uTypia – GDPR General Data Protection Regulation

Technical-organizational measures

Valid from 25.5.2018

 

Generally – Compliance with country specific Laws and Regulations:

 

  • In general, every web shop operator (including uTypia Shop Licensees) is responsible for complying with the laws of his country in his shop.
  • Trodat distributes uTypia worldwide and does not know the respective regulations of the countries and can not take responsibility for their compliance
  • The uTypia team points to possible legislation in the newsletter on special occasions. (without liability and guarantee of completeness for the respective country).
  • The respective shop owner is responsible for activating the features or adjusting General Terms, etc.
  • The responsibility of implementation is that of the respective shop owner. uTypia offers here only a non-binding information that everyone must check themselves and possibly implement. Trodat takes no responsibility.
  • We recommend to inform yourself or to contact a legal adviser with Internet-related topics.
  • If we receive information in regards tothe absence of a legally required technical feature, we will immediately complete this as part of the support.

 

 

Personal data stored in uTypia

Below is a list of personal data stored in uTypia.

Please note that this is the data that will be saved in the default configuration. If you have changed the configuration in your shop or had the uTypia support change it for you - and this concerns personal data - you must document these changes yourself (eg renaming of fields on the registration page or special fields at the checkout or on the product)

Data is stored by all registered or logged in users, regardless of whether an order has been made:

 

Categories of personal data

Name

Profile/Username

Adress

Country

E-Mail

Telephone

Fax

Tax ID

IP-Adress

Bank data

Stamp Layout data

Company and Department

Position in the Firma

Cost center

Password

Status of the Account

Date of registration

Date of last change

Date of last login

language

baskets

Customer number

Agreement to receive newsletters

Reseller

Payment method

Web-Adress

Information about the browser type and version used

The operating system of the user

Date and time of access

Websites from which the user accesses uTypia

Websites that are called by the user from utypia

 

Credit Card Data in uTypia

All major credit card associations such as Visa, MasterCard, American Express, Discover, Diners Club and JCB all endorse and require the unified PCI Data Security Standards.

The Payment Card Industry (PCI) Data Security Standards (DSS) are now required for all merchants, including Retail (brick-and-mortar) , Mail/telephone order, e-Commerce.

All credit card payment modules available for uTypia do not store, review, accept or process any credit card relevant data. All credit card-relevant data are only queried and processed by the credit card solution provider himself on his Internet pages. Therefore, uTypia is not relevant to compliance with the PCI standard in your company.

For PCI-Compliance of your Creditcard payment provider please visit his website or contact them directly.

 

Newsletter

When registering in uTypia, you have the option to subscribe to newsletters. Please note that depending on national legislation, there are additional legal provisions (double opt-in, cancellation at any time, etc.). Compliance with this legislation and the handling of any unsubscribe from the newsletter is the responsibility of the respective uTypia licensee.


If desired, this newsletter registration option can also be deactivated.

Deletion request for personal data

If the uTypia licensee receives a deletion request for personal data of a customer or user, he can forward them to uTypia support via email. The uTypia support team then undertakes the deletion of the data within the scope of the technical possibilities.

If a customer requests erasure directly from uTypia Support, uTypia Support will provide this request to utypia Licensee. The customer will also be informed of this disclosure. A deletion will only be carried out after confirmation of the deletion request by the utypia licensee from uTypia support.

Detto with deletion request that are sent directly from third parties (eg office supply) to uTypia support.

It is the responsibility of the uTypia Licensee to respond to the deletion request.

For a delete request, please provide the following information:

-           Affected uTypia Webshop adressse (URL)

-           email

-           First given name

-           Surname

 

UTypia Support then uses this data to search personal data - orders, delivery addresses, billing addresses, users, shopping carts, stamp imprints. Logos, images or graphic stamp-impression data can not be searched.

In the case of a match of all given data (email, first name, last name) the personal data (email, first name, last name, address, telephone, fax, tax number, bank data) in the respective uTyipa Shop database will be overwritten by dummy data. It will only be searched and overwritten in the specified uTypia webshop. Any existing backups will not overwrite the data; this is technically not possible. The backups are deleted as a whole as part of the versioning within the framework of versioning after 3 months.

 

Cookies

The EU GDPR applies rules for cookies on websites. Cookies are information that is automatically stored by the browser software while surfing the internet. The purpose of the EU directives is to ensure that this storage of information is only permissible if the affected users are clearly and comprehensively informed and also have the opportunity to refuse this data storage. However, technically necessary data storage should not be affected.

In uTypia shops in the standard configuration only cookies are used that do not store any personal data – not even IP addresses - but only information necessary for the technical operation. In addition, no cookies are used.

If you have changed the configuration in your shop or have changed the uTypia support - and this applies to cookies - you must consider these changes yourself (for example, use of Google Analytics or other analysis tools)

 

There is now the possibility to activate a query of  "acceptance of cookies" in the shop. As soon as this query is active, users must accept cookies in order to be able to continue browsing the site.

Depending on the national legal situation, this may generally be required in online shops or only if tracking software (such as Google Analytics) is used. Please check your national legal situation and activate accordingly this acceptance query function in your administration. To do this, select in Manage Merchants – Merchant Settings 1 – Login Home: “Show cookie directive message”. To activate this function, please click on the box next to it and then on "Save“.

