Privacy Policy

RomanCart Privacy Policy

Merchants

What Data does RomanCart store about Merchants?
When you register to use RomanCart you supply your name and company name (if applicable) a contact address and contact details such as email address and telephone number. These details are stored by RomanCart so that we can contact you if required. The details you provide may appear on your confirmation emails you send to your customers, so that they can contact you if required. You can change your details at any time using the RomanCart web control panel.

Our Email Policy
From time to time we may send you emails. These will contain information relating to RomanCart which we believe you would benefit from, and also essential information about RomanCart which you may need to know. We also send a renewal reminder email 3,2 and 1 month before expiry of your cart. Another reminder is sent 7 days before expiry and an expiry notice is sent when the cart has actually expired.

Data Backups
Our systems are backed up throughout the day with an additional backup taking place every 24 hours at a secure offsite facility.

Upgrade Payment
RomanCart does not store or come into contact with your card details. We use PCI compliant third party payment providers for this purpose.

Access to your Data
Apart from each merchant, access to the data on the RomanCart machines is limited to employees of RomanCart Ltd. (who are bound by confidentiality agreements) only. Our servers are located in secure data centers in the UK to which only security approved engineers have access to the hardware.

Business Transactions
In the event that RomanCart is the subject of a merger, takeover or other business transition, ownership of the information RomanCart holds may be transferred. In this instance you will be notified by a message on the web control panel and we will also attempt to contact you by email.

Buyers

What information do we collect from buyers and why?

Shopping Cart Services
RomanCart stores the buyers name, shipping address, billing address, phone numbers, ip address, company name, device details and details of any orders which are initiated whether or not completed. This information is used to provide ecommerce services between the buyer and the merchant including processing and recording orders.

When do we collect this information?
The information is collected when the customer initiates a transaction on the merchants shopping cart.

Cookies And Tracking

Shopping Cart Cookies
Cookies are used to enable the persistance of a shopping cart throughout the buying process. This is to make sure that when a customer adds an item to the cart and then goes back to look at more items, when they return to the cart it still has their already added items in it.

Cookie details:

RMNCTCKC - used to work out if cookies are enabled on the browser. Stored for up to 6 years.
CTAB - used to identify the customer if the details are alreadyknown by the merchant. stored for max 2 years
ROCpersist - used for cart persistence - stored for max 2 years. This is used to persist the contents of a basket.
ASPSESSIONIDSSTRTQDD - this is a standard Microsoft session cookie, only lasts whilst on the site
_cfduid - is from cloudflare - https://support.cloudflare.com/hc/en-us/articles/200170156-What-does-the-CloudFlare-cfduid-cookie-do-

Marketing Tools
RomanCart uses cookies to identify visitors on a site for marketing purposes for the merchant. For example to track the path that buyers take through a website.

What Do We Do With Stored Information When A Merchant Terminates Their Relationship With Us?

Data is stored for legitimate business purposes and to comply with the law unless we receive a valid request to remove the data.

If an account is not accessed by a merchant for 6 months, is not upgraded and does not sell anything, RomanCart may initiate a delete process removing some or all of the data. Anonymised agregated data may be kept and used in perpetuity. For example, total number of users using RomanCart on a given day, or total throughput.

What We Do Not Do With Data Stored With Us

We consider ourselves custodians of the data on behalf of the merchants and as such we would not pass the data to anyone else unless required to by law. We do not use the merchants data for our own purposes apart from to collate agregate information on the system such as how many people are using RomanCart and agregated transaction values.

Data Security

Our systems are run in physically secure environments with multiple levels of security required to access any of our equipment at all locations.
We do not store card details and because of this are 'Out of Scope' of PCI requirements.
We use standard industry practices on information security management at both hardware and software levels to secure the data held with us.

Because of the nature of transmitting data accross the internet and the ever changing nature of internet technologies it is not possible to 100% guarantee the security of stored data.

Control Over And Access To Personal Information

Merchants
RomanCart provides built in functionality to delete contact records from the customer relationship manager and to delete sales records from the Sales manager. You should use these to delete the personal details of contacts as required.

Buyers
To request deletion of your personal data you should contact the Merchant with those details who will be able to action this for you.

GDPR Requests
If you have any requests under the terms of the GDPR and you are a buyer then please contact the merchant who will be able to assist you with this. If you are a buyer who has been unable to contact the merchant or you are a merchant then please email support@RomanCart.com with the subject 'FAO Data Protection Officer'