On 25th May 2018 the General Data Protection Regulation will come into force. It is intended to strengthen data protection for individuals. For more information please visit https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/
How does this affect me as a Once User?
As a retailer capturing customers names, addresses and payment data, you have data protection obligations (see the Information Commisioner’s Office website for further details on exactly what your obligations are). Your key responsibility is to protect your customers' personal information from being accessed by others. As such, we strongly recommend password or finger-print protecting every tablet or computer that you use to run Once Mobile.
If you are using Once to capture customer name and address information to produce quotes and orders, you may be wondering if this information is stored by us at Once Connected. The answer is no. Once Connected do not store your customers’ data. Customer information within quotes/orders is either stored locally on your own tablet or PC if they have not yet been sent, or it is emailed to your business.
When you pass a quote or order to another Once user in your business, this is sent via our secure cloud servers and is only temporarily saved until the recipient receives the order. We have confirmed that the cloud based server and email service providers that we use in this process are GDPR compliant.
Once Connected do not store your quotes/orders or information contained in them in any database.
What personal information does Once store on me?
Once Connected stores your name, business address, phone number and email address as provided when you subscribed to Once. Protecting your data is important to us so this is securely stored in commercial cloud-based software that can only be accessed by authorized Once staff with a valid login/password.
Under the GDPR, you have the right to make a Subject Access Request regarding what personal data Once Connected stores and processes about you. If you wish to make a Subject Access Request to exercise any of the rights available to you under the GDPR, please email firstname.lastname@example.org with details of the requests that you are making and ask that it be directed to our Data Protection Officer.