The 25th of May 2018 was an important day for data protection and personal rights. Simultaneously this date denotes a special day for web shop managers selling goods to or processing data of citizens within the European Union. It was the day when the General Data Protection Regulation (GDPR) entered into force. The new regulation enriches the former Data Protection Directive and evolves it to protect the rights of individuals regarding their personal data. Thereby personal data are defined as all data that can be used to identify an individual. The so called personally identifiable information is for example the name, email address or phone number (provided as contact information) or the IP address, geolocation or the behavioral data of a person (collected via web tracking).
Regarding the areas 2 and 3, the personal data is collected or generated in the background, accordingly it is below the perceptional threshold of a person. As a result, this data is collected and processed without the explicit consent of the user. This is where the new regulation strongly applies in order to give users better possibilities to control what data is processed and for what purpose.
This concerns in particular all data which is passively provided by the user and all data which is shared with third party services:
Regarding possible customer requests we considered the relevant aspects and implemented features to realize a fast export and deletion of all personal data, which was collected within the ICM. A customer can request her or his personal data or the account deletion either as a registered user via the My Account section or as an unregistered user via the Contact Us form.