GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside de EU.
As stated by its third article, on Territorial Scope, the "Regulation applies to the processing of personal data in the context of an estabilishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not".
In the scope of VTEX's services, in what concerns GDPR, the tenants that hold a store on VTEX, and sell to individuals within the European Union are Controllers, while VTEX is the Processor.
As of today, the tools provided by VTEX, through our administrative GUI and our APIs, allows our tenants to be compliant to GDPR. But our commitment goes even further.
All of the principles of GDPR are kept by VTEX and this will always be covered by our policies and agreements.
Lawfullness, Fairness and Transparency: VTEX will always abide to the law and the fair use of the private data collected to provided the service offered, and in an always transparent maner;
Purpose Limitation: the information related to the Data Subject will always be used only for the purpose it is collected;
Data Minimisation: VTEX has, by a company principle, since the launching of the SmartCheckout, in 2014, always collected only the minimum amount of data necessary to process the orders received, and the GDPR corroborates the correctness of this practice;
Accuracy: the data collected and processed by VTEX is necessarily accurate and current, as it is the intention of the Data Subject to have their orders fulfilled as it is of the Controller to fulfill them; VTEX will always provide the means for both parts to have this intention satisfied;
Storage Limitation: as well as for Data Minimisation, also VTEX only stores the information related to the Data Subject while it is necessary for the processing proposed by the service provided;
Integrity and Confidentiality: VTEX will always do whatever is within our reach, based on standards and best practices, to take appropriate measures to ensure segurity of the personal data.
VTEX always works to have our platform offering the best value possible to our tenants' efforts in having a profitable and efficient commerce operation.
We now extend this principle to the constant creation and evolution of tools that, regardless of the comprehensiveness of our current admin GUI and APIs, will progressively and constantly make it easier and more seamless to our tenants, the Controllers, to comply with GDPR.