First, we will start with some definitions:
– Data controller
– Data processor
GDPR recognizes two types of agents: Data controllers (that would be us Ordering.co) and processors (those are the other companies that we use to offer a better sales service). We can also be at the same time a data processor because we use your data to install your software and to look up for something of your history to help you with technical problems.
1. What data is being collected and where?
We collect different information from you already when you are visiting us and when you contact us over our contact forms, live chat (intercom) or use any of our pop-ups that offer sales assistance.
We collect the following information from you with cookies as a lead, when we do not have your email and we cannot match any data yet, we use intercom to get this:
– Operating system
– The source of your visit
– Browser language
– Number of previous visits
– Pages visited in the past
– Twitter profile (if we have your email)
– Facebook profile (if we have your email)
Then through our contact forms, live chat, and pop-ups on our website for sales assistance, we ask for:
– Phone number
– Packages that you would like to purchase
All of this information is on a third party App that we use called Intercom. You can read about how intercom deal with the GDPR here: https://www.intercom.com/security
If you want to unsubscribe from these emails, please send us at email to email@example.com
When you sign up for an account with us, we ask for similar information:
– Name of your company
This information is placed on our Amazon servers. We have different instances for this. We use a location in the USA, Europe, and Asia. You can check precisely about the location of the servers here directly with AWS: https://aws.amazon.com/de/about-aws/global-infrastructure/
We also use another third party App called AddRoll we use this for re-targeting. That means you see our advertisement on other sites if you have visited us previously. For this, we collect your IP.
Your email and e-mail address are also collected by MailChimp:
– Opened emails
You can read about MailChimp’s GDPR compliance here:
We also use TEND to track if we have converted traffic into customers. TEND tracks and saves:
– Email address
– Pages visited
2. Who is collecting your information?
– Google Analytics
3. How is your data collected?
4. Why is your data being collected?
We collect the information of our leads to offer personal sales assistance per e-mail, SMS, WhatsApp, Skype, Viber, Google duo, live chat, Mailchimp (email) and phone. This way we can contact each of our leads personally to solve questions about our products.
Also, we collect this information so we can track the information of our customers and help them.
We use the data of our visitors to track the success of our advertisement and to evaluate the different resources of traffic that we are paying.
5. How will your data be shared and who has access to it?
We do not share your data with any other companies, the data that we send to other third-party apps are administrated by ourselves.
Only in the case that we need technical support ourselves, a technician of our third-party apps could have access to the data. The GDPR compliance of this third-party app protects your data from being shared.
6. The normality of the process that we use and our explanation.
The third-party Apps that we have chosen are Apps that help us grow regarding revenue and quality in service. None of the Apps that we have chosen are meant to harm your privacy or your data nor human rights. The tools that we are using help us understand more about our potential customer, statistics about traffic and how our advertisement is affecting our sales. They are standard practices for a SAAS company like us.
7. Your data rights and freedom.
We respect your rights as the owner of your data, we can help you any time with the data collected. You have the right to access your data anytime you request without being abusive to our service.
You have the right to be forgotten, to prevent profiling, the right to object to processing, rectification, and erasure.
We can delete your data and reply to any question within 72 hours.
Request this to firstname.lastname@example.org, we are happy to help you.
8. Data protection officer(s.)
Sergio Ortiz (Co-Ceo) Sergio(at) ordering.co
Alonso Alvarez (Co-Ceo) Alonso(at) ordering.co
We will answer any of your request about our GDPR compliance personally within 72 hours.
9. How are we protecting that data from breaches?
We are using the highest technology for security at our AWS. As you can see here, we have chosen what it is available for us, as a SAAS: https://aws.amazon.com/security/?nc1=h_ls
10. Breach reporting
In the unfortunate event there is a data breach, we will inform your per email within 72 hours. We will start all investigations immediately, report the authorities (USA) and we will take the measurements internally to get rid of the risk. We will give all information to the authorities that they require. Also, we will correct the failure in the system so this does not happen again and give you a clear summary of this.
11. Restriction on children
We restrict access to our service to European children and all other countries under the age of 16 (some EU states may lower the permissible age to 13, but that is out of our control).