axis payroll Year End Updates are now available »

axis vMerchant & GDPR

Frequently Asked Questions

Is axis vMerchant GDPR compliant?

No software product is "GDPR compliant". It is the data you hold, your policies and processes as a data controller which contribute to your organisation's GDPR compliance.

Is my website GDPR compliant?

There are several areas of your website that you may need to review and these generally fall within the area of consent: under GDPR, consent must be "freely given, specific and informed".

This has a number of possible repercussions and so we have compiled a separate GDPR Website Checklist »

Is the data held in axis vMerchant likely to fall within the scope of GDPR?

Almost certainly. Since the scope of “personal data” under GDPR is significantly expanded from the Data Protection act which it supersedes, it is our view that almost any axis vMerchant website and its associated axis diplomat system will hold some elements of “personal data”.

What “personal data” am I likely to be holding in axis vMerchant?

“Personal data” is now defined as anything which can identify an individual. This includes something as apparently innocuous as an email address (regardless of whether it is a personal email address or a corporate/work email address which identifies an individual) so that would encompass many, if not all, of the orders and enquiries captured by your website.

What new functionality has been added to axis vMerchant for GDPR?

Across the business world, the arrival of GDPR has caused a general focus on data privacy. As a result, a number of enhancements have been made to axis vMerchant with a view to improving user's control over privacy settings.

View the latest Privacy-Related Updates for axis vMerchant »

Further enhancements are expected so be sure to keep up-to-date with the latest developments. How to keep updated »

Is axisfirst GDPR compliant?

There is no GDPR compliancy badge or certification. Compliancy can therefore only be established through internal and external audit of an organisation’s information security management. The International Standards Organisation (ISO) provides a specification for an information security management system (ISMS) known as ISO 27001. (An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes.) axisfirst is utilising the ISO 27001 standard in order to demonstrate its practice in managing data protection.

Does axisfirst hold any copies of my data?

axisfirst often has one or more copies of a client’s website data. We use this data for the following purposes:

  • To provide backups for disaster recovery
  • To provide support services (using the data to carry out investigations into reported problems, suspected software bugs or unexpected behaviour).
  • To check compatibility when developing and testing software and website modifications.
  • To provide helpdesk and consultancy advice to you.

In this regard we act as a data processor for You, the data controller. Should you, for any reason, wish axisfirst to delete all copies of the data we hold we on your behalf, we undertake to do this on receipt of a written request from a Director or authorised officer. Should axisfirst cease to provide any services to you, we may permanently delete all copies of your data held by us immediately and without further notice.

Where does axisfirst hold copies of data?

Copies of your data as outlined above may reside in the following locations:

  • Secured on our own network, entirely within the UK.
  • At our web hosting data centre, entirely within the UK.
  • Within Microsoft Azure, limited to data centres in the UK, Ireland or Netherlands.

Is any of my data ever exchanged between axisfirst and third parties?

When developing or testing websites which interface with third parties with which you interact (e.g. a Payment Service Provider or tracking application) then relevant data will need to be transmitted between us and those third parties. All data held within your licensed axis vMerchant system belongs to you and all of that data is treated by us as confidential to your organisation.

In addition, on an on-going basis, your data held within your hosted axis vMerchant website is backed up by us as part of our disaster recovery planning. We will ensure that those backups are stored in secure, off-site facilities as listed above.

Other Useful Links

Call Back
This site uses cookies. By continuing to access this site you are accepting the use of cookies by this site.
Read more about cookies...

Cookies are small text files stored on your device when you access most websites on the internet.

This Website uses cookies in order to make the Website easier to use, to support the provision of information and functionality to you, as well as to provide us with information about how the Website is used so that we can make sure it is as up to date, relevant and error free as far as we can. Further information about the types of cookies that are used on this Website is set out in the box below.

By using this Website you agree to our use of cookies. You can choose to restrict or block cookies set on the Website through your browser settings at any time. For more information about how to do this, and about cookies in general, you can visit Please note that certain cookies may be set as soon as you visit the Website, but you can remove them using your browser settings.

However, please be aware that restricting or blocking cookies set on the Website may impact the functionality or performance of the Website, or prevent you from using certain services provided through the Website. It will also affect our ability to update the Website to cater for user preferences and improve performance.

We don’t sell the information collected by cookies, nor do we disclose the information to third parties, except where required by law (for example to law enforcement agencies).

We may sometimes embed content from 3rd party websites such as YouTube. As a result, when you visit a page containing such content, you may be presented with cookies from these websites. We do not control the dissemination of these cookies and you should check the relevant third party's website for more information.

Cookies We Use

Cookie Description
CookieConfirm The presence of this cookie is used to remember the fact that you have confirmed that you are happy to accept cookies
ASPSESSIONIDxxxxxxxx This is a Session Cookie (session cookies are temporary and are erased when you close your browser). It identifies you from one page to the next and is used, for example, to keep track of your logged-in status.
UserID, account, password These cookies are used to remember your login credentials for when you next visit our website. They are only created if you choose the “Remember Me” option on the login page.
_utma, _utmb, _utmc, _utmz These are cookies created by Google Analytics and are used to provide us information on which web pages are the most popular, and the most popular search terms used by visitors arriving at our site.