GDPR AND PRIVACY POLICIES
Across all Dita's websites we treat your privacy and data with utmost care and respect. The below text details our policies and procedures for handling your data. This statement is specifically for the SHOP.DITA.NET website. Please visit Dita's other websites and find the "GDPR"/Privacy links on them to get a specific statement for the website you are interested in.
GENERAL DATA PROTECTION REGULATION ("GDPR")
On the 25th of May 2018 the EU "GDPR" regulations come into force. While Dita's websites and businesses are located in the USA "GDPR" mandates that all businesses worldwide comply with it's regulations if any processing of data from citizens in the EU takes place. Since many of Dita's fans and customers of the shop are located in the EU we have decided to comply fully with the regulations. Non-EU customers also benefit from this legislation which puts customer privacy and security at the heart of everything we do.
LAWFUL BASIS FOR PROCESSING
At SHOP.DITA.NET the information we collect and process from you is necessary solely so that we can fulfil the contract between us and supply you with the goods you purchase. Your data is not used for anything else other than this.
SHOP.DITA.NET does not track or collect personal information about website visitors until a purchase is made. At this point SHOP.DITA.NET collects payment and shipping information in order to fulfil contracts visitors enter into when making a purchase.
This information will include all the data you enter at the shops checkout page. That includes, your name and address details, contact details (email and optionally phone number if you choose to enter it). Also your credit card details.
Information you enter during checkout is used:
- To fulfill orders placed with SHOP.DITA.NET
- To provide you with information about the status of your order
- To allow administration of your order, including any refunds or exchanges
- For any other purposes ONLY agreed with your ADDITIONAL full consent
SHOP.DITA.NET may use the information and data submitted by customers for any other purposes related to SHOP.DITA.NET's business that are compatible with the purposes for which your information was collected - i.e. with the goal of fulfilling your order. We do not use your personal information for any profiling or marketing purposes. Neither do we share your data with any other third party apart from our card processor - eprocessingnetwork.com.
At this time we also do not run any mailing lists so your email is only used for the purposes of order fulfillment and is not kept or stored in any way beyond the period needed to fulfill the purchase contract and any refund/exchange that arises as a result of it.
Other than eProcessingNetwork.com who process our transactions we do not share customer data with anyone else.
ACCESS TO YOUR DATA
In compliance with "GDPR" you have and may exercise the following rights with regard to your data:
"WE", "US" and "OUR" refer to SHOP.DITA.NET in the following
- Right to Access - On request WE will provide Customers with the Personal Data collected in association with their account.
- Right to Rectification - WE will allow Customers to update information on the website via an email request (see below for email).
- Right to Erasure - Customers may choose to remove information collected by US. Note this may impact our ability to fulfill your order. Should it make it impossible we will refund the order before removing your details from the system.
- Right to be informed - WE will inform customers of the Personal Data collected by US.
- Right to Object - A customer may object to US processing their data.
- Right to Restrict Processing - A customer may restrict OUR processing of personal data.
- Right to Data Portability - A customer may request their personal data for use elsewhere or for other purposes.
- Right to be Informed - A customer may request to be informed about the completion of rectification, erasure (before the erasure takes place), or restriction of processing within 30 days of the request.
If you would like to exercise any of these rights, please contact us by email at email@example.com
. Include information so we can identify your data (ideally an order number but if not then an email or name will suffice).
Personal identifying information on customers is kept for as short a time as is possible to fulfill purchase contracts and deal with any issues involving refunds, exchanges or other disputes. In real terms this means approximately 6 months as banks will entertain refunds over that time but no longer. Once 6 months have passed customer data is wiped from our systems.
We take security very seriously. As soon as we save customer data it is encrypted using an RSA asymmetric public key 4096 bits in length. In order to decrypt the data a private key is required. The private key is not stored on the server but offline locally. As such we feel your data is safe even in the worst case scenario of a data breach. Should a data breach occur which may affect your data we shall of course inform you as required by "GDPR".
Any data transmitted to our third party, eProcessingNetwork.com, is done so using TLS v1.2 - which is the best modern symmetric encryption method currently available.
No customer data is ever "in the clear" but always encrypted at the best level possible.
The web server itself is in a secure facility in Dallas, Texas. The facility is guarded 24/7 and access is strictly controlled. More information about physical server security can be found
SHOP.DITA.NET uses no cookies to track anything. The server software uses a cookie for session management. This cookie is used internally by the server software and we do not make use of it for anything.
SHOP.DITA.NET employs no tracking technology and neither do we profile customers.
This policy may be amended from time to time as we seek ever closer/greater compliance with emerging privacy standards.
PRIVACY QUESTIONS OR COMPLAINTS
Address all questions, queries, complaints to firstname.lastname@example.org
Last Revision: 23rd May 2018