General Data Protection Regulation (GDPR) with 12Return.

Introduction

The European Union has taken a monumental step in protecting the fundamental right to privacy for every EU resident with the General Data Protection Regulation (GDPR) which will be effective from May 25, 2018. Simply put, EU residents will now have greater say over what, how, why, where, and when their personal data is used, processed, or disposed. This rule clarifies how the EU personal data laws apply even beyond the borders of the EU. Any organization that works with EU residents' personal data in any manner, irrespective of location, has obligations to protect the data. 12Return is well aware of its role in providing the right tools and processes to support its customers and their users meet their GDPR mandates.

Commitment

We honor our users right to data privacy and protection. We will never rely on advertising as a revenue stream. We will never serve ads to our users. This means that we have no necessity to collect and process users personal information beyond what is required for the functioning of our product.

Where is your data stored

When you sign up with 12Return for a reverse supply chain solution you can choose where to host your account. You can choose between Europe (The Netherlands) and United States. Your data is stored in the chosen datacenter location.

What Personal Data lives in 12Return

Yes

12Return does hold any of this personal data:

• Personal master data (name, address)
• Contact details (telephone number, mobile phone number, email address, fax number, address data)
• System access / usage / authorization data

No

12Return does not hold any of this personal data:

• Personal Data revealing racial or ethnic origin
• Personal Data revealing political opinions
• Personal Data revealing religious or philosophical beliefs
• Personal Data revealing trade union membership
• Genetic or biometric data
• Data concerning health
• Data concerning a natural person's sex life or sexual orientation
• Personal Data relating to criminal convictions and offences

The privacy policy for the 12Return Returns Management System can be found here.

Who is who in GDPR

Entities controlled by you

• Controller means you who, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.<
• Other Controller means any entity other than you that is Controller of your Personal Data, such as your affiliated companies or Client’s, their customers or affiliated companies.

Entities controlled by 12Return

• Processor means 12Return which processes Personal Data on behalf of you as the Controller.
• Subprocessor means any subcontractor engaged by 12Return for the Processing of Personal Data.
• Data Exporter means you located in a Member State (our European datacenter) whose Personal Data is being transferred to a Data Importer.
• Data Importer means a subcontractor established in a country that is neither a Member State nor considered by the European Commission to have adequate protection.

How does 12Return process Personal Data

To Other Controllers

• The Personal Data that has been submitted to 12Return is processed in the 12Return Datacenter in The Netherlands.
• 12Return submits Personal Data with a pre-alert to your affiliated companies who take care of Returns Processing on your behalf. These companies are considered OtherController.

To Subprocessors

• All Personal Data is processed in the 12Return Datacenter in The Netherlands.
• Our Subprocessors are transportation services who are either located in a Member State or in a country with adequate protection.
• 12Return does not submit Personal Data to a Data Importer. Therefor you are not a Data Exporter.

A list of subprocessors can be found under Transportation Services.

How does 12Return protect Personal Data

Data Center and network

We ensure the confidentiality and integrity of your data with industry best practices. Our servers are hosted at Tier IV, fully ISO 27001, 27017, 27018, 22301 and 31000 compliant facilities. All locations comply with the global regulations governed by the EU-US Privacy Shield, GDPR, and the Cloud Security Alliance. The whole infrastructure is monitored 24/7 for security alerts and events.

Application

Security and privacy concerns are deeply embedded in our Software Development Lifecycle (SDLC), we take steps to securely develop and test against security threats to ensure the safety of our customer data. 

Best Practices

We provide a range of security options to ensure data is protected and secure, like different levels of password security. We provide audit log reports as an option in our Enterprise plan.

Do you still have any questions

12Return Customers

If you have any questions please contact your Customer Success Manager or use our contact form.