GDPR

GDPR Privacy Policy requirements

• Concise, transparent, intelligible, and easily accessible form

• Written in clear and plain language, particularly for any information addressed specifically to a child

• Delivered in a timely manner

• Provided free of charge

What must be shared

• The identity and contact details of the organization, its representative, and its Data Protection Officer

• The purpose for the organization to process an individual’s personal data and its legal basis

• The legitimate interests of the organization (or third party, where applicable)

• Any recipient or categories of recipients of an individual’s data

• The details regarding any transfer of personal data to a third country and the safeguards taken

• The retention period or criteria used to determine the retention period of the data

• The existence of each data subject’s rights

• The right to withdraw consent at any time (where relevant)

• The right to lodge a complaint with a supervisory authority

• Whether the provision of personal data is part of a statutory or contractual requirement or obligation and the possible consequences of failing to provide the personal data

• The existence of an automated decision-making system, including profiling, and information about how this system has been set up, the significance, and the consequences

As you can see, creating a GDPR-compliant Privacy Policy for most e-commerce businesses could be quite a headache - it would involve wading through technical documentation about how your e-commerce platform and connected systems work, in order to try to understand the data flows, which would likely run into the hundreds.

Pakk simplifies privacy

With Pakk, the situation is much simpler. Firstly, due to the fact that Pakk is architected as a "one-stop-shop" commerce platform, data is much more centralised and there are far fewer data flows to external sources than in a standard e-commerce platform + plugins + api integrations setup. Secondly, because Pakk is configurable, not customiseable, the system already knows where customer data is kept, processed and shared. With this in mind, it should be obvious that Pakk can write your Privacy Policy for you. In fact, it does. Pakk uses its knowledge of the settings in your account and the configuration of the website to autogenerate a Privacy Policy and link to it in easily discoverable places. We might need you to fill in a few more details, for completeness sake, but essentially, the platform can generate 90% of the text in order to fulfil the above requirements. Obviously, this is all translatable to any Pakk language too.