Data protection & security as of 03/01/2020

Data protection

Responsible for data processing is:
Ober Dominik
Palatinate Street 13
79211
Germany

info@balloon4fun.com

We are pleased that you are interested in our online shop. Protecting your privacy is very important to us. Below we inform you in detail about the handling of your data.

1. Access Data and Hosting

You can visit our website without providing any personal information. Each time a website is called up, the web server automatically saves a so-called server log file, which contains, for example, the name of the requested file, your IP address, date and time of the call, the amount of data transferred and the requesting provider (access data) and documents the call.

This access data is evaluated exclusively for the purpose of ensuring trouble-free operation of the site and improving our offer. In accordance with Article 6 Paragraph 1 Sentence 1 Letter f GDPR, this serves to protect our legitimate interests in a correct presentation of our offer, which predominate within the framework of a weighing of interests. All access data will be deleted no later than seven days after the end of your visit to the site.

Third Party Hosting Services
As part of processing on our behalf, a third-party provider provides the services for hosting and displaying the website. All data that is collected as part of the use of this website or in the forms provided for this purpose in the online shop as described below is processed on its servers. Processing on other servers only takes place within the framework explained here.

This service provider is located in a country outside the European Union for which the European Commission has determined an adequate level of data protection.

2. Data collection and use for contract processing, contacting and opening a customer account

We collect personal data if you voluntarily provide it to us as part of your order or when contacting us (e.g. via the contact form or e-mail). Mandatory fields are marked as such, since in these cases we need the data to process the contract or to process your contact and you cannot send the order or contact without providing them. Which data is collected can be seen from the respective input forms. We use the data provided by you in accordance with Article 6 Paragraph 1 Sentence 1 lit. b GDPR to process the contract and your inquiries.
If you have given your consent to this in accordance with Article 6 Paragraph 1 Clause 1 Letter a GDPR by deciding to open a customer account, we will use your data for the purpose of opening a customer account.
After the contract has been completed or your customer account has been deleted, your data will be restricted for further processing and deleted after the retention periods under tax and commercial law have expired, unless you have expressly consented to further use of your data or we reserve the right to use the data beyond that is permitted by law and about which we inform you in this statement. The deletion of your customer account is possible at any time and can be done either by sending a message to the contact option described below or using a function provided for this purpose in the customer account.

3. Data Sharing

In order to fulfill the contract in accordance with Article 6 Paragraph 1 Sentence 1 lit. b GDPR, we pass on your data to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of the goods ordered. Depending on which payment service provider you select in the ordering process, we pass on the payment data collected for this purpose to the bank commissioned with the payment and any payment service provider commissioned by us or to the selected payment service to process payments. Some of the selected payment service providers also collect this data themselves if you create an account there. In this case, you must register with the payment service provider with your access data during the ordering process. In this respect, the data protection declaration of the respective payment service provider applies.

We also use an external merchandise management system to process orders and contracts. The data transfer or processing that takes place in this respect is based on order processing.

We use payment service providers and shipping service providers that are based in a country outside the European Union. The transmission of personal data to these companies is only necessary to fulfill the contract.

The same applies to the transfer of data to our manufacturers or wholesalers in cases where they take over the shipping for us (drop shipping).

Data transfer to shipping service providers
If you have given us your express consent to this during or after your order, we will pass on your e-mail address and telephone number to the selected shipping service provider in accordance with Article 6 Paragraph 1 Sentence 1 lit Delivery can contact you for the purpose of delivery notification or coordination.

The consent can be revoked at any time by sending a message to the contact option described below or directly to the shipping service provider at the contact address listed below. After revocation, we will delete the data you have provided for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use data that goes beyond this, which is permitted by law and about which we will inform you in this declaration.
EBAY Fulfillment FIEGE Logistik Stiftung & Co. KG
Sülzenbrückerstr.7
99192 Apfelstaedt
Germany

ondemandcommerce GmbH
Poststrasse 12
20354 Hamburg
Germany

Data transfer to debt collection companies
In order to fulfill the contract in accordance with Article 6 Paragraph 1 Sentence 1 lit. b GDPR, we will pass on your data to a commissioned collection agency if our payment claim has not been settled despite a previous reminder. In this case, the claim will be collected directly by the collection agency. In addition, the disclosure serves to safeguard our legitimate interests in an effective assertion or enforcement of our payment claim in accordance with Article 6 Paragraph 1 Sentence 1 lit. f GDPR.

4. Email Newsletter

E-mail advertising with registration for the newsletter
If you register for our newsletter, we use the data required for this or separately provided by you in order to regularly send you our e-mail newsletter based on your consent in accordance with Article 6 Paragraph 1 Sentence 1 lit.

Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After you have unsubscribed, we will delete your e-mail address from the list of recipients, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we will inform you in this declaration.

5.Cookies

In order to make visiting our website attractive and to enable the use of certain functions, to display suitable products or for market research, we use so-called cookies on various pages. This serves to protect our overriding legitimate interests in an optimized presentation of our offer in accordance with Article 6 Paragraph 1 Sentence 1 lit. f GDPR. Cookies are small text files that are automatically saved on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your end device and enable us to recognize your browser the next time you visit (persistent cookies). You can see the duration of storage in the overview in the cookie settings of your web browser. You can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. These can be found for the respective browsers under the following links:

Internet Explorer™
Safari™
Chrome™
Firefox™
Opera™
If cookies are not accepted, the functionality of our website may be restricted.

6. Online Marketing

Affilinet Affiliate Program
Our website participates in the Affilinet partner program. This is offered by AWIN AG, Eichhornstraße 3, 10785 Berlin (hereinafter "affilinet"). This is a so-called affiliate system in which people registered with affilinet (also "publishers") advertise the products or services of the so-called "advertisers" on their websites using advertising material.
This serves to protect our overriding legitimate interests in the optimization and economic exploitation of our online offer in accordance with Article 6 (1) (f) GDPR.
Using cookies, affilinet can track the process of the respective order and, in particular, understand that you clicked on the respective link and then ordered the product via the affiliate partner program.
You can prevent the setting of cookies by our contractual partners or our website at any time by means of a corresponding setting in your Internet browser. In addition, cookies that have already been set can be deleted at any time via the Internet browser or other software programs.
Further information on data processing at affilinet can be found here .

7. Social Media

Use of social plugins from Facebook, Twitter, Instagram, Pinterest, Xing using the Shariff solution.

Social buttons from social networks are used on our website.

This serves to safeguard our overriding legitimate interests in optimal marketing of our offer in accordance with Article 6 Paragraph 1 Sentence 1 lit. f GDPR. In order to increase the protection of your data when you visit our website, these buttons are not unrestrictedly plug-ins, but only integrated into the page using an HTML link. This integration ensures that when you call up a page on our website that contains such buttons, no connection is established with the servers of the provider of the respective social network.

If you click on one of the buttons, a new window will open in your browser and call up the page of the respective service provider, on which you can (possibly after entering your login data) press the Like or Share button, for example.

The purpose and scope of the data collection and the further processing and use of the data by the providers on their pages as well as a contact option and your rights and setting options for the protection of your privacy can be found in the data protection information of the providers:

https://www.facebook.com/policy.php

https://twitter.com/de/privacy

https://help.instagram.com/155833707900388

https://policy.pinterest.com/en/privacy-policy

https://privacy.xing.com/

Our online presence on Facebook, Youtube, Instagram, Pinterest, Xing

Our presence on social networks and platforms serves to improve, active communication with our customers and prospects. We provide information there about our products and current special offers.
When you visit our online presence in social media, your data can be automatically collected and stored for market research and advertising purposes. So-called usage profiles are created from this data using pseudonyms. These can be used, for example, to place advertisements inside and outside the platforms that presumably correspond to your interests. Cookies are usually used on your end device for this purpose. Visitor behavior and user interests are stored in these cookies. According to Art. 6 (1) lit. f GDPR, this serves to protect our legitimate interests in an optimized presentation of our offer and effective communication with customers and interested parties. If you are asked by the respective social media platform operators for your consent (consent) to the data processing, e.g. with the help of a checkbox, the legal basis for the data processing is Article 6 Paragraph 1 lit.
Insofar as the aforementioned social media platforms are headquartered in the USA, the following applies: The European Commission has issued an adequacy decision for the USA. This goes back to the EU-US Privacy Shield. A current certificate for the respective company can be viewed here.
For detailed information on the processing and use of the data by the providers on their websites, as well as a contact option and your rights in this regard and setting options to protect your privacy, in particular opt-out options, please refer to the providers’ data protection notices linked below. If you still need help in this regard, you can contact us.

Facebook: https://www.facebook.com/about/privacy/
Data processing takes place on the basis of an agreement between joint controllers in accordance with Art. 26 GDPR, which you can view here .
Further information on data processing when visiting a Facebook fan page (information on Insights data) can be foundhere .

Google/ YouTube: https://policies.google.com/privacy?hl=de

Instagram: https://help.instagram.com/519522125107875

Pinterest: https://about.pinterest.com/de/privacy-policy

Xing: https://privacy.xing.com/de/datenschutzerklaerung

Possibility of objection (opt-out):

Facebook: https://www.facebook.com/settings?tab=ads

Google/ YouTube: https://adssettings.google.com/authenticated?hl=de

Instagram: https://help.instagram.com/519522125107875

Pinterest: https://www.pinterest.de/settings

Xing: https://privacy.xing.com/de/datenschutzerklaerung/which-rights-can-sie-apply-make/contradiction

8. Sending E-mail Review Reminders

If you have given us your express consent to this during or after your order in accordance with Article 6 Paragraph 1 Sentence 1 lit Rating System. This consent can be revoked at any time by sending a message to the contact option described below.

9. Contact options and your rights

As a data subject, you have the following rights:

  • pursuant to Art. 15 GDPR, the right to request information about your personal data processed by us to the extent specified there;
  • pursuant to Art. 16 GDPR, you have the right to immediately request the correction of incorrect or incomplete personal data stored by us;
  • pursuant to Art. 17 GDPR, you have the right to request the deletion of your personal data stored by us, unless further processing is required
    • to exercise the right to freedom of expression and information;
    • to comply with a legal obligation;
    • for reasons of public interest or
    • is required to assert, exercise or defend legal claims;
  • according to Art. 18 DSGVO the right to request the restriction of the processing of your personal data, insofar as
    • the accuracy of the data is contested by you;
    • the processing is unlawful but you oppose its erasure;
    • we no longer need the data, but you need them to assert, exercise or defend legal claims or
    • you have lodged an objection to the processing in accordance with Art. 21 GDPR;
  • pursuant to Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible;
  • according to Art. 77 DSGVO the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters.

If you have any questions about the collection, processing or use of your personal data, information, correction, restriction or deletion of data, as well as revocation of consent given or objection to a specific use of data, please contact us directly using the contact details in our imprint.

Right to object
Insofar as we process personal data as explained above in order to protect our legitimate interests, which prevail in the context of a balancing of interests, you can object to this processing with effect for the future. If the processing is for direct marketing purposes, you can exercise this right at any time as described above. If the processing is for other purposes, you only have the right to object if there are reasons that arise from your particular situation.

After you have exercised your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or if the processing is necessary for the establishment, exercise or defense of serves legal claims

This does not apply if the processing is for direct marketing purposes. Then we will no longer process your personal data for this purpose.


Data protection declaration created with the Trusted Shops legal copywriter in cooperation with FÖHLISCH Rechtsanwälte .


************************************************** *************************************

Shopify Privacy Policy as of 12/16/2019

1. Introduction

Welcome to Shopify!

As part of our mission to "make commerce better for everyone", Shopify Inc. and its affiliates, including Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc., Shopify (USA) Inc., Shopify Commerce, collect and process Singapore Pte. Ltd., and Shopify International Limited (collectively "Shopify") a large body of information. This Privacy Policy is designed to help you understand how we collect, use, and store your personal information, whether you are a merchant or end user using Shopify's products, applications, or services (collectively, the "Services"), a customer who makes a purchase from a store using our technology, a customer who has opted into Shopify Pay , a participant in a Shopify "affiliate" program, or simply visiting this website. By using Shopify services, or by dealing with a merchant using Shopify services, you agree to the terms of this Privacy Policy and Shopify's Terms of Service , if applicable.

We may change this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal or regulatory reasons. If we make material changes to this privacy policy, we will notify you of those changes by posting the revised policy on this website, and by other means as appropriate. If you continue to use this website or the support service after these changes are posted, you agree to the changed policy.

2. Information from Merchants

Data protection is important! If you're a merchant, your customers need to know how you, as a controller (and Shopify), collect and process their personal data. This means that if you use the Services, you agree to post an up-to-date and correct data protection declaration in your shop, which complies with the laws applicable to your company. You also agree to obtain consent from your customers for Shopify and other third parties to use and access their customers' personal information. In addition, if you collect sensitive personal information from your customers (including information about health and medical conditions, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or sexuality), you agree to obtain express, affirmative consent from your customers for the use of and obtain access to sensitive personal data by Shopify and other third parties. You can use our data protection declaration generator to help you create your own data protection declaration.

What information do we collect from merchants and why?

  • We collect your name, company name, address, email address, telephone number(s) and payment information (such as your credit card information).

    • We use this information to provide you with our services, e.g. B. to confirm your identity, to contact you, for advertising and marketing communications and billing. We also use this information to ensure that we comply with legal requirements.
  • We collect data about the Shopify websites you visit through your device. We also collect information about how and when you access your account and the Shopify Platform, including: Information about the device and browser used, your network connection, your IP address and information about your navigation behavior on the Shopify interface.

    • We use this information to enable you to access and improve our services, e.g. B. to make our platform user interface more user-friendly. We also use this data to customize the Services for you, for example by rearranging the order of apps in the Shopify App Store so that you see apps that we think will be of interest to you. Finally, we may use this information to provide you with advertising or marketing communications.
  • Upon completion of signing up for the Services and depending on your location, we may create a Shopify Payments account on your behalf. When you activate a Shopify Payments account (relevant for merchants in countries where Shopify Payments is offered ), we collect your business address, business type, business number, date of birth (if you are a sole proprietor), account information and, if applicable, government identification information such as social security number or alternatively, if you are a Canadian trader and do not wish to provide your social security number, a copy of your ID directly from you.

    • We use this information to create a Shopify Payments account for you, to provide Shopify Payments services, including fraud and risk monitoring, and to comply with applicable legal and regulatory requirements.
  • We collect personally identifiable information about your customers that you provide to us or that customers provide when shopping or paying.

    • We use this information to provide our services to you, to process orders, and to provide better service to your customers.
  • If we need to verify your identity (e.g. if we suspect identity theft or if you call support and we need to verify your account), we may ask you to provide us with government-issued identification information.

  • We use some of the personal information you give us to make some automated decisions. For example, we use certain personal information to conduct risk or fraud screening of accounts.

  • We also use personal data in other cases for which you have given us express permission.

When do we collect this information?

  • We collect personal information when you register for, access or otherwise provide the information to our Services.

  • We also work with third parties who provide us with information about dealers or potential dealers, e.g. B. to help us find fraudulent traders.

When and why do we share this information with third parties?

  • Shopify works with various third parties and service providers to provide our Services to you, and we may share personal information with them in support of those purposes.

  • In addition, we may share your information in the following circumstances:

    • to prevent, investigate or take action regarding unlawful activities, suspected fraud, situations involving a potential threat to the physical safety of any person, violations of our Terms of Service or other agreements in connection with the Services or as otherwise required by law.
    • to assist us in conducting marketing and/or advertising campaigns.
    • to comply with legal requirements or to comply with lawful court orders, subpoenas, orders or other requests from public authorities (including to comply with national security or law enforcement regulations).
  • Personal information may also be shared with a company that acquires our business through a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction or practice. In this case, we will publish a corresponding message on our homepage.

  • Shopify will always ask for your consent before sharing your personal information with third parties for purposes other than those described in this Section 2.

  • Shopify is responsible for any onward transfers of personal information to third parties in accordance with the EU-US Privacy Shield Framework, the Swiss-US Privacy Shield Framework, and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

3. Information from Customers

What information do we collect from our dealers' customers and why?

  • From our merchants' customers, we collect name, email address, shipping and billing address, payment information, company name, phone number, IP address, information about orders you have placed, information about Shopify-supported merchant stores that you visit, as well as information about the device and browser used.

    • We use this information to provide the Services to our merchants. This also includes order support and processing, risk and fraud screening, authentication and payments. We also use this information to improve our services.
    • When you sign up for Shopify Pay, we store and use this information to pre-populate the checkout information. We also use this information to customize and enhance your merchant store visit by presenting you with goods and services that are likely to be of interest to you.
  • We use some of the personal information you share with us for some automated decision-making (e.g. IP addresses or payment details) to automatically block certain potentially fraudulent transactions for a short period of time.

When do we collect this information?

  • We collect this information directly from you or your device when you use or access a store that uses our Services, such as when you visit a retailer's website, place an order, or sign up for an account on a retailer's site .

  • When you sign up for Shopify Pay, we also collect this information to prefill your checkout information.

  • We also work with third parties who provide us with information about our dealers' customers, e.g. B. to help us find fraudulent traders.

When and why do we share this information with third parties?

  • Shopify works with various third parties and service providers to provide services to our merchants, and we may share personal information with them in support of those purposes.

  • In addition, we may share your information in the following circumstances:

    • to prevent, investigate or take action regarding unlawful activities, suspected fraud, situations involving a potential threat to the physical safety of any person, violations of our Terms of Service or other agreements in connection with the Services or as otherwise required by law.
    • If the retailer whose shop you are visiting or using asks us to transmit this data (e.g. if they activate a third-party app that accesses customers' personal data).
    • to comply with legal requirements or to comply with lawful court orders, subpoenas, orders or other requests from public authorities (including to comply with national security or law enforcement regulations).
  • Personal information may also be shared with a company that acquires our business or that of a retailer whose store you visit or use through a merger, acquisition, bankruptcy, dissolution, reorganization or similar transaction or practice.

  • Shopify is responsible for any onward transfers of personal information to third parties in accordance with the EU-US Privacy Shield Framework, the Swiss-US Privacy Shield Framework, and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

4. Information from Partners

Affiliates are individuals or companies who have agreed to the Shopify Affiliate Program terms of working with Shopify to promote the Services by (a) referring customers to Shopify, (b) developing themes for Shopify stores, merchants may use, or (c) developing apps using the Shopify Application Interface (API) for merchants to use.

What information do we collect from partners and why?

  • We collect your name, company name, website, Twitter or other social media name, phone number(s), address, business type, email address, PayPal account and VAT/tax number directly from you.

    • We use this information to work with you, to verify your identity, to contact you, to pay you, and to screen for risk, fraud, or similar issues.
  • We collect data about the Shopify websites you visit. We also collect information about how and when you access your account and the Shopify Platform, including: Information about the device and browser used, your network connection, your IP address and information about your navigation behavior on the Shopify interface.

    • We use this information to enable you to access and improve our services, e.g. B. to make our platform user interface more user-friendly. We also use this data to customize the Services for you, for example by rearranging the order of apps in the Shopify App Store so that you see apps that we think will be of interest to you. * We collect personally identifiable information about your customers that you provide to us or that they submit directly to us.
    • We use this information to work with you and provide our services to your customers.
  • We also use personal data in other cases for which you have given us express permission.

When do we collect this information?

  • We collect this information when you register for an affiliate account, when you register one of your customers for our services, or when your customers register themselves. We also collect additional information that you may choose to share with us.

When and why do we share this information with third parties?

  • Shopify works with various third parties and service providers to provide our Services to you, and we may share personal information with them in support of those purposes.

  • In addition, we may share your information in the following circumstances:

    • to prevent, investigate or take action regarding unlawful activities, suspected fraud, situations involving a potential threat to the physical safety of any person, violations of our Terms of Service or other agreements in connection with the Services or as otherwise required by law.
    • to assist us in conducting marketing and/or advertising campaigns.
    • to comply with legal requirements or to comply with lawful court orders, subpoenas, orders or other requests from public authorities (including to comply with national security or law enforcement regulations).
  • Personal information may also be shared with a company that acquires our business through a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction or practice. In this case, we will publish a corresponding message on our homepage.

  • Shopify will always ask for your consent before sharing your personal data with third parties for purposes other than those described in this Section 4.

  • Shopify is responsible for any onward transfers of personal information to third parties in accordance with the EU-US Privacy Shield Framework, the Swiss-US Privacy Shield Framework, and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

5. Information from Shopify website visitors and support users

What information do we collect and why?

  • When you visit or use the Shopify websites, we collect information about the device and browser used, your network connection, your IP address and information about the cookies installed on your device. We also collect personally identifiable information that you have submitted through messaging features on any of our websites ("Messaging Feature").

  • We may also receive personal information when you purchase tickets or send other inquiries to Shopify through our websites.

  • From phone support users, we collect the phone number, call records, and other personally identifiable information you provide to us during the call. Subject to our terms and conditions, we may request additional documentation from you during the call to verify your identity.

  • From chat support users, we collect name, email address, device and browser information, network connection, IP address, chat transcript and other personal information that you provide to us during the chat. According to our terms and conditions, we may request additional documentation from you during the chat to verify your identity.

  • From forum users, we collect name, e-mail address, website URL and other personally identifiable information that you may post there.

We use this information to verify your account, provide and improve our Services (including support and service for your account where relevant), and to answer any questions you may have.

When do we collect this information?

  • We collect this information when you visit the Shopify websites, use services offered on our websites, or contact us by email, web form, instant message, phone, or on or through our websites (including but not limited to forums, blogs, and messaging features) publish content. We also collect additional information that you may choose to share with us.

6. Information from Cookies and Similar Tracking Technologies

What is a cookie? A cookie is a small file that may contain a unique identifier. Cookies are sent to your browser from a website and stored on your device. We assign a different cookie to each device that accesses our website.

Why does Shopify use cookies and similar tracking technology?

  • We use cookies so that we can recognize your device and provide you with a customized experience on our websites or otherwise through the Services. We also use cookies as part of the services, for example to operate the shopping cart for our retailers' shops. To learn more about the use of cookies on our websites and our retailers' websites, see our Cookie Policy .

  • We use cookies to present targeted ads from Google , Facebook , Bing , SourceKnowledge and other third parties. We also use cookies and other information from your browser and/or device to provide you with customized advertising, ads and reports across sessions and devices.

  • Our third-party advertising partners use cookies to track your previous visits to our and other websites on the internet and to show you targeted ads. For more information about targeted or behavioral advertising, visit https://www.networkadvertising.org/understanding-online-advertising .

  • Opting Out: You can opt out of targeted ads from certain third parties by using the Digital Advertising Alliance opt-out page or the Network Advertising Initiative opt-out page.

  • We may also use web beacons, software development kits, and other automated tracking methods on our websites, in communications with you, and on our products and services to measure performance and engagement.

  • Note: Because there is no industry standard for handling "Do Not Track" signals, we do not change our data collection and use practices when we receive such a signal from your browser.

7. Third Party Apps

  • Through the Shopify platform, merchants can connect their store to third- party applications to change functionality or add new functionality to their store. Unless an app is marked as Made by Shopify, Shopify is not responsible for and does not have any control over the functionality of those apps. Ultimately, retailers have control over which apps they use in their shops, and they are responsible for ensuring that the relevant data protection regulations are observed.

8. How long do we keep your personal data?

  • In principle, we keep your personal data for as long as your relationship with us lasts. For retailers, this means that we keep your data for as long as you own a shop on our platform. For partners, this means that we keep your data until you tell us that you want to end your partner relationship with us. We delete personal data 90 days after we receive a deletion request from a retailer or partner. We also delete personal information from merchant stores 90 days after two years of inactivity.

  • In principle, we only process the data of our dealers' customers as a processor on behalf of our dealers, and it is the responsibility of the respective dealer to determine how long he stores the data in our systems.

  • Shopify acts as a processor on behalf of Merchants, except where Personal Data of Merchants' customers is used for the purposes set out in Section 3. These purposes also include risk and fraud screening.

  • If you end your relationship with us, we will generally continue to retain archival copies of your personal data for legitimate business purposes, e.g. B. for defense of a contractual claim or for audit purposes and to comply with the law, unless we receive a lawful request to delete it or, if you are a merchant, you terminate your account and your personal information will be processed following our standard sanitization process turned off.

  • If you use Shopify Pay, we keep your data as long as your Shopify Pay account is active. If you wish to delete your Shopify Pay account and have us delete all of your personal information stored in connection with that account, use the opt-out option at the bottom of our Shopify Pay website .

  • We will continue to collect anonymous or anonymised data, e.g. B. save website visits without identifying characteristics in order to improve our services.

9. What we don't do with your personal information

  • Now and in the future, we will not share personal data with other companies (except for certain Shopify merchants with whom you interact or third-party apps or service providers used by those merchants if you are a consumer or partners who you hire, if you are a merchant) to market their own products or services, disclose, sell, rent, or otherwise make available to them. We also do not and will not "sell" your customers' information, as that term is defined under California law.

  • If you are a merchant using Shopify services, we do not use the information we collect from you or your customers to independently contact or market products to your customers. However, Shopify may contact or market products to your customers if we receive their information from another source, e.g. B. the customers themselves (like when they use consumer-facing Shopify services like Arrive or Shopify Pay ).* We will not charge you more or provide you with a different level of service if you exercise your privacy rights.

10. How do we protect your personal data?

  • We adhere to industry standards for information security management to protect sensitive data. This includes, for example, financial data, intellectual property, employee data and other personal data entrusted to us. Our information security systems are applied to people, processes and information technology systems based on risk management.

  • We conduct annual audits to ensure our handling of your credit card information is in line with industry guidelines. We are certified as a PCI-DSS Level 1 Compliant Service Provider, which is the highest level of compliance available, and our platform is audited annually by an external qualified security expert.

  • No method of transmission of data over the Internet, or method of electronic storage is 100% secure. Therefore, we cannot guarantee the absolute security of your personal data.

11. Residents of the European Economic Area ("EEA")

Shopify works with merchants and users from all over the world, including the EEA. If you are based in the EEA, your personal data will be processed by Shopify International Ltd., the Shopify Affiliate in Ireland. As part of our Services, we may transfer your personal information to other regions, including Canada and the United States. To protect your information when it is transferred outside of the EEA, Shopify uses the EU-US Privacy Shield (explained in more detail below) and intercompany agreements between our various affiliates, who may process your information on behalf of Shopify International Ltd.

If you are a resident of the EEA, you have certain rights under European law in relation to your personal data. These include the right to request access to, correct, amend, delete, transfer to another service provider, or object to certain uses of your personal data. If you are a merchant, affiliate, visitor to Shopify websites, or user of Shopify Support Services and wish to exercise these rights, please contact us using the details below. If you are a customer of a merchant using the Shopify Platform and you wish to exercise these rights, please contact the relevant merchant directly. We act as a processor on their behalf and can only forward your request to the merchant for them to respond.

If you are not satisfied with the response you receive from us, we hope that you will contact us to resolve the issue. However, you also have the right to lodge a complaint with the relevant data protection authority in your country at any time.

In addition, if you are located in the EEA, we would like to point out that we generally process your data in order to comply with any contracts we may have with you (e.g. if you place an order via the Site), or otherwise for Pursuing our legitimate business interests as set out above, except where we are required by law to obtain your consent for a specific processing operation. In particular, we process your personal data to pursue the following legitimate interests, either for ourselves, for our dealers, our partners or other third parties (including customers of our dealers):

  • To make our services and applications available to merchants and others

  • To avoid risks and fraud on our platform

  • To provide communications, marketing and advertising

  • To provide reports and analytics

  • To make it easier for merchants to search for and integrate with apps through our App Store

  • To provide troubleshooting and support services and answer questions

  • To test features or additional services and

  • To improve our services, applications and websites.

If we process personal data to pursue these legitimate interests, we assume that the risks for the data subject can be reduced by the type of processing and the technical and organizational measures taken to protect this data.

12. How do we protect your personal data across borders?

While Shopify Inc. is a Canadian company and stores data primarily in the United States and Canada, we serve people around the world and our technology processes data from users around the world. Accordingly, Shopify may transfer your personal information outside of the country, state, or province in which you reside.

Data transfers may be subject to the laws of those countries. Please see our list of processors for a list of countries to which personal data may be transferred. Shopify does not transfer or store data to countries that do not have robust data protection regimes.

Shopify (in particular the Shopify affiliates Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. and Shopify (USA) Inc.) comply with the EU-US Privacy Shield Agreement regarding the collection, use and retention of personal data from data subjects in the European Economic Area (“EEA”) and the Swiss-US Privacy Shield Agreement regarding the collection, use and retention of personal information from data subjects in Switzerland. In this regard, we have certified that we adhere to the Privacy Shield principles of notice, choice, accountability for onward transfers, security, data integrity and purpose limitation, access, recourse, enforcement and liability.

If you are based in the EEA or Switzerland and you believe that your personal information has been used in a way that is inconsistent with the relevant privacy notices above, please contact us using the information below. If your complaint or dispute is not resolved, you also have the option of contacting the International Center for Dispute Resolution®, the international body of the American Arbitration Association® (ICDR/AAA). This organization provides independent dispute resolution services⏎at no cost to you. You can contact ICDR/AAA at http://go.adr.org/privacyshield.html .

If, after attempting to resolve the ICDR/AAA dispute, you believe that your concerns about our use of your personal information have not been addressed, you can engage in binding arbitration to resolve the issue. For more information on binding arbitration, visit http://www.privacyshield.gov .

By participating in the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework, participating US Shopify entities are subject to the investigative and enforcement powers of the US Federal Trade Commission. Further information on the EU-US Privacy Shield and the Swiss-US Privacy Shield can be found at https://www.privacyshield.gov . Shopify's acknowledgment statement is available at https://www.privacyshield.gov/participant?id=a2zt0000000TNSNAA4&status=Active .

13. Automated Decision Making

In providing the Services, Shopify uses various machine learning algorithms and forms of automated decision-making. We use automated decision-making e.g. B. for the following purposes: to prevent risk and fraud by merchants, to help merchants prevent fraudulent transactions from their customers, to personalize the merchant experience when using our admin area and the App Store, and to determine eligibility for certain services (such as Shopify Capital).

Most of these algorithms (with the exception of the personalization functions and some customer risk/fraud screening, more on this below) are not fully automated and involve some level of human interaction (e.g. risk and fraud scores are provided to merchants for customers, which requires merchants to make a conscious choice about how to handle it. Our personalization algorithms are fully automated, but only affect display features, i.e. how the apps are presented to you on the App Store. Similarly, we have a set of fully automated fraud check blacklists. When we believe that a transaction was made using stolen or fraudulent payment information, this may result in a customer being unable to complete a transaction, but only for a few hours and a few days.

14. Control and Access to Your Personal Data

Shopify understands that you have certain rights regarding your personal information and takes reasonable steps to enable you to access, correct, amend, delete, port, or use your personal information to restrict. If you are a merchant or partner, you can change many types of personal data directly through your account settings, e.g. B. Payment or contact details. If you are unable to change your personal information through your account settings, or you have any questions about the information collected when you visit Shopify websites or use our support services, please contact us so that we can make the changes you want. Please note that if you send us a request regarding your personal data, we need to ensure that it is you before we can respond. In order to do this, we may ask you for a document confirming your identity, which we will destroy after verification.

If you would like to appoint an agent to exercise your rights on your behalf, please email us from the email address we have on file for you. If you email us from a different email address, we will not be able to determine whether the request is from you and we will not be able to honor your request. Please include the name and email address of your authorized representative in your email.

If you are a retailer's customer and wish to exercise these rights, please contact the relevant retailer directly. We act as a processor on their behalf and can only forward your request to the merchant for a response. However, please note that if you delete your personal information or limit its use, the Services may not function properly. If you use Shopify Pay and want your personal information to be deleted, use the opt-out option at the bottom of the Shopify Pay website .

15. Contact Shopify

If you want to make a legal request or serve a subpoena or similar document to obtain information about our merchants, their stores, or other parties whose data we process, please see our Legal Requests Policy .

If you have questions about your personal information or this Policy, or want to make a complaint regarding Shopify's processing of your personal information, contact Shopify by email at privacy@shopify.com or using the contact details below.

If you are based in Europe:

Shopify International Limited

Attn: Data Protection Officer

c/o Intertrust Ireland

2nd Floor 1-2 Victoria Buildings

Haddington Road

Dublin 4, D04 XN32

Ireland

If you are based in Asia, Australia or New Zealand:

Shopify Commerce Singapore PTE. LTD.,

77 Robinson Road,

#13-00 Robinson 77,

Singapore, 068896,

Attn: Legal/Privacy Team

In all other countries/territories:

Shopify Inc.

Attn: Chief Privacy Officer

150 Elgin St., 8th Floor

Ottawa, ON K2P 1L4

Canada

As of December 16, 2019
© 2020 Shopify Inc.