GDPR
At Orderpicking App, we take the protection of personal data very seriously. Our platform is fully GDPR-compliant and built with privacy by design & by default. This means we only process the data strictly necessary for the proper functioning of our service.
What data do we process?
We only process data required to pick and fulfill orders efficiently and accurately:
- Order details: order number, order date, total number of items, shipping options and optional order notes.
- Product information: product image, location, stock quantity, quantity ordered, barcode/SKU.
- Customer data: only the customer’s last name, used for identification on packing slips or pick lists.
We do NOT process email addresses, phone numbers, or payment details.
Data Minimization & Automatic Deletion
We do not store data permanently. Temporary cache used for faster platform performance is automatically deleted from our servers every hour.
Encryption & Anonymization
Our application communicates with a backend REST API over a secure TLS (HTTPS) connection. Each request from the application to the server includes a static API token sent in the request header for authentication purposes.
This token is unique to the application instance and is stored securely within the app environment. The token is required to access protected endpoints and ensures that only authorized clients can perform data operations.
Security measures in place:
• All communication is encrypted via HTTPS (TLS 1.2 or higher).
• The static token is not exposed in the user interface or logs.
• The token grants only the minimum required access (principle of least privilege).
• The API enforces server-side checks to validate the token on each request.
• Rate limiting and IP filtering (if applicable) are implemented to reduce abuse.
• The token can be revoked or rotated if needed.
No sensitive personal data is embedded in the token itself. The token serves purely as an access credential and does not expose or contain any personal information.
These measures align with Article 32 of the General Data Protection Regulation (GDPR), ensuring the confidentiality and integrity of personal data transmitted via the API.
App Data Storage
The Orderpicking App does not store any customer data locally on the mobile device. The only piece of information saved on the device is the API key or token, which is used to securely authenticate and retrieve user-specific settings from our platform.
- No customer names, addresses, or order contents are saved on the phone or tablet.
- All order and product data is retrieved in real-time via secure API connection and is not stored after the picking process is complete.
- This ensures maximum privacy and minimizes data exposure in case of device loss or theft.
Your data stays protected — always encrypted, always minimal, and never stored longer than needed.
Integration with Third-Party Platforms and APIs
The portal may connect to external platforms and APIs for the purpose of data synchronization or integration. These connections are established through secure HTTPS channels and rely on the authentication and authorization mechanisms provided by each individual platform.
Where applicable, personal data may be transmitted to or retrieved from these external systems. The security of such communication is governed by the external platform’s own API protocols, which may include OAuth 2.0, API keys, or other token-based mechanisms.
We assess the security documentation of each integrated platform to ensure reasonable compliance with data protection standards. However, the exact method of authentication and data handling is determined by the platform owner and may vary between systems.
In accordance with Article 28 of the GDPR (if acting as a processor), we ensure that:
• Data processing agreements (DPAs) are in place where required
• External platforms are vetted for GDPR compliance (where personal data is involved)
• Only the minimum necessary data is exchanged with third parties
• Data transfers are encrypted via TLS and subject to access control
Responsibility for the ongoing security of the external API endpoints rests with the platform provider. We monitor integration behavior and take action where data risks are identified.
Security Measures
- Encrypted connections (SSL/TLS)
- Secured API communication
- Regular clearing of temporary storage
- Authentication via unique API keys
Data Processing Agreement
Orderpicking App acts as a data processor on behalf of the webshop owner. Upon request, we provide a standard Data Processing Agreement (DPA) in compliance with GDPR requirements.
Data Subject Rights
As a webshop owner, you are responsible for ensuring data subject rights (access, rectification, deletion, etc.). Orderpicking App supports you in this by avoiding the processing or storage of unnecessary personal data.
Contact & Questions
If you have any questions about our data handling or would like to request a DPA, please contact us at:
