No products in the cart.
Privacy Policy
Introduction
Our organization is committed to safeguarding the privacy and security of your personal data. This Privacy Policy outlines how we collect, process, store, and protect personal data, as well as the security measures we have implemented to ensure the confidentiality and integrity of this data across our Order Management System (OMS), Multi-Channel Order Management, and Warehouse Management System (WMS).
Data Collection and Processing
We collect and process personal data to manage and fulfill orders, process payments, and provide customer support. This includes, but is not limited to, customer names, addresses, order details, and payment information. Access to this data is strictly limited to authorized personnel based on the principle of least privilege, ensuring that employees only have access to the data required for their specific role.
Data Security and Encryption
We employ robust data security measures to protect your personal data both in-transit and at-rest.
- Data in-transit is encrypted using TLS 1.2 or higher, and data at-rest is encrypted using AES-256 encryption.
- Our network is secured through firewalls, intrusion detection/prevention systems (IDS/IPS), and endpoint protection to monitor and prevent any unauthorized access or threats.
Access Control
Our organization maintains a published Access Control Policy that governs access to sensitive data. Only authorized personnel are granted access to personal data, and this access is regularly reviewed to ensure compliance with data protection principles. Our policy enforces role-based access controls (RBAC), and all employees are required to use multi-factor authentication (MFA) for accessing critical systems.
Data Classification and Retention
We have a Data Classification Policy in place that categorizes data based on its sensitivity, with personal data classified as restricted. Personal data is stored only as long as necessary for the purposes for which it was collected. Data is regularly reviewed, and unnecessary data is securely deleted.
Incident Response and Reporting
In the event of a data breach or security incident, our organization follows a formal Incident Response Policy. This includes clear roles and responsibilities for reporting, investigating, and resolving any incidents. Any personal data breaches will be reported within the required timelines, in compliance with applicable data protection laws.
Vulnerability and Threat Management
Our organization implements a proactive Vulnerability and Threat Management Procedure to identify, assess, and mitigate risks to personal data and systems. Regular vulnerability scans, penetration tests, and patch management protocols are enforced to ensure our systems are secure against emerging threats.
Employee Training and Awareness
All employees are trained on data protection principles, ensuring they are aware of their responsibilities when handling personal data. Regular security awareness training is provided to reinforce the importance of privacy and security in day-to-day operations.
Data Subject Rights
As a data subject, you have certain rights regarding your personal data, including the right to access, correct, or request the deletion of your personal information. You may also request information on how your data is processed and stored.
Updates to This Privacy Policy
We regularly review and update our Privacy Policy to ensure compliance with data protection laws and to reflect any changes in our data practices. The policy is reviewed annually or whenever there are significant changes in legal or business requirements.
Contact Us
If you have any questions or concerns regarding this Privacy Policy or how your personal data is handled, please contact our Data Protection Officer at [email protected]