps, or even retargeting apps. Whether or not the number of people affected is “large scale” is a legal decision, and you should consult with a lawyer depending on your circumstances.

  • Should you voluntarily appoint a DPO? Even if you are not legally required to appoint a DPO, if your presence in Europe is large enough, you may Wish to do so voluntarily to make sure that you adequately protect your customers’ data.

Data processing agreements

As a data controller under the GDPR, Article 28 requires that when you engage a data processor (like Shopify) to cess your customers’ data, you impose strict contractual requirements on how they may use and process that data. This is typically done through a Data Processing Addendum, or DPA.

Shopify has automatically incorporated a Data Processing Agreement (https://www.shopify.com/legal/dpa) into its terms of service, which is designed to address the requirements of Article 28.

For Shopify Plus merchants, their negotiated contracts will govern their relationship with Shopify. Plus Merchants can sign a Data Processing Addendum to address their needs. Shopify Plus merchants who do not sign a Data Processing Addendum will be governed by Shopify’s online Data Processing Addendum.

Think about the following questions:

  • Are other data processors that you work with outside of Shopify contractually committed to protecting your customers’ data? Many third-party apps, channels, payment gateways, or other data processors will also automatically incorporate a Data Processing Agreement into their terms. Have you consulted with each of these third-parties?

  • Are you a Shopify Plus merchant with a negotiated contract? If you want to sign a Data Processing Addendum, then reach out to Shopify Plus Support. They can provide you with Shopify's template DPA to sign.



特别声明:以上文章内容仅代表作者本人观点,不代表ESG跨境电商观点或立场。如有关于作品内容、版权或其它问题请于作品发表后的30日内与ESG跨境电商联系。

搜索 放大镜
韩国平台交流群
加入
韩国平台交流群
扫码进群
欧洲多平台交流群
加入
欧洲多平台交流群
扫码进群
美国卖家交流群
加入
美国卖家交流群
扫码进群
ESG跨境专属福利分享群
加入
ESG跨境专属福利分享群
扫码进群
拉美电商交流群
加入
拉美电商交流群
扫码进群
亚马逊跨境增长交流群
加入
亚马逊跨境增长交流群
扫码进群
亚马逊跨境增长交流群
加入
亚马逊跨境增长交流群
扫码进群
拉美电商交流群
加入
拉美电商交流群
扫码进群
《TikTok综合运营手册》
《TikTok短视频运营手册》
《TikTok直播运营手册》
《TikTok全球趋势报告》
《韩国节日营销指南》
《开店大全-全球合集》
《开店大全-主流平台篇》
《开店大全-东南亚篇》
《CD平台自注册指南》
《开店大全-俄罗斯篇》
通过ESG入驻平台,您将解锁
绿色通道,更高的入驻成功率
专业1v1客户经理服务
运营实操指导
运营提效资源福利
平台官方专属优惠

立即登记,定期获得更多资讯

订阅
联系顾问

平台顾问

平台顾问 平台顾问

微信扫一扫
马上联系在线顾问

icon icon

小程序

微信小程序

ESG跨境小程序
手机入驻更便捷

icon icon

返回顶部