Skip to main content

Data protection

Pickware works directly within your Shopware installation and only uses its database. No data is transmitted to us as the manufacturer of Pickware or to third parties. This means that you retain full control over your data and are not dependent on the availability of external infrastructures. Below you'll find our GDPR guide

What is the General Data Protection Regulation?

Since 25/05/2018, the General Data Protection Regulation - GDPR for short - has applied to all companies that automatically process or share personal data. This is naturally the case in the Shopware environment, since personal data is automatically stored during registration and later reused, for example for invoicing.

The most important information at a glance

  • The GDPR has applied since 25/05/2018 to everyone who automatically processes personal data.

  • It sets requirements for the storage, retention, and sharing of personal data.

  • Only a few steps are necessary to be GDPR-compliant with Pickware ERP and all other plugins.

What do you need to consider?

  • In general, all our plugins are installed from the Shopware Community Store. The source code, as well as all data such as names, addresses, stock levels, etc., are thus stored on the user's server. No personal data from the user's shop is transmitted to Pickware GmbH. Therefore, it is not necessary to conclude a data processing agreement (DPA) with us in this context (see Figure 1).

  • The same applies to the use of the WMS App. This communicates via the Shopware API only with the shop operator's servers and does not transmit any personal data to Pickware GmbH.

  • All shipping adapter plugins transmit personal data to the servers of the shipping service providers. This includes, for example, name, address, email address, and phone number. All data absolutely necessary for shipping (name, address) falls under the secrecy of correspondence (Art. 10 Para. 1 of the German Constitution) and is not relevant within the scope of the GDPR. In order for the email address and phone number to be shared with the shipping service provider, the customer's explicit consent is required. Our shipping adapters include a checkbox for customer consent (opt-in) in the frontend. In addition, there is the option to disable the sharing of this data in the configuration.

  • In the bank reconciliation plugin, bank transactions are imported and stored on the servers of finleap connect. Finleap is a service provider that offers an interface to many banks. This interface makes banks' transaction data available to external systems. From there, the data is loaded into the shop operator's shop via the finleap API. Since finleap is granted access to personal data in this process, finleap must be contacted regarding a data processing agreement (DPA).

  • Of course, support will remain essentially as you're used to. When you make a request that requires sharing backend and FTP server access credentials with us, no personal data is generally processed. Although this data may be viewed during support activities, the purpose of sharing the access credentials is not the processing of personal data, which means it's not necessary to conclude a data processing agreement (DPA) with Pickware GmbH. However, if you feel that such an agreement is needed in connection with a support case, we're happy to provide one upon request.

To-dos for shop operators when using Pickware plugins:

  • If the bank reconciliation plugin is used, a data processing agreement (DPA) must be obtained from finleap

.

image2.png

Figure 1: All Pickware plugins are installed on the customer's server. Personal data is never automatically transmitted to Pickware GmbH

Did this answer your question?