GDPR at 365





It’s official! The European Union’s new privacy regulation, General Data Protection Regulation went into effect on the 25th of May. 365 Retail Markets has taken steps to ensure that your business is compliant and your customer’s privacy is protected. Here are a few things to note:



Changes That Affect Your Business



Updates have been made to the v5 software, 365Pay mobile app, My Market Account and ADM to ensure compliance. You can view the changes to the Terms & Conditions, Privacy Policy and Biometric Policy by visiting https://365retailmarkets.com/consumer-Policy/



You should have received a Data Protection Impact Assessment last week, which will show you what 365 is doing to comply with all of the GDPR regulations. In addition, you also received an assessment form to complete to detail how you are using your customers’ data.



Changes That Affect Your Customers

  • Your customers will need to accept or decline the updated privacy policy (new users can also choose to opt out of the Biometric Policy).
  • Upon logging into their account, either via the kiosk, 365Pay mobile app or My Market Account user portal, they’ll see a pop up notice of the change that they will have acknowledge that they read.
  • Declining our privacy policy will result in account deletion.
  • Users can now send a request to the Data Protection Officer at privacy@365smartshop.com to invoke the rights mentioned below. 

Customer Rights Under GDPR



Right of Access



Establish transparency in how you collect and process personal information. Copy of this data is to be provided free of charge by the controller.



Breach Notification



Customers are to be informed of a data breach within 72 hours of breach discovery or without undue delay after the controller being made aware.



Right to Be Forgotten



If you do not agree with how your personal information is stored, processed, or shared, customers have the right to submit a request to the Data Protection Officer and have it erased.



As a note, once the Customer Name has been “forgotten” and any funds returned, reports within ADM will no longer show the customer information. However, transactions and monetary tracking will remain.



Data Portability



Submitting a request to the Controllers Data Protection Officer allows customers the right to their data and to transfer that data to another controller.



Privacy by Design



Technical and organizational measures must be effective in order to meet the requirements of this Regulation and protect the rights of customer.



Data Protection Officer



Employee whose job is to monitor Controllers compliance with GDPR. Doing so requires that all customer rights are met.



Ignoring GDPR is not an option for any company that handles personal data for citizens in the European Union. As cyber security becomes an increasingly larger concern in our society, taking these additional steps will help to protect your business and you customers’ data from theft.



If you have any questions or need assistance with the GDPR transition process, please contact us at privacy@365smartshop.com. We are here for you.”