Skip to main content

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR), effective since May 25, 2018, significantly impacts how businesses handle customer data. Cleverbridge, being committed to data protection, implemented key changes for GDPR compliance:

  1. Transitioned to secure-only channels (SFTP, HTTPS, or encrypted email) for data transfers, enhancing security for order notifications. For details, see Manage Notifications.

  2. De-personalized customer IP addresses in notifications and key generation calls (for example, the last number of the IP address is always replaced by .0). We also limited the transfer of specific Personally Identifiable Information (PII) to clients.

note

These measures align with GDPR stipulations, ensuring the transfer of only essential personal information during a purchase. According to GDPR guidelines, complete IP addresses fall under PII. Nevertheless, retaining the remaining numbers of an IP address remains valuable for standard analytics functions, such as determining geographic location.

  1. Configured transfers of PII data on a per-client or per-product basis, ensuring only necessary PII is shared.

  2. Reviewed tracking and analytics tools for GDPR compliance, aligning with strict regulations on user information collection.

note

The GDPR demands in this domain closely align with the already robust requirements of existing German law, and, as a Germany-based company, Cleverbridge has adhered to the latter since our establishment. Striking the optimal balance between your requirements and regulatory obligations will be a continuous effort.

  1. Adjusted language in the Customer Privacy Policy and Terms & Conditions to align with GDPR requirements.

Although GDPR is a permanent regulation, you can rely on our Compliance Team to ensure a fully compliant e-commerce experience. Note that once a customer completes an order and you receive our notifications, you become a data owner and are responsible for managing customer information with the same level of care and scrutiny.

For inquiries on GDPR compliance, contact Client Experience.


Did you find this doc useful?