Webgility GDPR F.A.Q.

What is GDPR?

The General Data Protection Regulation launch date of May 25th, 2018 comes after six years of revision since the European Union started drafting the legislation in 2012. The EU GDPR seeks to increase the data security, anonymity and right to erasure of European Union citizens, and is a landmark update to data security replacing the decade old Data Protection Directive. GDPR guidelines for data processors and controllers intend to make data security regulations more relevant, all-encompassing, and understandable for those they affect.

What does the GDPR change mean for Webgility and your data?

The protection of data under GDPR affects businesses that operate within the European Union as well as businesses that service customers that are citizens of the European Union. Webgility acts as a processor of data under GDPR guidelines, passing data that is originated and has its purpose dictated by a controller. Webgility’s objective as a processor of data is to assure that:

• User’s data travels through our systems securely and within the data controller’s specifications while utilizing the service.
• Any breach of security of any type that could jeopardize a user’s private data is reported immediately when detected.
• A user understands what private and secure data they are using within the Webgility system and their rights to both "soft" and "hard" erasure of that data.

This doesn’t change the way we have processed your data, or the rights users have always had with Webgility, but standardizes the way we talk about security.

What data does Webgility process?

As a processor of data, Webgility is very transparent with data we use and how we use it. All data entered by the user to complete actions like connecting a store, or data we download from controllers, like order details, are visible and strictly accessible within that user’s account. The removal or request to remove this data by a user can come in two forms, either a "Soft" delete or a "Hard" delete.

Note that because Webgility is a processor of data and not a controller of data, inquires into the data made available to Webgility by connected controllers is within the sphere of influence of the controller and must be brought to the controller’s attention to make modifications. Essentially, as a processor, Webgility only has access to data permitted by the controllers of the data source, and any questions or actions pertaining to allowing the transmission of that data are to be decided by the user and the controller, the processor then abides by the decision.

Data Erasure - "Soft" vs. "Hard" deletion

A soft delete in context of Webgility’s software and service can be defined as:

• Removal of access to data visibly within our systems and software. This includes administrator and user access to any personal secure data through any user interface of our software or connected systems.
• A soft delete leaves residual data in our database, only accessible in limited circumstances to internal engineers.

A hard delete, permanent deletion, complete erasure can be contextually defined as:

• A request from a user to have any and all residual data removed from all Webgility databases and connected systems.
• Data purged in a hard delete is unrecoverable and allows the user to be "forgotten" completely by Webgility.

Examples of user actions that cause a soft delete and the data removed by those actions includes:

• Disconnecting a sales channel, shipping tool, payment processor, inventory system, or other third-party data source - removes any credentials, order and item data, customer data, API Keys, and records used to connect with or downloaded from that service.
• Disconnecting an accounting system - removes credentials / tokens used to connect, accounts, items, links to transactions and their data, customer records, and all historic data processed by Webgility to that system.
• Deleting, deactivating or changing a desktop user in your customer portal - invalidates and removes that add-on users credentials and all historic usage from that user within the software.

Hard deletion or complete erasure happens in two specific cases:

• Inactive, expired users who have ceased responding to communication may be purged from the database during routine maintenance.
• A user can request at any time for any reason to have specific records or all records permanently purged from the database. Inquiries for this action can be made through our website at www.webgility.com or by calling (877) 753-5373.

Webgility upholds data security and rights as a core value in establishing a transparent relationship with users. Please reach out to us with any questions about GDPR or other data security in our systems.