- Overview
- What is AmeriCommerce Doing in Response To GDPR?
- What are Merchant's Responsibilities in Response to GDPR?
- List Of Sub-Processors Used By AmeriCommerce
- Updated AmeriCommerce ToS
Overview
GDPR Stands for General Data Protection Regulation. GDPR is a set of laws passed by EU (European Union) to set forth requirements for entities that interact with personal data of EU citizens. Personal data is intentionally a broad categorization, defined as "any information relating to an identified or identifiable natural person". The main idea is that these regulations detail how organizations must handle such data and the rights of the people about whom the data is.
What Is AmeriCommerce Doing In Response To GDPR?
- We are continuing to maintain good data security practices in light of the stringent security standards that are applied to our organization given our PCI-DSS Level 1 Service Provider Classification. This process involves annual independent assessment for ensuring compliance as well as internal governance programs and procedures to ensure that we are maintaining adequate data security controls.
- We've updated our Terms of Service to clearly define the subject-matter and duration of the processing, the nature and purpose of the processing, and the type of personal data and categories of data subjects, as well as the obligations and rights of the controller, as well as to define the responsibilities of AmeriCommerce as it relates to sub-processors. These updated Terms Of Service will allow controllers to see what they are permitting AmeriCommerce to processor and if need be to terminate the service if they do not wish to permit such activities.
- AmeriCommerce provides a feature-full eCommerce platform; merchants should carefully consider whether their business practices cause them to be subject to GDPR as a data controller. Should you determine that you are subject to GDPR as a data controller, we believe AmeriCommerce provides you with the tools and capabilities to comply with the requirements outlined by the GDPR as it relates to data processed by AmeriCommerce on your behalf, including the erasure of data, access of data, and portability of data.
What Are Merchant's Responsibilities In Response To GDPR?
Merchants should carefully consider whether their business practices cause them to be subject to GDPR as a data controller. Should you determine that you are subject to GDPR as a data controller, we believe AmeriCommerce provides you with the tools and capabilities to comply with the requirements outlined by the GDPR as it relates to data processed by AmeriCommerce on your behalf, including the erasure of data, access of data, and portability of data.
List Of Sub-Processors Used By AmeriCommerce
This is a list of sub processors of personal data used by the AmeriCommerce Online Store application. Other sub-processors may apply depending on integrations and/or payment gateways you choose to enable on your store.
- Rackspace - datacenter hosting provider
- Amazon Web Services - secondary datacenter hosting provider
- Sendgrid - hosted email provider
- Cloudflare - provider for CDN, DNS routing and optimization
Updated AmeriCommerce ToS
We've updated our ToS in response to GDPR. The updated ToS can be read here: https://www.americommerce.com/tos.aspx. Users will also be prompted to accept the updated ToS when they login to their storefront.