GDPR, Data Protection and IT Security at Rich Returns

Data protection and information security are key elements of Rich Returns' products and services. Protecting your data and earning your trust is pivotal to us. Therefore, we have implemented and keep on developing technical and organizational measures to ensure secure processing of information.
Our practices are based on the legal framework of the European General Data Protection Regulation (EU GDPR) as well as common standards, guidelines and principles of IT Security and Protection.
About GDPR

What does it mean?

The GDPR defines an extended set of rights for European Union citizens and residents regarding their personal information. Consequently, it describes strict requirements for companies and organizations on collecting, storing, processing and managing personal data.

Since when?

Applicable from May 25, 2018.

What are the fines?

Fines up to 4% of global revenue.

Even for US companies?

Applies to every company doing business in the EU.

Build trust?

Data protection is a chance to enhance consumer trust.
About Rich Returns

Key facts about our security

This outlines our strategies for protecting sensitive information and preventing unauthorized access. It highlights our commitment to robust cybersecurity measures and the continuous monitoring of our server infrastructure to ensure data integrity and service reliability.

EU hosting

All customer data is hosted in the EU with ISO 27001, 27017, 27018 and SOC1, SOC2, SOC3 compliant partners in order to comply with EU GDPR requirements.

24/7 proactive monitoring

All our systems are continuously monitored for security, availability, and performance.

SSL/HTTPS encryption

Communication with our servers is securely encrypted using SSL, HTTPS, and TLS.

Professional data centers

We exclusively use leading data center providers with excellent physical security controls.

System & data backups

All our systems are regularly backed up for disaster recovery and system outages.

Automatic updates

Benefit from full maintenance with an automated system and application updates.

High availability

World-class data connectivity and uptime, see our status page for details and past performance.

Access permissions

Fine-grained access control via system permissions, roles, and network addresses.

Common questions

Find out more about our data protection practices at Rich Returns.
Where is the customer data hosted?

All customer data is hosted in the EU with ISO 27001, 27017, 27018 and SOC1, SOC2, SOC3 compliant partners in order to comply with EU GDPR requirements.

How does Rich Returns ensure that employees handling customer information are familiar with the legal requirements on data protection?

For one thing, all Rich Returns employees are bound to data secrecy and data protection in general and are made aware of the consequences of any breach.For another thing, we run training and awareness programs regarding the handling of personal details, as well as data protection, on a regular basis. These programs also include new legislation such as the European General Data Protection Regulation (EU GDPR).

Is the application compliant with the European General Data Protection Regulation (EU GDPR)?

We generally assume that we are compliant with the essential requirements of the EU GDPR already today. This includes, in addition to the stipulations of article 25 of EU GDPR data protection by design and by default, supporting the customer in respecting the rights of data subjects such as the right to obtain erasure of personal details as well as the rights of access and data portability (ch. 3 of EU GDPR). Nevertheless, we make sure that the application, the underlying infrastructure and our organizational structure are suitably equipped at various levels to meet the requirements of the EU GDPR.

Has the application been developed in accordance with the stipulations for data protection by design and by default?

Yes, data protection is an integral element of our product strategy. Therefore, even at the development stage of our features and roadmap we carefully respect principles such as data economy and use state-of-the-art measures to ensure an adequate level of protection. In addition, when preparing for the EU GDPR, we reviewed the default settings of the entire application and adapted them to provide the highest-possible level of data protection while still ensuring user friendliness. Furthermore, the settings are generally adaptable to the customer’s individual needs. In order to continuously ensure this, we also defined a process for feeding legal requirements into the product development process on an ongoing basis and reviewing the application accordingly at set intervals.

What happens if there is a data breach at Rich Returns?

In the unlikely event of a data breach at Rich Returns, if personal data of a customer is affected and the breach is likely to entail a risk to the rights and the freedom of the customer’s staff, Rich Returns will immediately notify the customer concerned, so as to enable them to fulfill their legal obligation to inform the regulatory authority and the individuals concerned.

What should I do if I found a security vulnerability in Rich Returns?

For responsible disclosure please get in touch with us directly and include the following details:Web application and APIs:
– URL where the vulnerability was detected
– Account name
– Type of vulnerability
– Information on how the vulnerability can be reproduced

Avatar photoAvatar photoAvatar photo

Start your free trial

Ready to enhance your returns & exchanges experience? Sign up for our free trial today.