GOePower Online

The complete package of web-to-print solutions.
Contact Us > Book a Demo >

What is GDPR?

The General Data Protection Act (GDPR) is considered to be the most significant piece of European data protection legislation to be introduced in the European Union (EU) in 20 years and will replace the 1995 Data Protection Directive. The GDPR regulates the processing of personal data about individuals in the European Union including its collection, storage, transfer or use. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”). It gives data subjects more rights and control over their data by regulating how companies should handle and store the personal data they collect. The GDPR also raises the stakes for compliance by increasing enforcement and imposing greater fines should the provisions of the GDPR be breached. The GDPR enhances EU individuals’ privacy rights and places significantly enhanced obligations on organizations handling data. In summary, here are some of the key changes to come into effect with the upcoming GDPR: If you are a company outside the EU, you should still be aware of this. The provisions of the GDPR apply to any organization that processes personal data of individuals in the European Union, including tracking their online activities, regardless of whether the organization has a physical presence in the EU. If you have any questions, please don't hesitate to contact us at info@racadtech.com.


What do W2P Customers need to do?

There are two things that you might need to do depending on your situation and jurisdiction. Below are the only impactful changes that we can foresee that might affect you as a result of using W2P :
  1. Make sure your Terms of Service or Privacy Policy properly communicate to your users how you are using W2P (and any other similar services) on your website or app. We have updated the Privacy Policy to factor in the GDPR in a generic way.  The GDPR can heavily penalize you if you’ve not done this clearly. Therefore we recommend you ensure the policies are up to date and clear to your readers.  Any changes that you recommend can be incorporated by us if required.
  2. If you are in the European Union you’ll likely want to sign a Data Processing Agreement with W2P. We’re happy to do so.
Companies using Racad Tech’s W2P Solutions such as GOePOWER, W2P Cloud, W2P Shop, GoPrint2 and uDRAW etc. are considered to be a controller – ‘a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data’. Racad Tech is the processor - ‘a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller’.


GDPR responsibilities as a Controller

As a Controller, you need to share GDPR-related information with your customers. If a store is created for a specific business customer, the sales contract should cover your and their GDPR responsibilities. You also need to have certain processes in place to be compliant. When the text below refers to W2P users, it refers to store users as well as company and printer administrators.


Storage of personal data

W2P  stores personal data of all users. Some fields are mandatory, such as the user’s full name, email address, salutation/gender (if known) and preferred language. Users can see these fields and modify them. Optionally, you can define additional fields and hide these from users. The order history of users is also stored. Stores should include a privacy statement, which you can make available to users using one of the information pages. This privacy statement should provide answers to the following questions:

In a separate Record of Data Processing Activities you need to document which data are stored, who has access and why these data are needed. We have a generic Privacy Policy that you can review thatinclude issues raised by GDPR.  However it is advisable that Controllers review it to ensure compliance within their jurisdictions and apply it as applicable. You should only store personal data that are relevant for use in W2P. Special care should be taken with sensitive or judicial information, such as religion or sexual orientation. Due to the possibility of our customers having stores that may use a tracker such as Google Analytics, our privacy policy is written in a way to account for that possibility and its conformity to GDPR.


Data confidentiality and security

It is important that all personal data are transferred and stored in a secure fashion.


Accuracy of personal data

Personal data should be accurate and kept up to date. This means users must be able to see their personal data and have the means of correcting them. The privacy statement should explain how users can access and update their respective data. When custom fields are used in user profiles and users are prevented from modifying these themselves, the privacy policy should specify the procedure users can use to ask you to modify these data.


Data retention policy

Personal data should not be retained for longer than necessary. If a store for a business customer is no longer in use, you are expected to delete the user profile data it contains within a reasonable time frame. How long personal data are retained is up to you to decide. It is acceptable to do this after a few years only, since customers sometimes switch between suppliers and having the store data at hand if they become a customer again after a year is perfectly fine.


Right to be forgotten

Users have the right to have their personal data removed in W2P. Since they cannot delete their profile data themselves, a W2P produceror administrator has to do this for anyone asking to be removed. Our Privacy Policy stipulates the procedure that users should follow by asking them to send an e-mail with their full name and the subject line ‘Request to Delete Information’.


Consent must be freely given

The GDPR legislation puts certain restrictions on your ability to subscribe customers to a newsletter. This is especially important if you operate public stores. E-mail marketing is a powerful way to reach out to customers, but you cannot add users to your mailing list without their explicit consent or legitimate interest.


W2P's GDPR responsibilities as a processor

W2P is hosted by Racad Tech, who acts as a processor of the personal data you manage. RACAD commits to complying with the GDPR legislation. Below are key responsibilities as a processor: Specifically with regard to W2P, the following points are important:

In summary, it is essential that your W2P users can access your privacy policy within their store and that you have a Record of Data Processing Activities in place. Once those basic requirements are covered you can focus on the other aspects of the GDPR legislation. If you have any GDPR-related questions regarding W2P and its related properties, please contact W2P via email at info@racadtech.com

Here’s a condensed version of our GDPR Roadmap and steps taken to comply with GDPR: