Our main GDPR measures
As of 25 May 2018, the General Data Protection Regulation (GDPR) is in function. Prindustry has protected all the personal data of orders that go through the platform under this legislation.
Prindustry takes care of all appropriate technical and organizational measures that are to prevent data breaches.
Processor Agreement with customers
A Processor Agreement is provided with all Prindustry customers for signature with the contract (“the Agreement”). Prindustry commits, under the terms of this Processor Agreement, to process personal data on behalf of Controller (the Prindustry customer). Processing will only take place in the context of the arrangements as stipulated in the Agreement.
Sub-Processor Agreement with producers
As of the implementation of the GDPR privacy legislation, Sub-Processor Agreements have been signed with producers to protect the personal data they receive for an order through the Prindustry platform. The agreements contain required technical and organizational measures to protect the data. Personal data may only be used for producing and sending the order.
As of May 25, 2018, the Prindustry customer can see in the backend of their webportal which producers have signed the Processor Agreements. Every new producer was and will be presented with the Sub-Processor Agreement for signature. Signing the agreement is mandatory. There is active compliance on this from Prindustry.
Terms and Conditions
The Terms and Conditions have been updated with the GDPR privacy measures. The Terms and Conditions are updated every year and can be reviewed on the website (see footer).
Every Prindustry web portal has a secure HTTPS connection through a SSL certificate. By using a SSL certificate, all data is sent encrypted. Authentication data is stored in the database and in back-ups. Back-ups are stored in a protected environment in the data centre. The back-ups are made approximately once a day and stored for fourteen days.
Servers in EU
All Prindustry servers are located within the EU borders and are secured according to GDPR legislation. All of our web portals run on our own web servers which are fully separated from other companies.
Our clients can set their own cookie notification through our backend. A cookie notification is important, because the visitor in the webshop must be informed about which data the reseller collects.
Outside the platform
Prindustry arranges all security for the personal data that goes through our platform. Of course, the WhiteLabelShop or Brandportal owner is responsible for the personal data for orders outside of our portal. They can use our Processer Agreement, Privacy and Cookie Statement and Terms and Conditions as a starting point.
Prindustry is affiliated with industry organisation ICT Warranty. The ICT guarantee certification is monitored and renewed every year. It stands for reliable ICT companies and gives partners clarity and certainty.
ISO 27001 certification
Prindustry is ISO 27001 certified. ISO 27001 is the standard for information security. It guarantees that Prindustry meets all requirements for information security in relation to the continuous development and secure operation of the Prindustry SaaS platform for webshops and brand portals. We are re-audited every year for our ISO-27001 certificate. The GDPR is an important part of this audit.
Data processing roles
As a software developer, we are the Processor for our customers. We do not determine the purpose and means of processing the personal data. We merely store and transmit the data. Personal data is processed on behalf of the Controller. The WhiteLabelShop or Brandportal owner is the Controller, because they enter the personal data or have them entered and determine the purpose and means. The suppliers are the Sub-processor because they receive the personal data for a specific purpose, namely producing and sending an order.
Personal Data of Subjects
In the context of the Agreement, the Controller, Processor and Sub-Processor process personal data of Data Subjects of the Controller through Prindustry’s platform. These Personal Data of End Customers include first name, last name, gender, street name, house number, zip code, city, phone number and email address.
All categories of Data Subjects and their personal data are listed in Prindustry’s Processing Agreements.