This Security Policy explains what information Cresco Data Pte Ltd collects about Customers, why and what we do with that information, how we share it, and how we handle the content Customers place in our platform. It also explains the choices available to you regarding our use of your Personal Information and how you can access and update this information.
- “CrescoData Platform” means CrescoData’s cloud-based commerce software platform that allows a Customer to automate and synchronise the delivery of product information to Publishing Destinations, which may include marketplaces, webstores and product listing advertisements.
- “Customer Data” is information required from the Customer in order to deliver the CrescoData services. This includes Customer and company information. Publishing Channel details and log-ins
- “Content” is any information or data that you upload, submit, post, create, transmit, store or display whilst using a CrescoData service.
- “Product Data” means all information and materials related to Seller products and brands that Sellers provide to Customer that is uploaded, processed or otherwise stored in the CrescoData Platform, or that The Customer directs CrescoData to collect on its behalf, including image files, text, stock availability, templates, product descriptions, trade and service marks and other related information
- “Services” This includes any and all data services provided by CrescoData and as requested by Customers.
- “Order Data” Order data is the data that is sent from a Publishing Destination surrounding the purchase of a product. This includes but not restricted to: Product ID, sale price RRP, shipping label information
- “Publishing Destination” means the third party marketplaces, commerce sites, search engines, shopping sites, social commerce channels, digital ad networks and other third party channels supported by CrescoData from time to time that are the subject of the Services, as set out in each Statement of Work.
- “Personal Information” information that may be used to readily identify or contact you as an individual person, such as: name, address, email address, or phone number. Personal Information does not include information that has been anonymised such that it does not allow for the ready identification of specific individuals.
Information you provide to us
We collect the following information:
Customer Data: for account and Profile Information: We collect information about you and your company as you register for an account, create or modify your profile, make a purchases through, use, access, or interact with The CrescoData Platform and Services
Information we collect includes:
- Contact information such as name, email address, mailing address, and phone number
- Billing information such as credit card details and billing address
- Profile information such as a username, and job title
- Preferences information such as notification and marketing preferences
You may provide this information directly when you sign up for a CrescoData Service
Content: We collect and store Content that you create, input, submit, post, upload, transmit, store or display in the process of using our PaaS or CaaS Products or Website. This includes participating in interactive features including surveys, requesting customer support or communicating with us via a third party social media website. For example, information regarding a problem you are experiencing with a CrescoData product could be submitted to our Support Services or posted in our public forums.
Such Content includes any Personal Information or other sensitive information that you choose to include (“incidentally-collected Personal Information”).
Information we collect from your use of CrescoData Services
Storing Product Data is necessary in order to enable the listing of products on the Publishing Destinations. CrescoData stores product and order data to enable reporting and to also enable CrescoData to fix any support issues.
As shown in the examples above, the information we collect is required in order for us to deliver the CrescoData Services.
As such, the analytics information we collect may include Personal Information or sensitive business information.
Information sharing and disclosure
We will not share or disclose any of your Personal Information or Content with third parties except as described in this policy. We do not sell your Personal Information or Content.
Access by your account administrator:
You should be aware that the administrator of your CrescoData Account may be able to:
- access information in and about your CrescoData Platform-as-a-Service
- access account and sales history
- disclose, restrict, or access information that you have provided or that is made available to you when using your CrescoData account, including your Content; and
- control how your CrescoData account may be accessed or deleted.
Service Providers, Business Partners and Others:
CrescoData works with third party service providers to provide, hosting, back-up, storage, virtual infrastructure, payment processing and other services for us. These service providers may have access to or process your Information for the purpose of providing those services for us.
Compliance with Laws and Law Enforcement Requests; Protection of Our Rights:
We may disclose your Information (including your Personal Information) to a third party if (a) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request, (b) to enforce our agreements, policies and terms of service, (c) to protect the security or integrity of CrescoData’s products and services, (d) to protect CrescoData, our customers or the public from harm or illegal activities, or (e) to respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
We may share or transfer your Information (including your Personal Information) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified via email and/or a prominent notice on the CrescoData Services of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
Aggregated or Anonymized Data:
We may also share aggregated or anonymized information that does not directly identify you with the third parties described above.
With Your Consent:
We will share your Personal Information with third parties when we have your consent to do so.
Information we do not share
We do not share Personal Information about you with third parties for their marketing purposes (including direct marketing purposes) without your permission.
Data storage, transfer and security
CrescoData ensures that Customer Data is secure from any outside intrusion.
The CrescoData Platform is hosted with Amazon’s cloud service AWS. None of the AWS components or data stores can be accessed directly from outside the CrescoData account.
Access to any data is only possible through the GUI or the APIs. Access to Customer Data is only available to limited CrescoData staff members. Access to Customer Data is not available to contractors or third parties.
The GUI is a single page app hosted on a public file share and communicates with the CrescoData APIs to retrieve data. Without access to the APIs, the GUI has no data available.
Access to customer data is restricted by company ID.
Any data retrieved is associated with a company id. Data can only be forwarded or sent to systems setup with the same company id. There is no way to overlap orders or access orders from other accounts as this is password protected on The CrescoData Platform. All authentication data is stored encrypted. The public facing APIs are secured with OAuth 2.
CrescoData has taken advantage of AWS expertise to help solve challenges in complying with the EU’s GDPR using AWS’s advanced toolset for identifying, securing, and managing all types of data, including personal data.
While we take reasonable efforts to guard your Personal Information, no security system is impenetrable and due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others, such as hackers.
Where data is transferred over the Internet as part of a Website or SaaS Product, the data is encrypted using industry standard SSL (HTTPS).
Where Downloadable Products are used, responsibility of securing access to the data you store in the Downloadable Products rests with you and not CrescoData. We strongly recommend that administrators of Downloadable Products configure SSL to prevent interception of data transmitted over networks and to restrict access to the databases and other storage used to hold data.
You may opt out of receiving promotional communications from CrescoData by using the unsubscribe link within each email, updating your email preferences emailing us at firstname.lastname@example.org to have your contact information removed from our promotional email list or registration database. Although opt-out requests are usually processed immediately, please allow ten (10) business days for a removal request to be processed. Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding CrescoData’s Services.
Accessing and updating your information
You may often correct, update, amend, or remove your Personal Information in your account settings or by directing your query to your account administrator. You may also contact us at email@example.com or contact us by postal mail using the address listed below. We will respond to your request for access within 30 days.
CrescoData, 41A Kreta Ayer Road, Singapore. 089 003
This Security Policy was last updated 18 April 2018.