Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Certification and Compliance

            Created by POP UP SHOPS Helpdesk, Modified on Wed, 15 Oct at 1:26 PM by POP UP SHOPS Helpdesk

            General Data Protection Regulation (GDRP)

            We are compliant with the GDRP and other relevant regulations. Our compliance with the GDRP means that we follow legal practices in data processing, apply required measures for data security, adhere to the data subject rights, and remain accountable for protecting your data with us.


            Our compliance with the GDPR means that we strictly implement the following measures:

            • Lawful Basis for Processing: We process personal data based on consent, contract performance, legal obligation, vital interests, public task, or legitimate interests.
            • Data Subject Rights: We ensure that our customers have the right to access their data, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object, and the right not to be subject to automated decision-making.
            • Transparency and Consent: We ensure that we are transparent about customers’ data processing activities. This means that consent must be obtained.
            • Data Minimization and Purpose Limitation: We collect and process personal data that is necessary for the specified purposes.
            • Personal Data Security: Implement appropriate technical and organizational measures to ensure the security of personal data, protecting it against unauthorized access, loss, or damage.
            • Data Breach Notification: In the event of a data breach, we notify the relevant authorities based on the agreed timeline. We also inform impacted stakeholders when the breach poses a high risk to their rights.
            • Data Protection Officer (DPO): We appoint a DPO to organize, oversee, and conduct all compliance efforts. 
            • Data Protection Impact Assessments (DPIAs): We conduct DPIAs for high-risk processing activities to mitigate potential risks.
            • Third-Party Processors: We ensure that our third-party processors handling customer data on our behalf must comply with GDPR requirements through contractual agreements.


            ISO-27001 Certification

            We are currently in the process of getting certified in ISO-27001 or Information Security Management Systems. Our efforts to get certified means that we manage and protect customer data based on international standards.


            Ongoing efforts to get certified mean that we strictly implement the following measures:

            • Continuous Improvement: We continuously monitor and improve our Information Security Management Systems or ISMS to ensure ongoing compliance.
            • Internal Audits: We conduct regular internal audits to check compliance with the ISMS and identify areas for improvement.
            • Management Reviews: We conduct management reviews of the information security measures in place to ensure they remain effective.
            • Training and Awareness: We train our internal and external stakeholders on the importance of information security and their roles in maintaining our compliance.
            • Demonstrated Commitment to Security: We implement and regularly review our information security measures to mitigate risks.
            • Structured Approach to Risk Management: We implement thorough risk assessments and structured controls to address the risks. This ensures that we are proactive in securing sensitive data.


            List of Subprocessors

            This section provides a list of our subprocessors and their respective industries. A subprocessor is our third-party partners that help us to collect, process, and secure your data.


            • Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg – for Hosting.
            • Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA – for Hosting.
            • Datatrans Ltd., Kreuzbühlstrasse 26, 8008 Zürich, Switzerland – for Payment Processing.
            • Customer.io (Peaberry Software, Inc.), 9450 SW Gemini Dr, Ste 43920, Beaverton, Oregon, 97008, USA – for User Communication.
            • Segment.io, Inc., 100 California Street, 7th Floor, San Francisco, CA 94111, USA – for User Analytics.
              Stripe, Inc., 354 Oyster Point Blvd, South San Francisco, California 94080, USA – for Payment Processing.
            • Close.com, PO Box 7775 #69574 San Francisco, CA 94120-777, USA – for User Communication.
            • Sendgrid, 1801 California St. Denver, Colorado 80202, USA – for E-mail Communication.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0