1. Introduction to GDPR and CNXION's Commitment
A. Overview of GDPR
The General Data Protection Regulation, or GDPR, is a law designed to protect the privacy and data of all individuals within the European Union. It regulates the transfer of personal data outside the EU with the primary aim of empowering citizens and residents with control over their personal data.
B. CNXION's Compliance Commitment
As of May 2018, the GDPR regulation has been in effect, meaning that CNXION, as well as you, the marketplace administrators, need to take into account certain legal aspects to ensure compliance. Rest assured, CNXION is fully committed to maintaining GDPR compliance.
2. Understanding GDPR: Key Principles and CNXION's Approach
A. Data Protection Principles
The GDPR has brought about a more precise set of privacy-related regulations, necessitating businesses to be more cautious.
B. CNXION's Approach to Data Protection
CNXION has revised its terms of service to comply with GDPR. We also provide a distinct Data Protection Agreement (DPA) ensuring that you, as the marketplace admin, have a transparent contract which affirms that your service provider (CNXION) adheres to GDPR standards.
3. CNXION’s Data Processing Agreement (DPA)
A. Purpose of DPA
The DPA is a critical document that outlines how data protection is handled, ensuring that all parties involved, including CNXION and third-party service providers, are in compliance with GDPR.
B. How CNXION's DPA Ensures GDPR Compliance
CNXION has DPAs in place with our third-party service providers to guarantee that all parties involved are in compliance with GDPR and that the appropriate steps for user data protection are in place.
4. GDPR-Compliant Third-Party Services at CNXION
A. List of Third-Party Services Employed by CNXION
CNXION utilizes services from various third-party providers to deliver a seamless experience to its users. You can find the comprehensive list on our website.
B. GDPR Compliance of Third-Party Services
All our third-party service providers are GDPR-compliant, meaning that they also adhere to the regulations regarding data protection and privacy.
5. Data Control and User Rights
A. User Control over Data at CNXION
As a marketplace admin, you must be able to provide your users with the rights required by GDPR, which include the ability to view, correct, and request the deletion or anonymization of their data.
B. Exercising User Rights Under GDPR
Users have the right to delete their data by logging into their account and removing their profile via account settings. While identifiable data is deleted, some content may remain, such as transaction-related messages that might include critical details necessary for the other transaction parties.
6. Data Hosting and Storage
A. Digital Ocean
CNXION utilizes Digital Ocean, a trusted and renowned cloud hosting platform. Our data is stored in Digital Ocean's data centers, ensuring global accessibility and reliability. Importantly, we've signed a Data Protection Agreement (DPA) with Digital Ocean that aligns with current EU requirements. This agreement certifies that our data storage partner, even outside the EU, is trusted and adheres to stringent data protection standards.
B. Data Access and Security
The data stored on Digital Ocean is held in a PostgreSQL database. Access to this data is strictly limited to CNXION employees who require it for their roles. User data is also stored in ElasticSearch Indexes. We take additional precautions with sensitive data. For instance, user passwords are stored only in encrypted format. Additionally, credit card details are not stored on our servers but are kept solely with payment provider services that specialize in handling such sensitive data. These measures demonstrate our commitment to maintaining the highest standards of data security.
7. Steps for Marketplace Administrators to Ensure GDPR Compliance
A. User Consent Management
Consent is a key aspect of GDPR. When users register for your marketplace, they must explicitly consent to receive occasional messages from you.
B. Data Access and Deletion Requests
GDPR grants users the right to request a full database export at any time to review what is stored and share parts of that data if necessary.
C. Privacy Policy and Terms of Use Updates
It's a good idea to update your Terms of Use and Privacy policy to ensure that they are GDPR compliant. It's also advisable to mention CNXION as one of the services used in your project since members' data is stored at CNXION.
8. Data Breach Response
A. Our Commitment
At CNXION, we understand the seriousness of data breaches and their potential impact on user privacy and security. We are committed to maintaining robust defence systems and response plans to manage any such incidents effectively.
B. Proactive Measures
We continuously monitor our systems for any unusual activities and take proactive measures to prevent potential data breaches. Our advanced security infrastructure, combined with stringent access controls and encryption techniques, help us protect your data from unauthorised access.
C. Incident Response Plan
In the unfortunate event of a data breach, we have an Incident Response Plan in place. This plan includes immediate investigation of the breach, containment of the incident, and assessment of the impact. We will also take necessary corrective actions to prevent the recurrence of such an incident.
D. Notification Procedures
As part of our commitment to transparency and in compliance with GDPR, we will notify affected users and relevant authorities of any data breaches without undue delay and within the time frame set by law. The notification will include details about the nature of the breach, the data involved, potential consequences, and the measures taken to address the breach.
E. Continuous Improvement
Post-incident, we will conduct a thorough analysis to understand the root cause of the breach. The insights gained from this analysis will be used to further strengthen our security measures and prevent similar incidents in the future.
Your trust is our top priority, and we are dedicated to upholding the highest standards of data security and privacy.
9. Contact and Support
A. GDPR-related Inquiries
If you have any questions or concerns about GDPR compliance, don't hesitate to reach out to us. CNXION is committed to simplifying the task of managing a marketplace for you and also assists in fulfilling GDPR requirements on our end.
B. CNXION Support
Our support team is ready to help with any GDPR-related issues. For instance, if you need to confirm with your marketplace members who registered before May 25, 2018, that they still agree to receive emails from you, contact CNXION support and share the email you wish to send, asking them to adjust their user settings to confirm their consent.
10. Legal Assistance
A. Legal Expert Consultation
Although CNXION can't assist with updating your terms, it's crucial to consult with a legal expert in your area. They can provide accurate and comprehensive advice on GDPR and how it affects your marketplace.
11. Essential Resources
A. CNXION's Legal Documents
For your convenience, here are the links to CNXION's Terms & Conditions, Privacy Policy, DPA, and list of third parties used:
- CNXION's Terms & Conditions - https://wearecnxion.com/terms-and-conditions
- CNXION's Privacy Policy - https://wearecnxion.com/privacy-policy
- CNXION's DPA - https://wearecnxion.com/dpa
- CNXION's list of third parties used - https://wearecnxion.com/third-party-services
12. Conclusion: Embracing GDPR at Your Marketplace
A. Importance of GDPR Compliance
GDPR compliance is not just about following regulations. It's about enhancing privacy and user experience, which is beneficial regardless of whether you have visitors and members from the European Union or not.
B. CNXION's Continued Support
CNXION is here to assist you in navigating the GDPR landscape, ensuring the protection of your users' data and your marketplace's compliance with the regulations. We are continuously updating our practices and processes to maintain the highest standards of data protection.