There are two main reasons why companies shouldn't treat data protection as secondary when running an online shop:Request a quote now
No online shop can exist without collecting personal data. In online trading, the customer must disclose his personal data in order to be able to successfully complete the order process.
This data collection basically includes:
Most shop systems will, however, request significantly more data, which is processed internally by the provider. These data are all personal data and are all subject to the GDPR.
Since shop systems work and process automatically, it is essential to set up the process in a way that complies with data protection regulations. If customer data is handled improperly, there is a risk of fines from the authorities, expensive warnings, other sanctions and a catastrophic loss of image (the press is currently gratefully including data protection violations as a headline ...).
heyData offers you the secure opportunity to guarantee your customers a data protection compliant shopping experience. We would be happy to provide you with a professional, external data protection officer so that you can concentrate on your core business in a relaxed manner. We take over your data protection tasks for you.
The tasks are varied. This starts with the data requested in the check-out process. These must be highlighted because too much data must not be queried for no reason. Marketing tracking tools used are also checked for their legally compliant use. These and other data protection-specific topics are carefully examined by our data protection officer during the first inventory.
The aim of our work is that the customer has submitted all personal data - when checking out from the online shop - in a legally secure manner and that further processing is on a reliable basis.
Our external data protection officer studies and illuminates a large number of points relevant to data protection:
-the cookie banner
- the correct encryption of the website (see lock in the browser)
- Forms (data economy as a requirement of the GDPR)
- Opt-in and opt-out (customer consents)
- Newsletter (is it possible to send it?)
- the use of evaluation tools
- Data protection compliant customer loyalty
- Socia media plugins (data protection compliant social media marketing)
- AV contracts (order processing contract)
- Directory of processing activities
- Concept for data erasure
- legally compliant answering of customer questions
- dealing with data breaches (workflow)
Dies sind nur einige Punkte, die man beim korrekten Datenschutz eines Online-Shops beachten muss. Beachten Sie, dass jeder Shop und jedes Unternehmen andere Abläufe und eine individuelle Ausrichtung haben. Es gibt keine Lösung aus der Box oder ein allgemein gültiges Vorgehen! heyData bietet Ihnen mit einem externen Datenschutzbeauftragten die Lösung, die Ihr Shopsystem zu einer datenschutzkonformen Plattform macht.
At the beginning of our partnership, we will carry out an inventory with you and examine all areas relevant to data protection. You will then receive a written evaluation and we will give you specific tips for improvement. Our data protection officer will always be a serious contact for you and will help you discover and close the data protection gaps. This means that you are well protected from costly fines and can concentrate on your day-to-day business.
Do you know the right to information or the right to deletion? You don't need to either - the heyData data protection officer does this job too! Our data protection officer knows all the obligations and deadlines of the right to information and will give you professional advice. Do you know which data you can or must keep for how long? No? Your heyData data protection officer knows his way around and is happy to help!
Various deadlines must also be adhered to here. A request for information must be processed and answered within one month. Our external data protection officer always has these deadlines and possible deadline extensions in mind. If you wish, he will take over communication with the other party and will not disrupt your day-to-day business or get in your way.
The heyData data protection officer will keep an eye on the following points for you in a case of information:Get in touch
the processing purposes of the respective data
the categories of personal data that you process
the recipients of the data
the retention period
the existence of a right to correction or deletion
the existence of a right of appeal to a supervisory authority
the origin of the data
whether there is automated decision-making
The above points only reflect a fraction of the work to be done if you want to operate a legally compliant online shop. Data protection is not just a question of ethics here, but also a legal and marketing-related task. The external data protection officer from heyData will work with you to develop a professional and transparent solution. The external data protection officer will always be at your side as a contact person for you and your employees.
You and your employees will also shop online on the Internet. Here you will pay attention to security, a serious demeanor and legal bases. The data protection officer at heyData thinks in a practical way and has industry knowledge. This is what you would like your partners to do too. The external data protection officer from heyData already knows your tools and data processing applications. We help you so that new customers become convinced existing customers and your image remains popular and unassailable.
Trust the professionals when it comes to data protection within your online shop - rely on heyData as your own external data protection officer!
The more relevant the technology becomes, the more the use of e-commerce increases. Big or small, all types of online retailers are responsible for ordering goods through to delivery. In order for customers to properly receive the products or services they have purchased, online retailers are particularly reliant on keeping customers' personal information secure, including:
E-commerce in particular is severely affected by the General Data Protection Regulation (GDPR). The processing of customer data happens regularly and can end negatively for online retailers due to careless handling. The requirements of the GDPR must therefore be observed in order to prevent consequences such as damage to the image, loss of trust and fines. It is therefore crucial that sensitive customer data is handled carefully and transparently in accordance with data protection measures.
Choose heyData and benefit from your personal and professional contact, who ensures data protection compliance at all levels and at the highest level.
If you and your company meet one or more of the following criteria, then YES:
- Your company employs more than 20 people
- The employees regularly process automated data
- Special categories of personal data are processed in the company, such as ethnic origin, political opinion, religious conviction, health, the person's sex life
- Business-related personal data is transmitted, collected, processed or used and this represents a core activity of the company (this is the case with almost all companies that are related to personnel, e.g. software, recruiting, headhunting, consulting, etc.)
According to the GDPR, personal data is all information that relates to an identifiable or identified natural person. The persons concerned can be identified if they can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, a location or other features. In practice, this includes all data that can be assigned to a person in any way. Examples of this are telephone numbers, ID numbers, account details, license plates, customer numbers, e-mail addresses or postal addresses.
As soon as you have decided to work with heyData, after an initial needs analysis, we will carry out a data protection audit with your company in order to understand the processes of your company holistically - this process is digitally accompanied and supervised by the data protection advisor. We will then work with you to prepare the necessary documentation and, if necessary, adapt the website of your company according to our instructions, should there be a need for changes in order to achieve conformity. Depending on the package, we are then involved in a wide variety of processes in your company that require the expertise of a data protection officer to protect you in all matters; this usually extends to HR, marketing, product but also business development processes.
The regular contract term is 24 months.
The data protection audit is intended to examine the processes of your company and to identify the essential points of data processing. You will then receive documentation of this so that the positions, the type of data processed and the persons responsible are also available as a diagram at any time.