Data Privacy and Compliance Guidelines

When working with Order Data you should always consider impact of how you implement it in your application on data privacy and compliance. After having helped fortune500 companies implement order data into their applications around various use-cases from lowly regulated industries to highly regulated industries like financials services, Itembase has put together a set of documents and guidelines that could be considered best-practice. These Guidelines can be used when designing your privacy and compliance flows and impact assesments with your legal team or counsel.

Data Privacy

The Itembase iPaaS was designed and built on the principles of GDPR, CCPA and other of the strictest data privacy regulations with a overall guiding line that in the future data will belong to the orginal owner, who will need to give a consent to the processing of any personal data. Hence the Itembase iPaaS does not claim ownership, nor retain access to data going further than the scope mandated in a data processing agreement and mandates that it’s clients undergoes regular compliance assesments.

Read the “Itembase Global Data Privacy Summary for Solution Providers” here >>

There are 3 main ways an Itembase Customer implements the use of Commerce Data (mainly order data) in it’s legal Documentation Flows in its apps, which we will summarize in the following.

Click through the Flow Chart here to understand the different Data Privacy Flows that you could consider when implementing Commerce Data in your Application or Service >>>

1. Data Processing Agreement

The User signs Terms, Privacy Agreement and Consumer Opt-In (if consumer is target) or Data Processing Agreement (if Merchant is target) with the Solution Provider (you).

You sign a Data Processing Agreement with Itembase that you ensure fits the scope of your Data Processing Agreement or Consumer Opt-In that request Itembase to process the data in scope (and only that) on your behalf.

Image1: Data implemented in Merchant Application.

Image2: Data implemented in Consumer Application.

1. Click-Wrap Agreement

In some (rare) cases companies prefer to implement the Itembase Terms and Privacy directly in their Terms and collect Opt-In as a click-wrap agreement.

Image1: Data implemented in Merchant Application.

Image2: Data implemented in Consumer Application.

1. Separate Terms Opt-In.

In some (rare) cases companies prefer to implement the Itembase Terms and Privacy directly in their Opt-In Forms as separate Opt-Ins directly to the Itembase Terms.

Image1: Data implemented in Merchant Application.

Image2: Data implemented in Consumer Application.

Compliance

The Itembase iPaaS was orginally build for Enterprise Companies with the needed features and processes in place to ensure companies implementing POS Connectivity and Commerce Data in their Apps and Services can also properly ensure their compliances processes are kept in place.

Since inception the Itembase iPaaS has gone and is continously going through compliance and risk assesments with global and highly regulated public companies from industries like Financial Service or Logistics. The Itembase Team will work with your compliance teams during implementation to ensure the needed level of compliance and assesments are implemented in your processeses.

Read the Itembase Global Policy Summary here >>

Information Security

See a summary of Itembase Information Security Documentation here:

Business Contingency Plan & Disaster Recovery

See a summary of Itembase Business Contingency Documentation here: