GDPR: Protecting User Privacy
The EU General Data Protection Regulation (“GDPR”) is the most significant privacy and data protection legislation enacted in years. It comes into effect on May 25th, 2018, and clarifies and imposes new obligations on any party that collects, stores, or processes personal data of individuals located in Europe.
At ShopMessage, we believe that users should be able to control their privacy and have rights over their data usage. We believe GDPR is a good thing for the Internet. ShopMessage has been working diligently, reviewing policies and tools to ensure that our merchant customers can be fully GDPR compliant.
Personal Information the App Collects for ShopMessage Customers
For you, as a business user using the product and browsing the site, we are the data controller and responsible to you. Data is only captured and used to deliver the Service. You can ask us to remove your data at any time by contacting us using the information below.
When you install the App, we are automatically able to access certain types of information from your Shopify account to deliver the Service:
- Products. We collect Product information to send the appropriate product metadata to end users based on their shopping activity.
- Orders. We collect Order information to populate order receipt templates and shipping notifications.
- Customers. We collect Customer information to read preferences, like opting in or out of marketing messages.
- Theme. In some cases, ShopMessage modifies your theme to enable the Service
For end-users of ShopMessage Customers
As an ecommerce merchant, you’re considered a data controller under GDPR. That means you’re the frontline when it comes to explicit consent from your EU prospects and customers for how you plan on using their personal data. The ShopMessage platform includes tools to help merchants capture explicit consent and stay GDPR compliant.
We collect the following types of personal information from you and/or your customers once you have installed the App:
Information about you and others who may access the App on behalf of your store, such as your name, address, email address, phone number, and billing information; Information about individuals who visit your store, such as their IP address, web browser details, time zone, and information about the cookies installed on the particular device; shopping behavior including products viewed, cart updates, and purchases.
We collect personal information directly from the relevant individual using the following technologies: “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org. “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.
How Do We Use Your Personal Information?
We use the personal information we collect from you and your customers in order to provide the Service and to operate the App.
What third parties do we use and what do they have access to?
Here is a list of the third parties we use and how we use them:
Facebook Messenger. Our company uses the Facebook Messenger API to build Facebook Messenger experiences. Facebook has access to all information that comes through the bot. Here is their statement on Facebook Messenger and GDPR.
We use Amazon AWS for hosting. Here is their information on GDPR compliance.
Intercom. We use Intercom for customer support and to send targeting customer messages. It tracks certain behavior within the ShopMessage admin platform, response to the customer support team and certain personal information such as an email address needed to give customer support. Here is their statement on GDPR
Shopify. We offer an integration with Shopify for our customers. Here is their information about GDPR.
Sharing Your Personal Information
We may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
Your Rights. If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.
Additionally, if you are a European resident we note that we are processing your information in order to fulfill contracts we might have with you, or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.
International Data Transfer. The personal data we collect from you are being transferred to the United States and may be processed globally. When transferring your personal data outside of the European Economic Area (“EEA”), we will ensure a similar degree of protection if afforded to it by ensuring appropriate safeguards, as required by law, are in place. When transferring your data to the United States, we ensure that the entities to where the data are being transferred have joined the “EU/US Privacy Shield Framework” approved by the European Commission.
Data Retention. When you place an order through the Site, we will maintain your Order Information for our records for five years unless and until you ask us to delete this information.
Contact Us. For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at [email protected]