GDPR Content Hub
Whether you’re a reader, watcher or just prefer the visuals – we’ve got you covered.
This page is for general information only and does not constitute legal advice – please consult a lawyer for advice on a specific issue.
Last updated 9 July 2018
SaleCycle & GDPR.
Here at SaleCycle we’re aware of the impact GDPR has upon its, our clients and our clients’ customers.
Along with reviewing our own security measures to gain ISP 270001 compliance, we’ve been actively working with our clients, reviewing websites, privacy statements and privacy policies, and suggesting areas for improvement to help them to be GDPR compliant.
We’ve also built the Marketing Permission Service assist our clients in better managing their website visitors marketing permissions. Our solution is flexible and configured to specific client requirements in many different territories.
Whatever the size of your organisation, GDPR is essentially about trust. Building trusted relationships with the public will enable you to sustainably build your use of data and gain more value. Through changing their data handling culture, organisations can derive new value from customer relationships.
Steve Wood, Deputy Commissioner for Policy at the Information Commissioner’s Office
01 How does the SaleCycle Service work?
02 What data / variables do SaleCycle collect?
SaleCycle will collect and process two categories of data from your website. The first allows us to uniquely identify a website visitor (Browser information, IP address, Salutation, First Name, Last Name, Opt in status, Email, Address (Shipping and Billing), Phone Number). The second allows us to understand your visitors journey across your site (Basket ID / Order ID, Subtotal, Title, Currency, Discounts, Shipping, Items, Product ID, Client Product ID, URL, Single Item Price, Category, Tax etc.). This information is required for us to provide our service to you. We do not collect any bank or credit card information.
03 How do SaleCycle collect the data?
04 Where is the data stored?
Browser-managed local storage caches some visitors’ data on their machines and this data is periodically sent to our servers. Locally stored data is not accessible by any other third party.
Customer data is stored two locations, our CoLo datacentre in London and within the AWS EU-West-1 Region (Dublin). Both locations are ISO 27001 accredited. We also conduct annual third party Penetration Tests on all SaleCycle production systems.
Access to data is restricted to authorised personnel only.
05 What do SaleCycle use the data for?
The personally identifiable data that we collect from your site is used only to provide the contracted SaleCycle service to you. We do not use it for any other purpose.
06 How long do SaleCycle hold the data for?
We hold personally identifiable data only for as long as is required and as a general policy we do not retain personally identifiable data for longer than six months. For transactions that can be claimed by SaleCycle for commissioning purposes, the conversion details may be retained longer to satisfy audit and accounting requirements.
07 Do SaleCycle share our data with other clients?
We do not share your customer data with any other clients. Even if two clients have a common customer, these are treated as separate customers and contact history, preferences etc. are maintained completely separately.
08 Do SaleCycle share the data with anyone else?
We only share personally identifiable information with trusted 3rd Parties to facilitate the service that you have contracted for. SaleCycle select these suppliers, or in the case of ESP’s, we are able to use your existing provider.
Where we use your ESP we will ensure we follow the same secure process you currently employ to send data to them. If you elect to use one of our vetted ESP partners, you can be assured we will follow security best practices.
See the following list of third party suppliers:
Digital Realty – Physical Hosting Data Centre Services
Amazon Web Services – Cloud Hosting, data processing and ESP
Qubole – Data Analysis Service
Google G-Suite – Corporate email solution and hosted file storage solution
Salesforce – CRM Software – used to support our Sales Process
Freshdesk – Helpdesk SAAS product
09 Can SaleCycle supply us with a copy of the data?
10 How & when are customer records currently deleted?
Personal Data is held for a maximum of 6 months within our system and then deleted via scheduled jobs, retention policies or TTLs.
Marketing Permission Service
Keep your marketing campaigns compliant.
Not only can our Marketing Permission Service help to supercharge your SaleCycle campaigns but could also help you to manage compliance for your own marketing messages.