The Data Protect App is designed to protect customer data and is mandatory for the connection to various marketplaces (currently only Amazon Marketplace). The app ensures that
-
Personal data of customers is used according to the specifications of the marketplace
-
Personal data of customers is only stored as long as it is needed
-
At the request of the marketplace operator defined actions (such as deletion or retention) of personal data can be easily achieved
-
Data protection standards in the transmission according to the specifications of the marketplace are met
The Data Protect App is activated by the system as soon as a connection to a relevant marketplace is established, which can retrieve customer data (so-called PII, definition see below) - regardless of whether such data is actually received by the marketplace. Data is always transmitted using the SSL encryption method.
Personal information (so-called PII, in particular customer data) is stored for 10 years for processing the order or inquiry on the basis of the German DSGVO and basis for proper invoicing (AO, UStG, HGB). However, PII from sources of some marketplaces is treated separately by Xentral. These are marked according to their origin in order to be deleted at an earlier point in time. Personal information (so-called PII, especially customer data) from Amazon, for example, is automatically anonymised 30 days after the order is sent (see Definitions below). The technical basis for this deletion is a process starter (aka cron job), which is managed by the Data Protect App.
In case of data loss, the operator of the marketplace can request the operator of the Xentral instance (e.g. the amazon Seller) to delete the data. In this case, all active PII data in the instance can be made anonymous in a one-time process. However, the ability to further process the orders or to dispatch or properly invoice the seller can then no longer be guaranteed by Xentral.If requested (e.g. by a customer or the marketplace operator), personal data can also be deleted in individual cases. The DSGVO app included in Xentral is used for this purpose.
Should the marketplace operator request the operator of the Xentral instance (e.g. the amazon Seller) to return data, all still active PII in the instance can first be extracted in a one-time process and then anonymized. However, Xentral can then no longer guarantee the ability to further process the orders or to dispatch or properly invoice the seller.
Lost data can be restored within 24 hours on the basis of the data backups (snapshots) made in the aws cloud. Data can also be restored manually in individual cases on the basis of archived billing documents. An automated recovery from this cold storage into the hot storage (the database) is not possible.
Personal information (so-called PII, especially customer data) from Amazon is automatically anonymised 30 days after the order is sent. For this purpose, the following data is removed from the address or replaced:
-
Name
-
Address (street, post office box, etc.)
-
Phone
-
Email address
-
Gift message/Personal message (if applicable)
ZIP code and place are required for statistical purposes and will not be deleted!
First the corresponding process starter Data Protect with the parameter dataprotect_delete must be activated. This triggers the periodic deletion of content relevant to data protection law.
In the Settings tab the project to be protected and some further options can be set.
The options are explained in the following:
-
The project for processing the data of the respective marketplace can be set (e.g. AMAZON)
-
A placeholder text for name replacement can be selected
-
Any free field from the article can be defined as free field of the gift message. Typically, this configuration is made when the item is set up. This must be the free field of the item, which is then copied into the order items.
Once the setting has been made, the configuration can be saved.
Important
Archived document data (in particular order and invoice) are excluded from deletion. These are located in the userdata directory within the instance on encrypted hard disk (using AWS standard encryption). The reason for this is that the documents must be stored in accordance with German legislation (including AO, UStG, HGB) for proper invoicing.
The publication of data refers to the following document types:
-
Order (Auftrag)
-
Delivery note (Lieferschein)
-
Invoice (Rechnung)
-
Address (Adresse)
In the following, all document types are listed with the anonymized fields. Any fields not listed here are not anonymized.
Additional notes:
-
Postal code and location are generally not deleted from the database
-
Different delivery addresses are all deleted
-
Additional contact persons are all deleted
-
Additional contacts: Here, only the values are deleted, the structure of the created files is retained
The following list contains al field names in German since the data structure is kept in German within the database. English translation is for informational purposes only.
-
typ
-
titel
-
name (replaced with confgured text string)
-
ansprechpartner
-
abteilung
-
unterabteilung
-
adresszusatz
-
strasse
-
telefon
-
telefax
-
anschreiben
-
email
-
ustid
-
liefertitel
-
liefername (replaced with confgured text string)
-
lieferansprechpartner
-
lieferabteilung
-
lieferunterabteilung
-
lieferadresszusatz
-
lieferstrasse
-
typ
-
titel
-
name (replaced with confgured text string)
-
ansprechpartner
-
abteilung
-
unterabteilung
-
adresszusatz
-
strasse
-
telefon
-
telefax
-
anschreiben
-
email
-
ustid
-
typ
-
liefertitel
-
liefername (replaced with confgured text string)
-
lieferansprechpartner
-
lieferabteilung
-
lieferunterabteilung
-
lieferadresszusatz
-
lieferstrasse
-
telefon
-
telefax
-
anschreiben
-
email
-
ustid
-
typ
-
titel
-
name (replaced with confgured text string)
-
ansprechpartner
-
abteilung
-
unterabteilung
-
adresszusatz
-
strasse
-
telefon
-
telefax
-
anschreiben
-
email
-
ustid
-
liefertitel
-
liefername (replaced with confgured text string)
-
lieferansprechpartner
-
lieferabteilung
-
lieferunterabteilung
-
lieferadresszusatz
-
lieferstrasse
-
internet
The following fields are deleted from a different billing address:
-
rechnung_vorname (billing address first name)
-
rechnung_name (billing address last name)
-
rechnung_titel (billing address title)
-
rechnung_typ (billing address salutation/type)
-
rechnung_strasse (billing address street)
-
rechnung_ansprechpartner (billing address contact person name)
-
rechnung_abteilung (billing address department)
-
rechnung_unterabteilung (billing address subdivision)
-
rechnung_adresszusatz (billing address additional address information)
-
rechnung_telefon (billing address phone number)
-
rechnung_telefax (billing address fax number)
-
rechnung_anschreiben (billing address salutation text)
-
rechnung_email (billing address email address)