Last updated 03 January 2024
Manage Your eCommerce (’we’, ’us’, ’our’) takes data protection seriously. This policy sets out how we seek to protect personal data and ensure all data processing complies with applicable data protection laws.
Our trading name isManage Your eCommerce– that is what our eCommerce platforms, products and website are known by and the name our customers know us by. Our Manage Your eCommerce platforms are owned and operated by Evident BD Limited.
Evident BD Ltd Limited is based in the UK, our registered office is at 620 London Road, Grays, RM20 3HX, United Kingdom and our company registration number in the UK is 13017375.
We are bound by applicable data protection laws in the EU, UK, and USA for the handling and collection of your data.
We are registered as a data controller with the UK Information Commissioner’s Office (ICO) under the registration number ZB546717.
Our Data Protection Officer oversees compliance with this policy. Contact them at:
We process personal data provided to us by customers and visitors who use our services. This includes identity, contact, transactional and communications data.
As a processor, we also process data on behalf of our customers. This includes orders, accounts and other ecommerce data belonging to their customers.
We utilise appropriate technical and organisational controls to protect data, including:
We retain personal data as long as required to provide our services or meet legal obligations. Retention periods vary based on the type of data.
Data subjects have certain rights over their personal data. These include rights of access, rectification, erasure, restriction of processing, data portability and objections to processing. Contact our Data Protection Officer to make requests.
Our legal bases for processing personal data include consent, contractual necessity and our legitimate business interests. We only process special category data with explicit consent.
We disclose data to third parties only as necessary to provide our services, comply with legal obligations or obtain professional advice. Third parties must agree to process data according to our instructions and data protection laws.
Please contact our Data Protection Officer with any queries or complaints about our data processing practices. You also have a right to lodge a complaint with your local supervisory authority.
We utilise Standard Contractual Clauses and other valid transfer mechanisms when transferring personal data internationally outside the UK/EEA, to ensure adequate data protection controls.
We maintain internal records of data processing activities for demonstration of compliance with regulations. Records include processing purposes, data sharing and retention policies.
We employ a Data Protection by Design approach when developing products and services, assessing data privacy risks early and designing features to prevent or mitigate potential impacts.
We conduct assessments of high-risk data processing to identify and address privacy risks. Assessments evaluate necessity and proportionality, risks to rights and freedoms and measures to mitigate risks.
We follow all applicable data breach notification laws. In the event of a qualifying data breach affecting EU or UK data subjects, we will notify supervisory authorities within 72 hours and affected data subjects without undue delay.
As permitted by law, we may contact individuals by email and other channels with updates about our products and services that may interest them. Every marketing message contains instructions on opting out from future communications.
We implement additional security protections when processing any special categories of personal data, such as health, biometric or religious data. These enhanced measures ensure compliance with legal obligations for sensitive data.
We collect only the minimum amount of personal data necessary to deliver our services. Data collection is adequate, relevant and limited to fulfil stated purposes.
In situations where we jointly determine means and purposes of processing with another controller, we define our respective responsibilities for complying with data protection obligations through formal arrangements.
We conduct information security assessments on third-party suppliers that may process personal data in order to continually evaluate whether their security controls are in line with legal requirements and our policies.
We recognize that the personal data of UK data subjects will continue receiving the UK GDPR standards of data protection, as provided by the Data Protection, Privacy and Electronic Communications Regulations. Our policy is to continue applying EU GDPR principles to UK data.
Data subjects retain the right to withdraw consent for direct marketing communications at any time. Withdrawing consent for marketing will not affect your ability to use our core services. Users can withdraw consent by clicking unsubscribe links or contacting us directly.
Hopefully, this has made things clearer for you. As mentioned earlier, if there is anything you are unsure about regarding the policies or terms stated here, please don’t hesitate to contact us at [email protected]