This GDPR Policy applies to individuals in the European Economic Area (EEA), United Kingdom, and Switzerland. It supplements our Privacy Policy and explains how Bee Hedge complies with the General Data Protection Regulation (EU) 2016/679 ("GDPR") in connection with SCC Payments.
We are committed to processing personal data lawfully, fairly, and transparently. This policy explains the legal basis for our processing, the data we hold, and how you can exercise your rights under the GDPR.
Bee Hedge acts as the data controller for personal data collected in connection with SCC Payments licenses, support, and website usage. For questions about data processing, contact our data protection contact at privacy@sccpayments.com.
We process personal data under the following legal bases as defined in Article 6 GDPR:
As detailed in our Privacy Policy, we process only the minimum data necessary:
We do not process special categories of personal data (Article 9 GDPR). We do not use automated decision-making or profiling.
SCC Payments operates entirely on your own server. Your customers' personal data never passes through our systems. As the operator of a WooCommerce store using SCC Payments, you are the data controller for your customers' data. You are responsible for ensuring your own GDPR compliance in that capacity, including providing appropriate privacy notices to your customers and having a lawful basis for processing their data.
The plugin communicates with public blockchain networks using only public wallet addresses and transaction hashes. No personal data is transmitted in this process.
Bee Hedge is registered in the United States. Where personal data is transferred from the EEA to the United States, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission as the transfer mechanism, or other appropriate safeguards as applicable.
Our license validation servers are located in the European Union where possible. Where US-based infrastructure is used, appropriate safeguards are in place.
After the applicable retention period, data is securely deleted or anonymised.
As a data subject in the EEA, you have the following rights:
Request a copy of the personal data we hold about you (Article 15).
Request correction of inaccurate or incomplete data (Article 16).
Request deletion of your data where there is no compelling reason for continued processing (Article 17).
Request that we restrict processing of your data in certain circumstances (Article 18).
Receive your data in a structured, machine-readable format (Article 20).
Object to processing based on legitimate interests, including direct marketing (Article 21).
To exercise any of these rights, contact us at privacy@sccpayments.com. We will respond within 30 days. We may request proof of identity before processing your request.
If you believe we have not handled your data correctly, you have the right to lodge a complaint with your local supervisory authority. In the Netherlands this is the Autoriteit Persoonsgegevens; in Germany the relevant Landesdatenschutzbehörde.
Our website does not use advertising or analytics cookies. We do not use cookie consent banners as we only set technically necessary session cookies. If this changes, we will implement an appropriate consent mechanism and update this policy accordingly.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by Article 33 GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.
For any GDPR-related enquiries or to exercise your rights:
Email: privacy@sccpayments.com
Bee Hedge · Registered in the United States
We aim to respond to all data subject requests within 30 days.