Depending on the national legal situation, it may also be necessary to point out the use of cookies in the terms and conditions, or these terms and conditions must be explicitly accepted. Therefore, please check the applicable national regulations and add any necessary text in your terms and conditions (Manage Merchants – Merchant Settings 1 – Content – “General Terms …”)

Note and consent to terms and conditions

Depending on the national legal situation, it may also be necessary to point out the terms and conditions, or these terms and conditions must be explicitly accepted. Therefore, please check the applicable national regulations and, if necessary, activate the necessary text in your terms and conditions (Manage Merchants - Merchant Settings 2 - Checkout).

Obligatory information in the terms and conditions and Impressum

Depending on the national legal situation, it is necessary to explicitly explain or specify various circumstances in the terms and conditions (for example ODR-VO and ADR-RL in Germany)

Depending on the national legal situation, there are also mandatory details in the Impressum

The responsibility of the implementation is that of the respective shop owner.

Even if the uTypia support enters data in the terms and conditions and impressum this is only a suggestion or draft of the respective shop owner must be adapted.

We recommend to inform yourself or to contact a legal adviser with Internet-related topics.

 

 

Analytics, Blogs, Videos, external Web-sites or Apps

 

In uTypia Stores in the default configuration no analysis tools, blogs, videos or external websites or apps are used.

If you have changed the configuration in your shop - or have changed it by uTypia Support - you may have to consider the necessary legal regulations yourself (eg use of Google Analytics or other analysis tools, integration of Youtube videos, feedback blogs, etc.)


Please check your national legal situation and adapt the terms and conditions or possibly the cookie acceptance note.

 

Data location

The uTypia data is stored within the EU and is not provided by uTypia outside the EU.

For analysis, testing and evaluation purposes, data may be forwarded temporarily and temporarily to uTypia employees or development partners outside the EU. We ensure in these cases that Austrian and EU data protection law is complied with.

Data retention

Personal data is kept for a minimum of 2 years. Personal data is kept for a maximum of 7 years - then deleted or overwritten and anonymized.

At the request of the uTypia licensee, the data will also be deleted or overwritten earlier and anonymized.

Security

uTypia used state-of-the-art measures to protect data - e.g. Access controls to the servers, firewalls, virus protection, etc.

Procedure for data theft or successful hacker attacks.

If a data theft or a successful hacker attack on a uTypia Shop is detected, the affected uTypia Shop Licensee will be informed by the uTypia team as soon as possible. This is done by email to the contact email address of the licensee as well as to the email address to which uTypia Shop orders are forwarded.

If necessary, the relevant Austrian authorities will also be informed within the legal deadline.

If the uTypia licensee leads the shop on behalf of a third party (eg company shop for the office trade, etc), it is the responsibility of the uTypia licensee to inform the third party accordingly and in a timely manner.

Also, the information of local authorities in the country of the licensee is the responsibility of the licensee.

Data Privacy Policy and Declaration of Consent

 
Dear Customers,
 
The privacy of your data is very important to us!

In order to ensure that our excellent business relationship remains legally secure in the future, we ask you to peruse and agree to the following data protection agreement:
 
In order to continue to be fully informed, under Art. 6 para. 1 lit. a of the GDPR I permit Trodat to use my  email address and company information – (as provided in the past for example in the utypia contract)  in the context of the marketing interests described below:
 

Your email address as used in this newsletter, company information as provided in the uTypia license agreement
 
I agree that my personal data voluntarily provided may be processed by Trodat for purposes of
 
o      contacting me and sending me marketing and product information related to goods and services from Trodat’s uTypia range of products (by email, SMS, telephone, fax, via social media messenger services);
o      satisfaction surveys concerning service and counselling;
o      needs analyses;
o      event invitations, training opportunities, vouchers and discount promotions;
o      reminders when I have filled the online shopping cart, but not completed the purchase process; and
o      contacting in the context of regional customs and traditions, such as sending Christmas or greetings cards.
 
I understand that Trodat is a member of the Trodat Trotec Group, and in this context, I additionally agree that the above personal data may be disclosed within the Group to affiliate companies of Trodat for the above purposes of marketing, so that such affiliates may contact me to the extent agreed. A complete list of Trodat’s affiliates is downloadable at http://www.trodat.net/SiteCollectionImages/About_Trodat/about_tro_partner/trodat-affiliate-companies.pdf. In addition, Trodat may involve third parties into the process if so required, and if the same have been carefully selected and obliged to comply with the demanding data privacy standards.
I am aware that I can revoke this consent for any or all purposes at any time by contacting uTypia support utypia@trodat.net).
 
For the purpose of our uTypia license contract relationship
Trodat GmbH , Linzer Strasse 156
, 4600 Wels (hereinafter referred to as “Trodat”) may process my personal data disclosed in this context (such as name, address, telephone number, email address) and the personal data collected during the contractual relationship or through my use of uTypia  (such as, website visits, user behaviour) for the purpose of providing the uTypia license service pursuant to Art. 6 para. 1 lit. b of the GDPR.
 
I acknowledge that Trodat will store my personal data for a maximum of seven years after the fulfilment of the contract due to retention requirements under corporate and fiscal law.
 
I have the right to request information about my personal data stored, and to have my data corrected or deleted at any time. I may also be entitled to demand a restriction on the processing of my data, and to have the data provided by me released in a structured, commonly used and machine-readable format.
I am entitled to lodge a complaint with Trodat or a data protection supervisory authority. The responsible data protection supervisory authority is: Österreichische Datenschutzbehörde [Austrian Data Protection Authority], Wickenburggasse 8, 1080 Vienna, Austria, phone: +43 1 52 152-0, e-mail: dsb@dsb.gv.at.
Please find your local data protection supervisory authority under http://archiv.dsb.gv.at/site/6211/default.aspx