In the interests of clarity to all Parties:
- Commerecxchange provides internet-based software solutions.
- Clients subscribe to the Commercexchange software for the purposes of running their own internet-based trading website typically referred to as an online ordering system, webstore, ecommerce solution, eprocurement solution.
- Depending on how the Client has configured the software, the Client's Customers can either set up their own account on the trading website or request the Client to set up an account on their behalf.
- In the case that the Customer requests the Client to set up an account on their behalf, it is the responsibility of the Client to obtain and retain confirmation of the Customer's consent.
- Customer accounts are created, and the Personal Information provided processed for the purposes of:
- The Customer ordering products and services from the Client and for the Client to process and fulfil these orders.
- The Customer and the Client to manage the ongoing relationship i.e. providing the customer access to previous order history and any customer specific commercial terms that may apply.
- Clients however, are ultimately responsible for ensuring they are GDPR compliant with respect to their Customer data. Whilst we are committed to building a platform that encourages good-practice in line with GDPR, Commercexchange cannot be held responsible for Client compliancy.
What information do we collect about you?
Safeguarding Your Information
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Commercexchange accounts require a username and password to log in. You must keep your username and password secure, and never disclose it to a third party. Because the information in your account is sensitive, account passwords are encrypted, which means we cannot see yours or your customers passwords. We cannot resend forgotten passwords either. We will only reset them.
Third Party Sites and Systems
The Client can electronically link and manually download and import personal information into third-party sites, services and systems outside of the control of Commercexchange. Furthermore, the Client can download end customer data for uses in its own internal company processes and systems.
Examples of third party and customer systems include, but are not limited to, email systems, direct mail, telemarketing, finance systems, ERPs systems, CRM systems, Quotation systems, Online transaction systems.
No credit card information is entered or stored on the Commercexchange system. All stages of financial transactions are conducted on one of the integrated credit card processing vendors, which use security measures to protect your/your customer's information both during the transaction and after it is complete. All vendors are certified as compliant with card association security initiatives, including PCI DSS.
How will we use the information about you?
We use personal information to:
- Supply, improve and support the services we provide;
- Confirm your identity in using the Commercexchange platform;
- Perform the obligations of our contract with you or applicable law (e.g. to enforce our terms, communicate with you and provide support);
- Protect, investigate and deter against fraudulent, harmful, unauthorized or illegal activity;
- Fulfil requests that you may make;
- Bill you (e.g. to send you invoices, process payment, notices). Note that we use third parties for direct debit transaction processing, and we send billing information to those third parties to process your orders and payments.
- Send service/product notifications about the platform;
- Bring or defend legal proceedings, meet legal requirements (e.g. complying with court orders, enforcement actions, or other legally valid mechanisms) or respond to lawful requests by public authorities or law enforcement requests; and
No other 3rd parties have access to your personal data unless it is specifically required to meet either contractual obligations or the legitimate interests of the company as defined under Article 5 of the General Data Protection Regulation(GDPR).
How long your personal information will be kept
In providing services to you, we will hold personal information for as long as are providing you the services for or to comply with our legal obligations, enforce the terms of our contracts, resolve disputes or prevent abuse. Otherwise, we only hold personal information for as long as is necessary.
Reasons we can collect and use your personal information
In relation to Clients, the lawful basis for which we rely on to collect and process your data is typically performance of our contractual obligations.
Where is the information stored?
All the personal data we hold is processed by us using internal services hosted within the UK. Data is located on servers within the UK.
Access to information and correction
Clients and Client Customers have the right to request a copy of the information that we hold about them. This information can be viewed and modified by the Client and Customer by logging into their account on the system. Alternatively, if you are a Client, please email or write to us or if you are a Client Customer, please contact the Client that you have an account with. We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.
Cookies are text files recorded by your browser onto your computer for the websites you are visiting. They act as a memory, where sites can store information about your visit in order to use it when you open the next page. Every site can only set or read their own cookies, and only when your browser allows it. Usually, browsers are set by default to allow cookies. This information is used to track visitor use of the website and to compile statistical reports on website activity. For further information visit www.aboutcookies.org or www.allaboutcookies.org.
You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser.
When you and your customers visit your website, we collect statistics concerning the visit, which are stored in a log file. Log files allow us to record visitors' use of the site. This information is only used for the purpose of supporting our contractual obligations in supporting and maintaining the service.
If at any point you believe the information we process on you is incorrect you can request to see this information, and have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer, Gary Evans, at email@example.com who will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner's Office (ICO) who may be contacted at https://ico.org.uk/concerns/ or telephone at 0303 123 1113 or other channels as updated at https://ico.org.uk/global/contact-us/.
How to contact us
by email: firstname.lastname@example.org
Please contact us for further information.
Alternatively, you can click here to email us