Our commitment to data protection for EU/EEA residents and merchants worldwide.
EasyStore24 is fully committed to compliance with the General Data Protection Regulation (GDPR). Whether you are a merchant based in the European Union or you serve EU customers, we provide the tools, infrastructure, and processes necessary to help you meet your GDPR obligations.
Unlike some competitors that offer GDPR tools only on higher-tier plans, EasyStore24 includes comprehensive data protection features on every plan at no additional cost.
When you use EasyStore24 to operate your online store, we act as a Data Processor on your behalf. You, the merchant, are the Data Controller for your customers' personal data. This means you determine what data is collected and how it is used, and EasyStore24 processes that data only in accordance with your instructions and these Terms.
We provide a Data Processing Agreement (DPA) to all merchants, available for download from your account settings or by contacting gdpr@easystore24.com.
EasyStore24 processes personal data under the following lawful bases: Contract performance — processing necessary to provide our Services; Legitimate interests — fraud prevention, platform security, and service improvement; Legal obligation — compliance with tax, financial, and regulatory requirements; and Consent — marketing communications and non-essential cookies (which may be withdrawn at any time).
Under GDPR, individuals (data subjects) have specific rights. EasyStore24 supports all of them:
Request a copy of all personal data we hold about you. We respond within 30 days.
Request correction of inaccurate or incomplete personal data at any time.
Request deletion of your personal data. We comply within 30 days, subject to legal retention requirements.
Request that we limit processing of your data while a dispute or request is pending.
Receive your data in a structured, machine-readable format (JSON or CSV).
Object to processing based on legitimate interests, including profiling and direct marketing.
EasyStore24 provides merchants with a complete toolkit to manage GDPR compliance for their stores:
Customizable, auto-translated consent banner that complies with EU cookie laws. Blocks non-essential cookies until consent is given.
One-click export of all data associated with a customer in JSON or CSV format, fulfilling data access requests.
Anonymize or permanently delete customer records with a single click while preserving order history for accounting.
AI-powered template that generates a GDPR-compliant privacy policy tailored to your store's data practices.
Track and manage marketing consent for email, SMS, and push notifications with full audit trails.
Automated breach detection and notification workflow to help you meet the 72-hour notification requirement.
EasyStore24's infrastructure spans multiple regions. For EU/EEA data, we use EU-based data centers as the primary storage location (Frankfurt, Germany). When data must be transferred outside the EEA for processing, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission (Decision 2021/914), supplementary security measures including encryption and access controls, and transfer impact assessments for each sub-processor.
A list of our current sub-processors is available at easystore24.com/sub-processors and is updated 30 days before any new sub-processor is engaged, giving you the opportunity to object.
EasyStore24 implements technical and organizational measures (TOMs) that meet or exceed GDPR Article 32 requirements, including AES-256 encryption at rest and TLS 1.3 in transit, role-based access controls with principle of least privilege, multi-factor authentication for all staff access, SOC 2 Type II certified infrastructure, regular penetration testing and security audits, privacy by design and by default in all product development, and employee training on data protection and security awareness.
EasyStore24 has appointed a Data Protection Officer (DPO) to oversee our GDPR compliance program. You can contact our DPO for questions about our data protection practices, to exercise your data subject rights, to report a data protection concern, or to request our Data Processing Agreement.
Data Protection Officer
Email: dpo@easystore24.com
EU Representative: EasyStore24 EU Ltd., Dublin, Ireland
If you believe that our processing of your personal data violates GDPR, you have the right to lodge a complaint with your local Data Protection Authority. Our lead supervisory authority is the Irish Data Protection Commission (DPC), as our EU representative is established in Ireland.
We encourage you to contact us first at dpo@easystore24.com so we can address your concerns directly.
Start your free trial with GDPR tools built in from day one — no add-ons required.
Start Free Trial