Dukaan has always respected its user’s rights to privacy and has solid data protection and privacy policies in place. However, as we grow and expand our reach, we understand the need to upgrade our compliance policies to meet the demands of GDPR.
GDPR is the data privacy law drafted and published by the European Union (EU). It is one of the toughest data privacy and security laws in the world, and it has been under effect since May 2018.
Dukaan understands that under the GDPR law, we are required to provide our users with better visibility and control over how their data is processed and used.
We have tied up with Drata to ensure that we are always in compliance with GDPR. Drata’s advanced automation allows us to consistently monitor GDPR against all the requirements.
With Drata, Dukaan has instant visibility across the organization to ensure the end-to-end security and compliance posture of our systems.
We hope that our adherence to the rigorous assessment by Drata serves as valid proof that provides our customers with peace of mind that their data is completely protected.
We are open to any and all discussions about our GDPR compliance and our commitment to data protection. Feel free to contact us with your queries.
It is a very easy-to-use platform, specially designed for entrepreneurs who want to create an independent business with an online storefront, custom domain, and app.
What started out as a platform to provide a functional online storefront to sellers has now grown well beyond that. Dukaan is now an all-in-one platform for brands of all sizes to start, manage, and scale their business online.
Drata is the world’s most advanced security and compliance automation platform with the mission to help businesses earn and keep the trust of their users, customers, partners, and prospects.
With Drata, companies streamline SOC 2, ISO 27001, PCI DSS, GDPR, and HIPAA compliance through continuous, automated control monitoring and evidence collection, resulting in a strong security posture, lower costs, and less time spent preparing for annual audits.
The company is backed by ICONIQ Growth, Alkeon Capital, Salesforce Ventures, GGV Capital, Cowboy Ventures, Leaders Fund, Okta Ventures, SVCI, SV Angel, and many key industry leaders. For more information, visit drata.com.
1. What is GDPR?
General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world, drafted and passed by the European Union (EU).
Organizations anywhere in the world are obligated to comply with GDPR so long as they are targeting or collecting data on people living in the EU.
2. What does GDPR compliance entail?
The GDPR compliance provides people with complete control over the personal data that is collected by an organization. Under this compliance, people can have better visibility over how their data is processed and what they are used for.
3. Who is protected under GDPR?
All the residents and citizens of the European Union (EU) are protected under the GDPR compliance. As long as an organization is targeting people in the EU, or collecting their data, they are supposed to have GDPR compliance in place.
4. What are the 7 principles of GDPR?
The 7 principles of GDPR are as follows:
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimization
- Storage limitation
- Integrity and confidentiality (security)
5. Does the GDPR apply to the sellers or the buyers on Dukaan?
Under GDPR compliance, both the seller’s data and the buyer’s data are protected.
6. Has Dukaan undergone a vulnerability assessment?
Dukaan constantly undergoes vulnerability assessments and makes necessary improvements on a timely basis.
7. What are the types of data protected under GDPR?
There are 3 common types of data collected by organizations, which include:
- Personal Information like email ID, phone number, ID details, etc.
- Non-Personal information like first name, last name, country, etc.
- Sensitive personal information like race and ethnicity, sexual orientation, biometrics, etc.
8. What are the 8 data subject rights in GDPR?
The data subject rights in GDPR are as follows:
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights related to automated decision-making and profiling