​​GDPR Compliance

European Privacy Legislation changing in May 2018

What is the GDPR legislation about?

In 1995 the EU Data Protection Directive came into force. This was a regulation designed to protect the information of EU citizens. The GDPR is the replacement regulation that is designed to significantly lift the level of protection of EU citizens’ data by introducing new responsibilities and obligations on organisations that collect or process personal data about their customers. Companies that do not comply will be subject to harsh penalties for non-conformity. This new legislation comes into force on the 25th of May 2018.
The full regulation can be found here: https://gdpr-info.eu/

My Business is not based in the EU, so does this apply to me?

The previous legislation only covered entities that were based inside the EU’s borders. The GDPR goes much further than that and includes any entities that market their products or services to EU citizens, or gather information about citizens in the EU. This means that even if you are not based inside the EU borders, but you control or process the data of EU citizens, the GDPR legislation will apply to you.

Preparing for Compliance

Our team is currently working to ensure you will be able to comply with your responsibilities under the legislation before May 25th, 2018. This will include:

  • Ensuring that we have the appropriate terms and conditions in place.
  • Providing you the tools to assist with compliance.
  • Upgrading our security infrastructure.
  • Monitoring the privacy and regulatory bodies to keep abreast of changes around the implementation of the legislation.
  • Providing subject matter experts in our support team that can assist with any questions or concerns.

This page will be reviewed and updated regularly as we bring more resources online to help you understand and meet your obligations.

The resources that Cin7 are providing on this site give information around GDPR to help you understand that GDPR is a responsibility that you must take seriously. We recommend that you consult an attorney to look at your individual circumstances and advise you on the courses of action that you need to take to be compliant.

How GDPR Compliance Affects the Cin7 Community

Changes to Terms other steps

Cin7 has updated our Terms which comes into effect starting May 25th, 2018. Our new policy addresses new data regulations (including GDPR). It explains how you can make choices about your information, and the measures we’ve put in place to keep your information secure.

Our policy is to respect all laws that apply to our business and this includes GDPR. Further, we understand that our customers have requirements under GDPR as they use Cin7. Cin7 is assisting our customers to be in compliant with GDPR and their local requirements.

As part of our commitment to GDPR compliance, Cin7 will take the following steps to ensure its GDPR compliance and to also support our customers in their compliance:

  • Cin7 will follow appropriate security measures and precautions in accordance with GDPR.
  • Cin7 will assist in notifying regulators of any breaches and promptly communicate any breaches to customers.
  • Cin7 Employees authorized to process personal data are committed to confidentiality.
  • Subprocessors that handle personal data, including our data center partners, will be held to the same data management, security, and privacy practices and standards to which we hold ourselves.
  • Cin7 will carry out data impact assessments and, where appropriate, consult with EU regulators on any risk associated with data impacts that can’t be reasonably by our processes.
  • Where appropriate, we will offer contractual language documenting our commitments to our customers to support their GDPR obligations.
  • Cin7 will assist our customers to respond to data subject requests our customers may receive under the GDPR.


Is Cin7 a Controller or a Processor of personal data?

The GDPR provides strict definitions of entities involved in processing and controlling customers data. (See the GDPR definitions page for more details). Cin7 process personal data to provide our products and services and for other purposes as outlined in our Terms.

Note: A number of our customers may be considered Controllers under the GDPR definitions, which may give rise to specific obligations that those customer need to understand and respond to.

Will Cin7 help respond to an Individual Rights Request?

As a processor of personal data for many of our customers, Cin7 will assist our customers with responding to individual rights requests that they receive under the GDPR. Mostly, customers will be able to address these requests by logging into Cin7 and using settings available within your account. Where this is not possible, please contact us to request assistance with any such individual rights requests.

Where does Cin7 store and send my data?

Our goal is to provide our customers with secure, fast, and reliable services. As a provider of global services, Cin7 runs our services with common operational practices and features across multiple jurisdictions. Today, we store data in data centers located in the US and Australia. We may also allow employees and contractors located around the world to access certain data for product promotion and development, and customer and technical support purposes.

Can you host my data in the EU?

Cin7 will optimize where to host customer data based on how it is accessed around the world (rather than upon request). We don’t guarantee that your data will be hosted in a specific location. However, data hosting location determinations are always based on reducing latency and achieving optimal performance for you and your users.

How does Cin7 handle onward transfers of data outside of the EU?

We need to transfer your personal data to other organizations to help us provide you the service. For example, we use Azure data centers to assist us in storing your data. We require all service providers to enter into contracts with us that guarantee that your personal data will only be used in accordance with the information we provide to you in our Terms. For more information on how we transfer and process personal data, please see our Terms.

Can I opt out of having my data collected or shared?

You have certain choices available to you when it comes to your information. You can exercise some of the choices by logging into Cin7 and using settings available within your account. Where our products are administered for you by an administrator, you may need to contact your administrator to assist with your requests first.

How does Cin7 secure my data?

We have implemented organizational and technical safeguards to secure our users’ data, in compliance with GDPR requirements. Our users’ personal data is pseudonimized when stored, and further encrypted if it is being transferred.

Are third-party apps in the Cin7 Appstore covered under Cin7’s Terms?

Third-party app policies and procedures are not controlled by Cin7, and our Terms do not cover how third-party apps use your information. We encourage you to review the privacy policies of third parties before connecting to or using their applications or services to learn more about their privacy and information handling practices.

How do I contact Cin7 with questions regarding GDPR?

To provide scalable service to our users and customers, we have included GDPR compliance information in our updated Terms and have included answers to commonly asked questions on this page. However, we also understand there are circumstances where it may help to connect with us directly. For more information, please email GDPR@Cin7.com.