How We Handle Your Data

Under GDPR (in the UK the Data Protection Act 2018) anyone who has data stored about them has a right to know why their data is stored, what it is used for and why. This page is here to explain what Despatch Cloud does.

Who we are

Despatch Cloud is an eCommerce company based in Yorkshire. We provide services to other eCommerce companies to help them run their operations. Including Order Processing, Warehousing Management and Inventory Management.

What we do

Despatch Cloud is a data processor for eCommerce companies, and we process the order data. This includes Personally Identifiable Information (PII) of those who place orders. Including name, address, contact details (email address and telephone numbers) and items purchased. We may also store any messages you send with the order.

Why we hold your data

We provide Order Processing Software which connects sales channels such as the companies’ eCommerce websites or marketplaces like Amazon or Fruugo to collate all their orders. Your data is stored on our systems (please see the section on data security below). We hold the data on behalf of our client in order to:

  • facilitate the processing of your orders.
  • enable order data to be matched against payment data.
  • ensure the connection of your order data to couriers to book deliveries.
  • keep records of customer service.
  • update you on the order status.

Data Security

The data is held securely on our systems; all data is encrypted while at rest and in transit and our servers are hosted with ISO 27001 certified data centres. All data centres are in the UK. Despatch Cloud is registered with the Information Commissioners Office (ICO) registration number A8116774.

Your rights over your data

  • You have the right to be informed
  • Through this page we are telling you what data is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties.

  • You have a right to access you data
  • You can submit subject access requests, to us or to our client who your purchased from or processed your order. This obliges us to provide a copy of any personal data concerning you.

    We must respond within one month, although there are exceptions for requests that are manifestly unfounded, repetitive, or excessive.

    There is no charge for this. We are required to confirm your identity before data is provided.

  • You have a right to rectification of your data
  • If you discovers that the data we hold on you is inaccurate or incomplete, you can request that it be corrected. We are required to do this within one month.

  • You have right to erasure data
  • You can request that we erase your data in certain circumstances, for example if the data is no longer necessary, if the data was unlawfully processed or it no longer meets the lawful ground for which it was collected. This includes if you have withdrawn consent.

  • You right to restrict processing
  • You can request that we limit the way an organisation uses personal data.

    As an an alternative to requesting the erasure of data, and you might use this if you contests the accuracy of your personal data.

  • You have a right to data portability
  • You are permitted to obtain and reuse your personal data for your own purposes across different services. This right only applies to personal data that an you have provided to our clients (data controllers) by way of a contract or consent.

  • You have a right to object
  • You can object to the processing of personal data that we have, on the grounds of legitimate interests or the performance of a task in the interest/exercise of official authority.

    We must stop processing information unless they can demonstrate compelling legitimate grounds for the processing that overrides the interests, your rights and freedoms of the individual or if the processing is for the establishment or exercise of defence of legal claims.

    We would however in normal circumstances defend this that we have legitimate grounds to help process your order.

  • Your Rights relating to automated decision-making including profiling
  • While GDPR includes provisions for decisions made with no human involvement, such as profiling, which uses personal data to make calculated assumptions about individuals. This is something we do not currently do.