Data policy

We take care of your personal data

360ecommerce is built on the idea that the less personal data the user has to provide, the less vulnerable the system is.

We follow the applicable GDPR rules from the EU, and in some cases even go further than that in relation to them to protect you, we also do not sell your behavioral data to others.

Security

360ecommerce is a service to our customers

Basically 360ecommerce is a standalone platform, where our customers can receive orders from their customers. Our customers control the daily use of this platform, and the customers are the guardians of the data inside their web based system. We can guide and help our customers, and we do so.

Your data will NOT be handed over to others

The 360ecommerce business model is based on the fact that we make money from our services, not from the data we receive from you. 360ecommerce does not share information with anyone other than the companies that purchase our services.

Users can view and edit own data

Only the customer owner and the individual employee have access to this information. The employee can at any time delete data that employees do not think should be shared.

GEO Locations will NOT be saved

360ecommerce does not save this location information in the database, so 360ecommerce does NOT do geographic tracking. We also do not track any other behavioural data from individual users.

Encrypted personal data

The system runs on encrypted lines, and the database is not available to anybody except employees at 360ecommerce. Our backend is made by technology used by very large and trusted cooperations i.e. NASA, Spotify, Dropbox and YouTube, and we have implemented security measures that match.

Policies

Definitions

Service

The service is in the mobile applications made available via 360ecommerce and a web oriented ecommerce platform

Usage data

360ecommerce collects order data from user, this data is used exclusively for the ordering process and to generally optimize the system.

Cookies and other local data

All user interaction with the web server takes place via mobile applications, but we have no data stored locally on the mobile phone.

Information about personal data

The shop owner (our customer) can update information about staff (see above), and it is the shop owner's responsibility as data processor to ensure that that the content of personal data is ok. 360ecommerce, as data storage manager, is responsible for storing all data in an encrypted and secure environment.

The following fields are used by the system - and these will be used for the system to function:

  • Email
  • First and last name
  • Image of face (selfie)

Legal obligations

360ecommerce passes on personal data in the event that it is necessary for:

  • Complying with national laws
  • Ensure that authorities can investigate illegalities
  • Protect public authorities
  • Legal protection of 360ecommerce

Resale or disclosure of data to 3rd parties

Policy

360ecommerce submits the data to the governing authorities in the countries in which we operate, which the authorities request.

360ecommerce does not make money from the data transfer - this policy is a fixed part of the 360ecommerce vision.

Your consent to this Privacy Policy followed by your submission of such information represents your consent to this transfer.

360ecommerce will take all steps reasonably necessary to ensure that your data is processed securely (see below) and in accordance with this privacy policy and no transfer of your private data takes place place to an organization or country unless there are appropriate controls in place including the security of your data.

Legal basis for processing private data according to the General Data Protection Regulation (GDPR)

If you are from the European Economic Area (EEA), 360ecommerce's legal basis for collection and use is of the private information described in this privacy policy depends on the private data we collect and the specific context in which we collect them.

Storage of data

360ecommerce only stores your private data as long as it is necessary for the purposes described in this data policy.

We store and use your private data to the extent necessary to comply with our legal obligations, for example, if we are required to retain your data to comply with applicable laws, resolve disputes and enforce our legal agreements and policies.

Technical measures against hacking

General

360ecommerce cannot guarantee 100% security against hacker attacks or the like, but we can guarantee that we have our utmost to ensure that user data is protected from hackers.

Communication

All communication takes place via encrypted lines HTTPS

  • Sha256 codes have been introduced in all API headers to ensure that the communication to the server arrives from the correct units.
  • "Tokens" are sent between mobile devices and server for each call - these tokens are based on JWT technology and is per user.
  • Communication between a user and server can only be done from the user's mobile phone.

Server

The data is stored on a PostgreSQL database, and all data is secured with the security system in the database.

The web service is coded in django, and the module: cors headers is turned on, which ensures that hackers cannot break into sessions.