MYE

Privacy Policy

Last Updated: 25 February 2024

1. Introduction

This Privacy Policy outlines how Evident BD Ltd (“we,” “us,” “our”) collects, uses, shares, and safeguards personal data through the Manage Your eCommerce platforms and services. We are committed to respecting and protecting your privacy in compliance with data protection regulations across the EU, UK, and USA, including the requirements set forth by Amazon, eBay, and other marketplaces.

Evident BD Ltd is based in the United Kingdom, with its registered office at 620 London Road, Grays, RM20 3HX, United Kingdom. The company registration number in the UK is 13017375. We are registered with the UK Information Commissionerʼs Office (ICO) as a data controller under registration number ZB546717.

2. Scope

This policy applies to all users of Manage Your eCommerce platforms, including individual customers and business users. It encompasses data collected directly or indirectly via our platforms, products, and integrations with third-party services, including Amazon and eBay.

3. Categories of Data We Collect

We collect, process, and store various types of personal data to provide, improve, and personalise our services. Data collected is based on our legitimate business interests, contractual obligations, and legal compliance.

3.1 Identity and Contact Data
  • Names (first and last) and titles of customers and their employees.
  • Email addresses, business details, and invoicing information.
  • Banking details for transaction processing.

Lawful Basis: Contract

3.2 Transaction Data
  • Information about payments to and from users.
  • Details of products and services purchased.

Lawful Basis: Contract

3.3 Profile Data
  • Username, password, and account preferences.

Lawful Basis: Contract

3.4 Technical Data
  • IP addresses, login locations, and device information.
  • Information on system performance and activity to monitor product integrity.

Lawful Basis: Legitimate Interest

3.5 Marketing Data
  • Business contact information for promotional communications.

Lawful Basis: Legitimate Interest

4. Purpose for Collection

The data we collect is essential for:

  • Delivering Manage Your eCommerce products and services to businesses.
  • Ensuring system security, efficient performance, and service improvements.
  • Informing customers of product updates, new features, or additional services that could benefit their businesses.
  • Maintaining compliance with legal obligations for audit and regulatory purposes.

5. Data Sharing and Third-Party Access

We may share user data with select third parties only when necessary to provide services or fulfill legal obligations.

5.1 Service Providers

Manage Your eCommerce collaborates with third-party providers, who may access or process personal data under strict confidentiality and data protection agreements. These providers include:

  • CRM Platforms for customer management.
  • Cloud Hosting Services for data storage and processing.
  • Technical Support Providers to resolve service issues.
  • Payment Processors to handle transactions.
  • Marketing and Analytics Providers for promotional outreach and product analytics.
5.2 Internal Sharing Within Evident BD Ltd

Data may be shared within Evident BD Ltd departments for:

  • Customer support and technical assistance.
  • Quality testing and improvement of services.
  • Identifying and providing cross-sell and upsell opportunities.
5.3 Compliance with Legal and Regulatory Authorities

We may disclose data to authorities as required by law or to comply with requests from law enforcement or regulatory bodies, including:

  • Anti-Fraud and Security Checks in compliance with Amazon, eBay, and other marketplace requirements.
  • Legal Obligations such as audit, accounting, and tax obligations.

6. Data Retention and Disposal

We retain data only as long as necessary to fulfill the purposes for which it was collected, and in compliance with applicable legal and accounting requirements.

6.1 Retention Period
  • Customer Data: Retained for six years following the end of the customer contract to comply with audit and tax regulations.
  • Marketing Data: Retained until unsubscribed or after the contract ends; contact data is then added to a “do not contact” list.
  • Anonymised Data: May be retained indefinitely for statistical or research purposes.
6.2 Secure Disposal

Data is securely deleted or anonymised once it is no longer required. Physical media is disposed of through certified e-waste vendors following NIST SP 800-88 guidelines for secure data destruction.

7. Your Rights Over Your Data

Depending on your location and applicable laws, you have certain rights regarding your personal data:

7.1 UK and EU Residents
  • Right to Be Informed: Receive information on how personal data is collected and used.
  • Right of Access: Request access to personal data we hold about you.
  • Right to Rectification: Correct inaccuracies in personal data.
  • Right to Erasure: Request deletion of personal data, subject to legal obligations.
  • Right to Object: Object to data processing based on legitimate interests.
  • Right to Restrict Processing: Request temporary suspension of data processing.
7.2 US Residents

Your rights vary by state. California, Colorado, Connecticut, Iowa, Utah, and Virginia residents have rights including:

  • Right to Access: Request details of personal data collected in the last 12 months.
  • Right to Delete: Request data deletion with certain exceptions.
  • Right to Correct: Correct inaccurate personal data.
  • Right to Opt-Out: Opt-out of data sale and targeted advertising.

For rights requests or queries, contact our Data Protection Officer at [email protected]

8. Cookies and Third-Party Links

Manage Your eCommerce uses cookies to enhance user experience and collect data on usage patterns. Cookies help us:

  • Optimise Service Delivery: Enable smooth navigation and functionality within our platforms.
  • Analytics: Track usage statistics and improve service performance.

We use only non-essential cookies with user consent. Links to third-party websites may appear on our platform; however, we do not control these sites and are not responsible for their privacy practices.

9. Data Security

We employ industry-leading methods to secure your data and comply with Amazon and eBay security requirements:

  • Encryption: AES-256 encryption for all sensitive data.
  • Multi-Factor Authentication (MFA): Required for account access.
  • Access Controls: Role-based access and regular audits.
  • Data Minimisation: Collect and retain only necessary data for service provision.
  • Endpoint Protection: Anti-malware tools and regular monitoring to prevent data breaches.

10. Compliance and Accountability

10.1 Data Processor Obligations

When acting as a data processor for our customers (e.g., processing end-customer data), we adhere to Amazon and eBay data processing standards. For additional assurance, customers may request a Data Processing Agreement (DPA) by contacting us.

10.2 Audits and Reviews

We regularly audit our data processing practices, internal access control, and data protection measures to ensure compliance. An annual review of this policy is conducted to reflect any regulatory changes.

11. Queries and Complaints

If you have questions or concerns regarding our data practices, please contact our Data Protection Officer at [email protected]. UK residents may also submit complaints to the ICO via https://ico.org.uk/make-a-complaint .

 

Approval and Endorsement

This policy is endorsed by the management of Evident BD Ltd and takes effect immediately upon approval.

Name: Tanvir Shariar

Position: Chief Information Security Officer

Date: 25 February 2024