Is Toggle a Data Controller or a Data Processor
Under The GDPR, Toggle acts as a Data Processor for you, the Data Controller.
Where does Toggle capture customer data?
Toggle captures customer data:
During checkout: https://[yourwebshopdomain.com]/delivery and https://[yourwebshopdomain.com]/payment
During cardholder registration: https://[yourwebshopdomain.com]/register
Why does Toggle capture customer data?
Under the Privacy and Electronic Communications Regulations (PECR) and GDPR, storing customer email addresses for transactional purposes, such as maintaining records of purchases, is reasonable and permitted under certain lawful bases, such as "contractual necessity" or "legitimate interests." This means you can store these details as they are directly related to fulfilling transactions and providing customer support.
Rights under GDPR
If one of your end-customers requests their "right to be forgotten," you may still have grounds to retain some information. The GDPR allows certain exemptions to the right to erasure, particularly for fulfilling legal obligations (e.g., record-keeping for tax purposes) or for defending against legal claims.
How long does Toggle store data for?
Toggle stores data for the length of our contract with you.
Note that this is not legal advice, and you should also consult your own legal team.