![\"cctv.jpg\"](\"https:\/\/images.teemill.com\/5c9bf0185dcf74.46713171.jpg.jpg?w=1140&h=auto\" "\\"pasted-image-0-1553724649232\\"")
<\/p>The European GDPR laws are designed to protect people's rights and address some of the issues in the way data has been handled by big companies in the past. For most online businesses it is not a simple task to ensure GDPR compliance but we built Teemill with the regulations in mind and that means that if you use Teemill according to the terms of use, you're good.<\/p>
In this blog we're going to cover some of the principles behind the legislation contextualised in Teemill terms.<\/p>
<\/p>
First up and perhaps most importantly to security conscious store operators, we do not store card details of customers. Teemill stores are delivered over a secure, encrypted connection and payments are taken in the browser via Stripe. That means their payment details do not pass through our server and cannot be stored or intercepted. So payment data is not at risk by design. We also encrypt all sensitive data like passwords with modern encryption technology. Even if our systems were compromised, there's no card details there to pinch. It would be like breaking into a safe with nothing in it except random letters and numbers.<\/p>
Some data is stored on our server so that we can fulfil contracts and send people relevant content during the time we store their data. First, the way we store that data: We use Open Web Applications Security Protocol (OWASP) guidelines to secure the whole architecture . Professional, modern web development built by an internal team to world class coding standards minimises the risk that our servers could be compromised. And our privacy by design policy means we only store what we need (e.g. Address data for deliveries) and only while we need it. We might store someone's email while an email would be of relevant interest to them, but we delete data when we no longer need it, for example after they have deleted their acocunt, according to our data retention policy.<\/p>
![\"lock.jpg\"](\"https:\/\/images.teemill.com\/5c9bf03e593fd6.08819345.jpg.jpg?w=1140&h=auto\" "\\"pasted-image-1-1553724649232\\"")
<\/p>
When a customer buys something from a Teemill store, Teemill takes the payment and so the contract is between the user and Teemill. The use of the data is described to the data subject in the Teemill privacy policy and terms which are built in to the checkout process and other data collection points. This is convenient for store owners as it means you don't need to do anything, like pay a lawyer to help you write a privacy policy, to be GDPR compliant.<\/p>
The data that we do collect is mapped to data collection points where the user is given clear, easy to understand information about the intended use of their data (mostly contractual obligations, like the fact we need their address so we can post their product to them) or relevant interest reasons (it is likely a customer who has purchased 3 fish themed t-shirts from a store will be interested in knowing if a fish t-shirt sale is on in Summer).<\/p>
Sometimes people ask us why they cannot download their database and keep it. But remember things have changed with GDPR rules. It is not your data, it belongs to the individual.<\/em><\/p><\/blockquote>
But while we securely store the data, you can get the benefit of the data set using the tools in Teemill that allow you to communicate with customers, like the push notification tool. Teemill sends on the content you uploaded via the service and subject to the rules. It is important that if you use marketing tools you use them according to what the customer has agreed to. For example, if you are using the postcard tool to mail your customers stuff related to your brand, that's cool. But if you attempt to spam your customer with unrelated sales offers for some other company, that would violate our terms and probably the legislation.<\/p>
We designed Teemill as a self-contained system with all the tools you need, like enabling follow-around ads on social media, built inside when you are logged in. This means you can use your data without having to download it or access it in its raw form. It is designed this way for the data subject's security (if you lose your password to login to our systems, the data is safe) and whilst you have all the advantages of use via our services, user data is not accessible directly so no data subject sharing agreements are needed between the data controller and processor (Teemill) and you, the store owner using the service. The way that you use these services is governed by the store owner terms of use.<\/p>
In summary, Teemill is designed with the regulations in mind and in a way that enables you to to give your customers great service with fast, easy tools within Teemill straight out of the box, without needing to do anything to secure customer data - it's already secured. No admin, no legals, it just works.<\/p>