Unifaun ♥ Textalk Webshop Partner

Appendix 1 to Personal Data Processing Agreement in Textalk Webshop

Information and instructions for webshop owners in Textalk Webshop

A. You agree that Textalk stores personal information about your customers

The following registry features in Textalk Webshop Administration store personal data: Orders, Customers, and Partners. In order for Textalk to fulfill its obligations to you as a shopkeeper, Textalk, on your behalf, and through your acceptance of this Personal Data Contract, will store personal information about your customers as long as you run a webshop in Textalk's system. You are responsible for updating, deleting or otherwise processing the information.

To use Textalk Webshop as a platform for your webshop / website, you agree that the following data about your customers is stored in Textalk's databases:

  • Registry Function: Customers
    •     
  • Own customer number
    •     
  • Customer Type (Private, Corporate Customer)
    •     
  • First Name
    •     
  • Surname
    •     
  • Company / organization
    •     
  • E-mail
    •     
  • National Insurance number. / org.nr
    •     
  • VAT number
    •     
  • Address (and shipping addresses)
    •     
  • Postcode (and postal code of shipping addresses)
    •     
  • Location (and city of delivery addresses)
    •     
  • Country (and Country of Delivery Addresses)
    •     
  • Phone
    •     
  • Username
    •     
  • Password
    •     
  • Want newsletters? Yes / No
    •     
  • Payment Method for Customer
    •     
  • Customer Membership
    •     
  • Store Notes
    •     
  • Date / time of creation and change of registry entry
    •     
  • Registry Function: Orders
    •     
  • Article
    •     
  • Article no.
    •     
  • Order no.
    •     
  • Price
    •     
  • Tax
    •     
  • Order value
    •     
  • Date / time
    •     
  • Cancelled (yes / no)
    •     
  • Customer's IP Number
    •     
  • Currency
    •     
  • Language
    •     
  • Users
    •     
  • E-mail
    •     
  • If applicable, person / number / VAT number
    •     
  • Customer Type (Business / Personal)
    •     
  • Payment Method
    •     
  • Delivery Status
    •     
  • Store Notes
    •     
  • Registry Function: Partner
    •     
  • Company / organization
    •     
  • First Name
    •     
  • Surname
    •     
  • E-mail

B. You are responsible for data that Textalk stores on your behalf

You are responsible for the update or removal of the above information. Features for exporting, updating or deleting customer data can be found in the Textalk Webshop admin. Contact Textalk Customer Service if you have questions or need help.

C. You are responsible for agreements with third parties

You are responsible for the signing personal data processing agreement with connected external systems (such as payment solutions, business and logistics systems). By using such external systems in Textalk Webshop, you are responsible for the data transferred to third parties.

D. Do not store any data in addition to the above in Textalk Webshop

Through the use of Textalk Webshop, you undertake not to store other customer data in Textalk's system than the list above.

E. You agree that Textalk uses the following subcontractors

You agree that Textalk uses the following external SaaS services as support for technical support, maintenance and administration. Textalk may change which external SaaS services are used and Textalk undertakes to notify you with at least 30 days notice if such change is forthcoming.

  • Intercom (customer communication, case management and analysis) https://docs.intercom.com/pricing-privacy-and-terms/data-protection/how-were-preparing-for-gdpr
  • Slack (Internal communication between staff at Textalk) https://slack.com/gdpr
  • Google Cloud https://www.google.com/intl/sv/cloud/security/gdpr/
  • Amazon Cloud https://aws.amazon.com/compliance/gdpr-center/

F. General advice to you as a webshopkeeper

Prepare: Employees within your organization shall be aware of and understand the General Data Protection Regulation. https://www.eugdpr.org/

Organize: Appoint a responsible person for the organization's data protection work.

Newsletter: If you want to send newsletters to your customers, the notification must be clear and voluntary to the customer. Inform in your webshop (for example at checkout) about the opportunity to sign up for the newsletter and the benefits of it. Your customer should be able to unsubscribe from your registry with recipients of newsletters, both in the email and in your webshop.

What data do you store?: Find out what legal grounds you have for processing your personal information in the organization (For example, name and address to deliver a product to a customer; the accounting law which requires you to save an invoice for 7 years [swedish legislation]). The new regulations entail several changes, and one that can have a great practical impact applies precisely to the basis for treatment. An important change in the processing of personal data in current text is that an exception found in PuL, the so-called abuse rule now disappears. This means, among other things, that you must now document the legal basis that provides support for processing personal data that is in current text and in other unstructured forms.

Document: The Data Protection Regulation requires that the personally responsible organization be able to demonstrate compliance with the rules and how to comply with the rules. This requires, in addition to the registry and impact assessments, that several analyzes are documented, such as risk analyzes of security measures.

Other suppliers: Make sure that agreements with your other suppliers have sufficient requirements for data protection measures. For example, such a data processing agreement with adherent instructions that are adapted to the Data Protection Ordinance.

Individual rights: Ensure that the data protection work undertaken in the organization is thrived by the focus of the registered individuals (your customers) rights. Make sure you have on-site routines to ensure that you can fulfill all the rights they have under the Data Protection Ordinance. Make sure that there is information on your website or other contact sites so that individuals can get information about the treatments that are being performed, the registered rights and how to exercise them. Always accept consent when processing personal data and documenting consent. Review and delete unstructured forms of communication with customers, such as mail and call records, if you do not need them to fulfill commitments to the customer. Never save information about people's health, ethnic origin, political opinion, union membership or other particularly sensitive info.

The most important rights for your customers

  • Upon request, access to their personal data.
  • Get incorrect personal information corrected.
  • Be able to get their personal data deleted.
  • Have the opportunity to object to the use of personal data for automated decision making and profiling.