Our main GDPR measures
As of 25 May 2018, the General Data Protection Regulation (GDPR) is in function. This legislation places more responsibilities on organizations that process personal data. Prindustry is fully compliant and ensures all appropriate technical and organizational measures to prevent data breaches. All personal data going through our platform is secured according to the GDPR.
Processor Agreement with customers
A Processor Agreement is provided with all Prindustry customers for signature with the contract (“the Agreement”). Prindustry commits, under the terms of this Processor Agreement, to process personal data on behalf of Controller (the Prindustry customer). Processing will only take place in the context of the arrangements as stipulated in the Agreement.
An example of the Processor Agreement can be found in the footer menu on this website.
Sub-Processor Agreement with producers
As of the implementation of the GDPR privacy legislation, Sub-Processor Agreements have been signed with producers to protect the personal data they receive for an order through the Prindustry platform. The agreements contain required technical and organizational measures to protect the data. Personal data may only be used for producing and sending the order.
As of May 25, 2018, the Prindustry customer can see in the backend of their webportal which producers have signed the Processor Agreements. Every new producer was and will be presented with the Sub-Processor Agreement for signature. Signing the agreement is mandatory. There is active compliance on this from Prindustry.
You can find the Sub-Processor Agreement on the Prindustry website (footer menu).
Terms and Conditions
The Terms and Conditions have been updated with the GDPR privacy measures. The Terms and Conditions are updated every year and can be reviewed on the website (see footer).
Every Prindustry web portal has a secure HTTPS connection through a SSL certificate. By using a SSL certificate, all data is sent encrypted. Authentication data is stored in the database and in back-ups. Back-ups are stored in a protected environment in the data centre. The back-ups are made approximately once a day and stored for fourteen days.
Servers in EU
All Prindustry servers are located within the EU borders and are secured according to GDPR legislation. All of our web portals run on our own web servers which are fully separated from other companies.
Our clients can set their own cookie notification through our backend. A cookie notification is important, because the visitor in the webshop must be informed about which data the reseller collects.
Outside the platform
Prindustry arranges all security for the personal data that goes through our platform. Of course, the WhiteLabelShop or Brandportal owner is responsible for the personal data for orders outside of our portal. They can use our Processer Agreement, Privacy and Cookie Statement and Terms and Conditions as a starting point.
Prindustry is affiliated with industry organisation ICT Warranty. The ICT guarantee certification is monitored and renewed every year. It stands for reliable ICT companies and gives partners clarity and certainty.
ISO 27001 certification
Prindustry is ISO 27001 certified. ISO 27001 is the globally recognized standard for information security. It guarantees that Prindustry meets all requirements for information security in relation to the continuous development and secure operation of the Prindustry SaaS platform for webshops and brand portals. We are re-audited every year for our ISO-27001 certificate. In this audit, GDPR is an important part and we are therefore inspected on several processes involving personal data.
Data processing roles
As a software developer, we are the Processor for our customers. We do not determine the purpose and means of processing the personal data. We merely store and transmit the data. Personal data is processed on behalf of the Controller. The WhiteLabelShop or Brandportal owner is the Controller, because they enter the personal data or have them entered and determine the purpose and means. The suppliers are the Sub-processor because they receive the personal data for a specific purpose, namely producing and sending an order.
Personal Data of Subjects
In the context of the Agreement, the Controller, Processor and Sub-Processor process personal data of Data Subjects of the Controller through Prindustry’s platform. These Personal Data of End Customers include first name, last name, gender, street name, house number, zip code, city, phone number and email address.
All categories of Data Subjects and their personal data are listed in Prindustry’s Processing Agreements.