Is elopage GDPR compliant?
Yes, elopage is GDPR compliant.
We only use GDPR-compliant companies as processors (subcontractors). A data processing agreement has been concluded with all subcontractors.
New features / updates under the GDPR
For you as a seller there are the following new features:
- The data processing agreement can be concluded easily, directly online in the account.
- When you visit your elopage pages, your customers will now see a cookie banner by default. You can switch this off or choose the variant in which the cookies can be displayed, selected and deselected (opt-in/opt-out).
What are the differences for sellers in the reseller model compared with those in the seller model?
In the reseller model, you are also the controller according to the GDPR. You conclude a data processing agreement with this model. elopage also processes the data on your behalf.
When a purchase is made, the data is transferred to the reseller (for payment processing) and to elopage (platform).
- Once the data processing agreement has been concluded, you will be provided with a sample text for your website / landing page.
- You conclude a data processing agreement with elopage as well as one with the reseller.
If you sell in the seller model with elopage, it is your shop. You decide which tools, integrations and apps you use in the background and what you do with the collected data. Although we process the payment and digital delivery, we do not work with the data beyond that. The shop and the handling of the data are therefore the responsibility of the seller.
- Use our GDPR-compliant data security generator.
What if I have an affiliate program?
Your publishers have access to the transfers for which they receive commission. This means that data processing / transfer takes place here. Therefore, you should conclude a confidentiality agreement with your publishers.
We are currently considering how we can offer a sample for this and include it directly in the registration process.
Does elopage offer a data processing agreement?
Yes, we offer customers who are registered as sellers on elopage.com a comprehensive data processing agreement according to Art. 28 GDPR. This agreement regulates the relationships between the seller as the "controller" and elopage as the "processor".
This makes it easier for our customers to meet their obligations under the GDPR.
The agreement was drawn up together with our law firm, Keese-Haufs.
Why doesn't the data processing agreement have to be signed?
According to the current formal requirements, electronic conclusion without a qualified electronic signature is sufficient.
Only the person responsible for the company / the seller has access to the account and the agreement can only be concluded from the account. For this reason, upon conclusion, we automatically use the data provided in the legal notice (company name and name of the person responsible) below as the agreement signatory.
Which subcontractors does elopage use?
All subcontractors are listed in Appendix 4 of the "Data processing" agreement.
Which data categories are collected?
The data categories are listed in Appendix 2, paragraph 1 of the data processing agreement.
Which technical and organizational measures does elopage use?
The technical and organizational measures are listed in Appendix 3 of the data processing agreement.
Which services are included in the data processing?
The services are listed in the appendix to the data processing agreement. The service overview includes the apps booked in the seller account.
As soon as an app is booked or canceled or made available by default via an update in the plan, this appendix is automatically updated.
Who can I contact if I have questions?
Sellers who use elopage and have questions about how elopage implements the GDPR are welcome to contact us at email@example.com.
- Customers who have bought a product from a seller who uses the elopage.com platform and would like to exercise their rights as a data subject or
- partners of a seller who uses the elopage.com platform (e.g. publishers, authors, joint venture partners).
please contact the seller's support team because the seller is the controller according to the GDPR.
Exercising the rights of data subjects
Chapter 3 of the GDPR regulates various rights of real people as data subjects for whose implementation the "controller" (in this case the seller who sells their product via elopage.com) is responsible.
This includes, for example, the right of access, the right to erasure of personal data, the right to restriction of processing, the right to data portability, etc.
- Who have purchased a product or
- are your partners (e.g. publishers, authors, joint venture partners)
therefore contact you directly to exercise their rights. You then commission us, as one of your subcontractors, to carry out the implementation.
If a data subject asserts their rights, for example, their right to access, rectification or erasure with regard to their data, by contacting us directly, we will not respond independently, but rather we will refer the data subject to you and wait for your instructions.