Introduction
SPS Commerce and its affiliates (formerly known as TIE Kinetix) deliver SaaS Services and other IT Services, including embedded services of SPS Commerce’ suppliers (hereinafter all referred to as SaaS Services), enabling businesses and governments to exchange, convert, and process business-related data.
While delivering SaaS Services, SPS Commerce solely serves as the data processor and its customers and partners of customers as the data controller. SPS Commerce does not access the content of the data. Therefore, the scope of the following roadmap is limited to SPS Commerce as a processor.
Incidentally, in order to provide the SaaS Services, personal related data such as IP- or e-mail addresses and professional contact information will be processed.
SPS Commerce has initiated an internal GDPR Compliance project in 2017, involving all TIE Kinetix affiliates (including TIE Nederland BV, TIE Kinetix DACH GmbH, Performance Analytics GmbH, TIE Kinetix SAS and TIE Commerce Inc).
In case of any question related to the GDPR Compliance project, please send an e-mail to privacy@TIEKinetix.com. Information is also available at www.TIEKinetix.com.
Approach
At SPS Commerce, based out of the Breukelen office, the Netherlands, a Security Officer (the Director of Technology, European Operations) and a Privacy Officer (the General Counsel) are appointed to coordinate the GDPR Compliance project and to secure GDPR Compliance since May 25, 2018.
To be able to comply with the GDPR regulations, SPS Commerce has implemented organizational, administrative and technical controls. The GDPR compliance project has been executed based on the following principles and assumptions (status March 2024):
- Promoting awareness of new legal obligations for all SPS Commerce (former TIE Kinetix staff and contractors) across the globe;
- Overview/assessment of data processing has been executed;
- Data protection impact assessment has been executed;
- A security assessment has been executed;
- SaaS Services and software will be created based on Privacy by design and by default;
- Security Officer has been appointed;
- Privacy Officer has been appointed;
- A Privacy Policy has been implemented
- A Data Breach Policy has been implemented;
- All SPS Commerce Staff and contractors (formerly TIE Kinetix) are subject to the "TIE Kinetix IT & Security Policy";
- Consent of the individuals to store and process their personal data has been arranged;
- Rights of individuals related to personal data are respected at all times (such as correction and deletion of personal data);
- Contractual obligations are the legal basis for data storage and processing by SPS Commerce;
- The Dutch Privacy Authority is competent for all SPS Commerce privacy issues in Europe.