As a business you buy from, Tradebox Ltd has access to and stores some of your personal information. As a third party system, Tradebox software has access to and stores some of your customers' personal information.
Below are frequently asked questions and details of our GDPR policy. A PDF version of this policy is available here for your records.
Your Personal Information as a Customer of Tradebox Ltd
- What personal information of mine do Tradebox Ltd receive?
- When you place an order or enquiry into Tradebox, you'll provide information for us to build a customer record and maintain contact with you: your company name, one or more contact names, one or more contact email addresses and telephone numbers, and your registered business address.
- If you choose to pay by credit or debit card, you'll provide sufficient card details for us to process the transaction: card number, expiry date, CCV number, name on card, and the address the card is registered to.
- If you choose to pay by BACS, we'll have visibility of your bank account name, sort code and account number.
- If you choose to pay by Paypal, we'll have visibility of your Paypal user ID only.
- Which of this information is stored by Tradebox Ltd?
- The customer contact information is retained. We do not store your credit/debit card information, BACS details or Paypal ID.
- How is this information stored?
- We use a CRM (customer relationship management) software and an accounts software. The data for both of these are stored locally on our encrypted network.
- Who has access to this information and how is it protected?
- All directors and employees of Tradebox Ltd have access.
- None of your personal information is stored anywhere apart from physically on-site at our registered address.
- All computers and servers with access are password-protected at the system level, as are our CRM system, accounts system and the network itself.
- Do Tradebox Ltd operate internationally?
- No, we are entirely based in the UK.
- How long is this information retained?
- As long as you are an existing customer and as long as is legally required.
- Do I have the right to deletion of this information?
- Within the legal requirements, yes.
- Will Tradebox Ltd contact me? Can I opt out of contact?
- As a customer and user of the software there will be times when Tradebox will need to contact you to discuss your account and billing, or changes to or issues with our software and/or 3rd party platforms we integrate with. As a customer and user of the software we have a contract with you that makes this contact allowable under the GDPR. We will not contact you for promotional purposes, such as newsletters or informing you about discounts or partner promotions, unless you have expressly given us permission to do so.
Normal use of Tradebox Software as a Third Party System
- Is Tradebox a cloud system?
- No, it is a desktop application.
- What personal information of my customers does Tradebox software have access to?
- Information specific to the order placed. This does include buyers' names, addresses, email addresses and telephone numbers and in some cases their user ID for the marketplace.
- This does not include any payment information beyond the type of payment method used, date of payment and a transaction reference. Tradebox software has no access to your customers' bank details or card numbers.
- This does not include any passwords used by the buyer to access the marketplace.
- This does not include any information deemed as 'sensitive' by GDPR.
- Do employees of Tradebox Ltd have access to this information?
- Not during normal use of the software.
- The below section on exceptions to normal use covers what happens if you contact Tradebox Support with a support request, where we may request some of this information. In normal use of the software, Tradebox Ltd don't have access to any of your customers' personal information.
- How does Tradebox software use this personal information?
- It downloads this data to its own database automatically.
- It passes this information to your accounts package, if you've set up an accounts integration.
- It has the facility to export this information to CSV files or documents that may be saved as PDF or similar formats, though this does not happen automatically.
- The sole exception to this is if you delete a sales channel in Tradebox One. At this point a CSV file of all orders present in the database downloaded through that channel is automatically created and placed in your Tradebox data folder.
- Where does Tradebox software store this data?
- The entirety of your Tradebox data is stored locally on your PC or local network. By default the data is stored locally on the C drive of the computer on which you install Tradebox software, though you may have moved yours to another location on your local network.
- None of your Tradebox data is stored in the cloud
- None of your Tradebox data is stored by Tradebox Ltd.
- How can I protect the data that my Tradebox software handles?
- Password-protect your PCs and any servers used within your business at the operating system level.
- Password-protect your local network and Wi-fi.
- You may also add a password to your Tradebox software by going to Maintenance > Security within the software.
- The Tradebox database itself is automatically password-protected.
- What about backups?
- A function within Tradebox allows you to backup the database, creating a single file which contains your Tradebox data. Only Tradebox software can restore this data.
- If you've added a password to Tradebox, backup files will prompt for this password following restore.
- Tradebox does not automatically backup to a cloud location.
- Are the connections between Tradebox and the online marketplaces secure?
- Where Tradebox connects to your marketplace via API (currently the following sales channels: eBay, Amazon, ekmPowershop, Bigcommerce, Magento v1, Shopify API, Channeladvisor, Woocommerce), the connection Tradebox uses is encrypted; the encryption protocol used is determined by the marketplace as the provider of the API.
- Where Tradebox reads a CSV file containing orders (all other marketplaces and third party systems), the order file itself is not encrypted. Tradebox offers an option to retrieve CSV order files from an FTP server. As of February 2018, Tradebox supports the secure connections FTPS and SFTP for this purpose.
Exceptions to Normal Use
As well as providing the software you use, Tradebox Ltd offers support to you in using the software and resolving problems with it. If you contact Tradebox Support for help in resolving such a problem, it may be necessary for employees of Tradebox Ltd (hereafter 'we' or 'us') to:
- Request examples of information relevant to orders including the same buyers' personal information that Tradebox software has access to.
- These requests may be for you to share this information by phone, via email/webchat, or we may request you to send us a CSV order file or screenshot showing the information by email.
- Remotely access your PCs or local network, with your permission, using a remote access tool such as Teamviewer.
- In this instance a Tradebox support agent has access to files and data on your PC. We pledge to only view or take copies of information that impacts on your Tradebox software, with the intent of resolving a problem and where we deem it relevant.
- Once a remote support session has ended, we no longer have any access to your PC or local network.
- Ask you to send a copy of your Tradebox database for us to review and test on our own systems. A secure mechanism for this exists within your Tradebox software.
- We may also ask you to send us a copy of other data relevant to your problem, for example a backup of your Sage accounts data.
FAQs where Tradebox Support are troubleshooting with your data:
- Where will the data I send be stored?
- On our PCs or server on our local network.
- We use an SFTP server to transfer some data including the 'Upload Database' 'Upload Backup' and 'Download Database' functions within your Tradebox software. This SFTP location is encrypted and password protected. Data is only stored on the SFTP for the length of time it takes Tradebox support to download it. Then the data is securely destroyed.
- What about things I send to you by email?
- The email addresses used by our business are all password-protected. Only employees of Tradebox Ltd have access.
- How long do you retain my data?
- Data including a Tradebox database you've sent to us, screenshots, order files and case notes containing personal information of your customers is stored only for as long as necessary to resolve the problem.
- Once the problem is resolved, any data that includes personal information is securely destroyed.
If you have any concerns or questions please write to email@example.com.
Tradebox warrants that any data received from any customer or user of the software for any legitimate purpose will be used and stored in compliance with the General Data Protection Regulations.
Managing Director / Data Controller
10th May 2018