The system maintains the information provided by the merchant about themselves, their business, about the configured shops, shop theme and styling settings, the payment methods they wish to use to accept payments from customers, sales tax/VAT settings, delivery/shipping configuration, coupon and voucher configuration, product categorisation configuration, discount settings, information about the products themselves and other such configuration information and settings supported by the E-Commerce Platform.
This information is needed by the platform to offer the e-commerce facility to the merchant so that the merchant can trade online.
Order Data
The system maintains the information collected during the shopping and checkout processes. This information includes, inter alia, when the order was created, the customer's name, contact details and IP address, the shipping/delivery contact details and addressing information, the details of the goods ordered, coupons and vouchers used, and the payment method used which may include payment transactional information. Where the customer pays with a card, we do not store the payment card number or security code - these are sent directly from their browser to our payment processor partners over an encrypted channel.
This information is needed so that the merchant can prepare the order and arrange for the ordered items to be delivered to the customer. The information is also needed so that the merchant can perform financial reconciliations, financial reporting and tax filing. This class of data is subject to minimum retention periods as specified by the tax authorites.
We may also process information collected from online shop visitors, which may include automated processing and decision making, to improve the shopping experience for the end users, to improve the features and quality of the platform software, and to detect and prevent fraudlent or potentially fraudulant activity.
Newsletter Subscribers
The System offers a newsletter facility to merchants, enabling them to send information to customers and those who sign up to receive such newsletters. The subscriber provides their name and an e-mail address in order to join the subscription list. This uses a double-opt-in process, whereby the subscriber must perform the second step of confirming receipt of an e-mail sent to them seeking their approval to join the list and which contains a coded web link (URL) which they need to follow. This confirms to our system that they control the e-mail address to which they wish the newsletters to be sent. The system appends an unsubscribe link to the newsletter which enables the subscriber to easily remove their name and e-mail address from the newsletter list.
Control of Personal Data held by the E-Commerce Platform
The Merchants and Vendexo jointly control the personal data held on the platform. The platform offers a web-accessible (via https which encrypts transmissions) to the Merchants so that the Merchants can perform the administrative functions associated with running the online shops.
The Merchants have responsibilites, under law and applicable data protection regulations, to uphold the rights and freedoms of the people whose personal data is retained by the E-Commerce Platform. Merchants must familiarise themselves with these laws and regulations and operate accordingly. They must grant to the people whose personal data they keep on the E-Commerce Platform, the rights which they have under these laws and regulations, including access to their data, rectification of errors in their personal data, and erasure of their personal data (excluding classes of personal data subject to a minimum retention period by law).
The E-Commerce Platform offers a facility for Merchants to make their own privacy policies and terms and conditions available to visitors to their online shop. Merchants must ensure that such privacy policies meet the requirements of data protection laws and regulations, must state the type and classes of personal data which the Merchant collects and processes, and the rights which people have to access, rectify and erase their personal data. The policy must also state that in order to provide the service, and for the legitimate interests of Vendexo, that their personal data will be processed by Vendexo and its agents.
The Merchants are the point of contact for their online customers who may have queries related to shopping on their online shops, their orders, delivery, returns etc. including queries related to personal data processing.
General Privacy Policy
In essence: we collect such information about our clients that we need in order to deliver a high class service. We respect your privacy and will use use it responsibly.
Types of Retained Data
This site retains your name and contact details which you provide when you sign up for an account on our system.
We keep navigational data about website visits and pages viewed in order to assist it with ongoing website enhancement. This can include non-personally identifyable information such as the visitor's web browser type and version, IP address and time of visit.
If registering as a business user to use some of business services, we also collect information about your business.
If you are using our services because you are a customer of a merchant using our e-commerce platform, we collect the information required to enable the merchant to fulfill any orders you place using that platform. This includes the billing and shipping details, the specifics of the items ordered and the payment method used and certain transactional information related to online payments.
Cookies
Cookies are small pieces of information stored on your computer via your web browser. This website uses 'cookies' for the following purposes:
in order to be able to conduct our visitors through the various functions of the website. They are functionally necessary for our software to connect one exchange between the web browser and the server with the next. They are essentially unique identifiers assigned to each visitor, so that the server can know that you have logged in, and not confuse your requests with those of other users. These cookies do not contain any personally identifyable data.
