PRIVACY & DATA PROTECTION POLICY


Custom Gateway respects the privacy of all our customers and the data they store on our software platforms. We are dedicated to protect both your privacy and the security of your data by ensuring that we only collect the information from you that we require to provide the requested service and conform to the highest security standards. In doing this we work within the guidelines of the Data Protection Act 1998 and the updated General Data Protection Regulations (GDPR) 2018

This policy explains our role as both a  

  1. Data Processor – of your company data
  2. Data Controller – of your business data used on our software platform

When we collect data as a Data Processor

  • When you place an order with us either through our sales, administration or accounts staff, from our websites or by email.
  • When you register with us to receive information about promotions, subscribe to our newsletters or enter competitions.
  • When you provide us with feedback.

What date we collect as a Data Processor
The information that we collect from you in order to provide you the level of service that you require is:

  • Your staff contact names
  • Your company address
  • Your staff email addresses
  • Your phone numbers

No Credit/Debit card information is held by us as payments are collected and encrypted by a third party payment provider. The third party provider is regulated and under strict criteria and obligation to keep your personal data secure. Please email us if you require further information regarding this

What we do with the information we gather

  • Fulfil the subscriptions / purchases you have made.
  • Respond to requests we receive from you. This may be in the form of a price quotation, invoice, customer complaint, a regular newsletter, periodic product information notices or ad-hoc special offers.
  • Address experiences, both positive and negative that you may have with our products and service.
  • Learn from your experiences and understand expectations. This helps us to improve the levels of service we offer and identify the standards required to provide the highest possible levels of service. We may monitor and/or record telephone conversations to ensure consistent customer service levels and for the purpose of staff training.
  • Help save your time by eliminating the need to repeat or re-enter information when ordering online, by telephone or when visiting our websites
  • Use your information to contact you for market research purposes. We may contact you by email, phone or mail..

Controlling your personal information
Any personal information provided to or gathered by Custom gateway Ltd is controlled solely by Custom Gateway Ltd and its trusted employees

You may choose to restrict the collection or use of your personal information in the following ways

  • if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at {{config path=”trans_email/ident_general/email”}}
  • We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
  • You may request details of personal information which we hold about you If you would like a copy of the information held on you please write to support@custom-gateway.zendesk.com
  • If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.

 

Who Has Access To Your Information?

  • Our staff only – your data is secure and available only to the authorised individual within Custom Gateway Ltd by use of unique login identification.
  • We will not disclose client information to any third party unless it is required and covered by law.

Deleting Information:

You can request to delete any information we hold on your company by contacting Custom Gateway by email support@custom-gateway.zendesk.com and asking for the information we have recorded to be removed from our records.

Our Security Policies
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

Full Details on our Security Policies can be found on our Knowledgebase

 

Where We Host Data & Images

All personal data for our European Customers is hosted on dedicated virtual servers at our data centre located in Manchester, England and managed by UK Fast https://www.ukfast.co.uk/colocation-data-centres-manchester.html

All images and artwork files are stored on Amazon S3 Servers which are located in London & Ireland https://aws.amazon.com/about-aws/global-infrastructure/ . There is no personal data stored with images other than an encrypted reference number

Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Our Role as Data Controller

These are our policies relating to the use of our software to create and process orders for personalised and on demand products where we act as a data processor.  

  1. We will provide a software platform to help enable you to comply with the GDPR and any other applicable data protection laws in force. Please see our blog for more guidance       
  2.  We will acquire no rights or interest in the data and that you or any authorised third party store in our software
  3. We will not transfer or share the Data with any other organisation or individual without our prior written consent other than via any requested integrations with Gateway OMS to manage your order fulfilment such as shipping software
  4. Ensure that all our staff who have access to your data in Gateway OMS f is subject to confidentiality obligations in respect of your data
  5. Implement appropriate technical, organisational and practical measures to ensure that your data is secure from accidental or unlawful destruction, loss, alteration, disclosure or access
  6. Provide processes and tools to ensure you keep data only for so long as is necessary and are then able to permanently destroy all copies of the data
  7. We will provide tools so that you are able to respond to consumers exercising their rights, which include access, erasure, rectification and restriction of processing.
  8. Provide reasonable assistance with any data protection impact assessments if relevant to the Purpose.
  9. Agree to notify you In the event that your data Is accidentally, or without our prior authorisation lost, altered, shared, disclosed or given access to. We will notify you in writing (by email) as soon as we become aware that this has happened and in any event within 24 hours. Your notification will include the information required by the Information Gornmissioneds Office Is set out in their breach notification form available on their website at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/personal-data-breaches/
  10. We agree that we will provide you with information that you reasonably request to show that our software is secure and if necessary, agree to an audit of our security compliance
  11. Our software platform uses the following secure hosting providers as sub processors for your data. UK Fast & Amazon Web Services. Further details available on request  
  12. Our responsibility under the GDPR is to ensure your data is secure and that we provide you a range of tools and services to aid your compliance

Example Data Processing Contract

More Details on GDPR Policies