Articles in this section

See more

GDPR and Recharge

GDPR, or the General Data Protection Regulation, is a new framework of rules and compliance obligations governing how businesses can collect, use, and share data from consumers within the EU. Even if a business is not based within the EU, they must follow the new rules if any of their customers are EU citizens. The GDPR is designed to empower consumers and their privacy by requiring companies to explain how and what data is being used by the organization. Additionally, the framework assures a level of security and privacy by requiring companies to appropriately safeguard protected data.

Sections

How is Recharge affected?

Recharge provides services to merchants across the globe, many of whom reside within the EU themselves or work with customers who do. The GDPR framework requires compliance not just from the merchant, but any company with whom the merchant chooses to engage if that work includes processing data from EU customers. In this case, since Recharge provides payment processing for merchants, Recharge must be in compliance in order to ensure their EU Merchants are also compliant.

What has Recharge done to prepare for the GDPR?

Recharge has been hard at work to ensure full GDPR compliance by the May 25, 2018 deadline.

Activities Recharge has undertaken include:

  • Engaged external GDPR experts to ensure the regulation is being followed to its full extent.
  • Re-worked Recharge’s Terms of Service and Privacy policies to include new language referencing GDPR.
  • Reviewed contractual agreements with vendors and processors with which Recharge does business to assess their compliance.
  • Begun GDPR-focused training to Recharge staff who work with protected data on a day-to-day basis.
  • Created and documented new procedures to ensure Recharge’s current workflow satisfies the new regulations.
  • Developed a Data Protection Impact Assessment process to evaluate and mitigate security and privacy risks as they evolve.
  • Evaluated Recharge’s current state as it relates to the data it processes on behalf of its merchants.

Will Recharge enter into a Data Processing Agreement with its merchants?

For merchants who use Recharge's services subject to the online Terms of Service, Recharge has revised its terms to incorporate a data processing addendum.
 
You don't have to sign this document as it is appended to the terms of service and you agree to it by continuing to use Recharge services. This fulfills the requirement of Article 28(3) of the GDPR. Recharge is not able to sign an individual agreement with each merchant.

 

Related articles