Referrals: In cases where our Affiliate Platform is used by our affiliate partners, our system will set cookies which identify referral records on our system when visitors click on affiliate links or advertisements using affiliate links. These referral records are used by the Affiliate Platform to identify which affiliate partner referred the visitor to the particular advertiser's website, when the referral occurred, the visitor's IP address and device type used.
Analytics: These cookies are used to help us analyse the performance of our website, to identify landing pages, popular pages, unpopular pages etc. We may use the services and software of third parties to do this, which can involve them setting third party cookies.
Social media links: Our website includes various social media sharing links and icons to encourage visitors to share links to our web pages on their social media accounts. Such links may also use third party cookies as part of this sharing feature. By visiting a web page containing such links, you accept that this may disclose to the social media websites the identify of the web page you are visiting.
Disclosure
Vendexo will not trade, rent or sell the data mentioned above to other parties. It may disclose certain information to third parties or agents which it may use to assist it with the provision of services, such as order fulfullment, payment processing, web traffic and data analysis, e-mail administration, customer support and customer surveys. In such an event, if personally identifyable information is disclosed, it will require that the other party has a Privacy Policy which adequately safeguards that data shared with it, and which is compliant with the statutary laws and regulations which this Policy operates under.
If required by law, or based on our judgement, if necessary to comply with the law, or to protect our users, our infrastructure, our servers, our websites, our business, our staff, our agents and partners, or the public, we may disclose specific information that we hold to the relevant authorities.
Lawfulness of Processing
The legal bases for the processing of personal data are outlined below.
Consent
When you sign up to use our services, you give us consent to process your personal data in order to provide you with those services. You have the right to withdraw your consent at any time. By so doing, we will cease to process your personal data and will be unable to provide you with the ability to use our services. We may still have to retain certain parts of your personal data depending on our legal obligations. See data retention for more.
For the Fulfilment of a Service
Where we undertake to provide a service to you, we will process the necessary personal data in order to deliver on that undertaking.
To Pursue Legitimate Interests
This basis covers the processing of personal data by us and any appointed agents for our own legitimate interests. For example:
Designing and developing new products and services for our users.
Improving and maintaining existing products and services.
Informing our users about our services.
Seeking feedback on our products and services.
Providing advertising and marketing information to our users.
To detect and investigate incidences of fraud, security violations or attempts to violate security or seek unauthorised access to, modification of, erasure of, theft of data, software, intellectual property, or attempts to make denial of service attacks on our systems or business processes.
To assist with the investigation of violations of Terms and Conditions of service or to support legal actions or claims.
To fulfill our obligations with regard to partners or agents.
To protect the interests of our other users, staff or members of the public.
To conduct research which could lead to improved services or which is in the public interest.
We may employ automated decision making techniques, data analysis and profiling to support our decision making. This may involve sharing information with third parties (disclosure) who provide a service to us.
To Comply with Legal Obligations
We process personal data when it is necessary by law to do so. For example, when we are required to file financial reports with the relevant authorities or if we receive a legally binding order.
Data Retention
The length of time for which we retain personal data is either the time for which we are providing the service which requires that data or the time for which we are legally obliged to retain it, whichever is the greater. Notwithstanding this, we may retain personal data after the associated service has ceased in cases where it relates to investigations or legal actions concerning fraud or security violations.
Personal data deleted from our online systems may also exist in backup archives for a period of up to 180 days.
Anonymous or anonymized information may be retained for indefinite periods in order to help us maintain the integrity and security of our systems and to improve our services.
Your Rights
Access to and Update/Correction of Personal Data
If you are a registed user (have an account on our computer system), you can access to the personal data which we keep by signing into your account online. This access enables you to make updates should that information be inaccurate or out of date.
Privacy controls also enable you to view the applications to which you have granted certain access rights, and you may revoke such access if you choose.
You have the right to request that your online account be closed, and, if you wish, for your personal data to be erased. Click the "Contact us" link on our website to find out how to get in touch. Please note that we may not be able to erase all of your personal data where have legal obligations to retain it for a certain period of time.
You have the right to receive the personal data you provided to us in a portable format
You have the right to object to our processing your personal data for the purpose of direct marketing to you.
You have the right, under certain circumstances, to request restrictions on the processing we do with your personal data. Such restriction may limit or prevent us from providing certain services to you.
You have the right to lodge a personal data related complaint with the Office of the Data Protection Commissioner in Ireland where you feel your rights under data protection regulations and legislation are not being upheld by us. You should, in the first instance, contact us to seek the have the matter resolved.
