POLICIES
Website Privacy Notice
Introduction
Welcome to the privacy notice for Vivid Lion Design
We respect your privacy and are committed to protecting your personal data. This privacy notice will tell you how we look after your personal information when you visit our website (regardless of where you visit it from) and when you provide your information to us by other means, and will tell you about your privacy rights and how the law protects you.
Please also use the Glossary to understand the meaning of some of the terms used in this privacy notice.
1. Important information and who we are
Purpose of this privacy notice
This privacy notice aims to give you information on how we collect and process your personal data through your use of this website, including any data you may provide through this website when you filled out our contact form, subscribed to our newsletter, or sent us an email through the address provided on this website. This privacy notice also gives information on how we treat your personal information generally, outside of this website.
This website is not intended for children and we do not knowingly collect data relating to children.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide to you, so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
Controller
Vivid Lion Design (Rachel Ninkovic trading as) is the controller and responsible for your personal data. They are responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact them using the details set out below.
Contact details
Our full details are:
Full name of legal entity:
Rachel Ninkovic
Address:
12 Giffords Croft, Lichfield, Staffordshire, WS13 7HG.
Telephone:
07549 160765
Email:
hello@vividlion.co.uk
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Changes to the privacy notice and your duty to inform us of
changes
Any changes we make to our privacy policy in the future will be posted on this page. Please check back frequently to see any updates or changes to our privacy policy.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Third-party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
2. The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
- Identity Data: includes first name, last name and title.
- Contact Data: includes email address and telephone numbers.
- Technical Data: includes internet protocol (IP) address, and
data collected through the use of cookies (see cookies section below) for more information. - Usage Data: includes information about how you use our website
- Marketing and Communications Data: includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We generally do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. The exception to this is where we are providing services to individuals who are in non-heterosexual relationships, and where the special category data is collected incidentally, rather than directly.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
3. How is your personal data collected?
We use different methods to collect data from and about you including through:
- Direct Interactions: You may give us your Identity and Contact Data
by filling in forms or by corresponding with us by post, phone, email or otherwise - Automated technologies or interactions: As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see the cookies section below for further details.
- Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources as set out below:
- Technical Data from the following parties:
(a) analytics providers such as Google based outside the EU;
(b) Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the EU.
IP Addresses
GDPR classes IP address as personal information so I am obliged to address this.
Some of the cookies mentioned above will collect your IP address.The vast majority of this website’s users will use private Internet Service Providers (ISP) that also use something called Dynamic Host Configuration Protocol (DHCP).This means everytime you log onto the internet you get a different IP address.Meaning I can’t track you personally. The IP addresses will point to your ISP, and they would not give me any details unless ordered to do so by a court order.Users of my website who log in using corporate internet link will have their IP address taken. Again however that IP address would point to the business NOT to the individual.
4. How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you
- Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests
- Where we need to comply with a legal or regulatory obligation
Please see 'Section 10' to find out more about the types of lawful basis that we will rely on to process your personal data.
Generally we do not rely on consent as a legal basis for processing your personal data.
Purposes for which we will use your personal data
We have set out below, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
Please contact us if you need details about the specific legal ground we are relying on to
process your personal data where more than one ground has been set out in the information below.
Purpose/Activity
To respond to your enquiry and to send you the information you have requested
Type of data
(a) Identity
(b) Contact
Lawful basis for processing, including basis of legitimate interest
Necessary for our legitimate interests (to develop our products/services and grow our business)
Purpose/Activity
To manage our relationship with you and to perform services for you, which will include:
(a) sending deliverables to you and discussing additional work with you
(b) Notifying you about changes to our terms or privacy policy
(c) communicating with you about our products and services
Type of data
(a) Identity
(b) Contact
(c) Profile
(d) Marketing and Communications
Lawful basis for processing, including basis of legitimate interest
(a) Necessary to comply with a legal obligation
(b) Necessary for the performance of a contract with you
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services, and to develop our business)
Purpose/Activity
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
Type of data
(a) Identity
(b) Contact
(c) Technical
Lawful basis for processing, including basis of legitimate interest
(a) Necessary for our legitimate interests (for running our business, provision of administration and
IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
Purpose/Activity
To use data analytics to improve our website
Type of data
(a) Technical
(b) Usage
Lawful basis for processing, including basis of legitimate interest
Necessary for our legitimate interests (to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
Promotional offers from us
We may use your Identity, Contact, Technical, Usage and Profile Dat to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which information may be relevant foryou (we call this marketing).
You will receive marketing communications from us if you have requested information from us and you have not opted out of receiving that marketing.
Third-party marketing
We will not share your personal data with any other company for marketing purposes.
Opting out
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
Cookies
Our site uses cookies to distinguish you from other users of our site. This helps us to provide you with a good experience when you browse our site and also allows us to improve our site.
The only cookies in use on our site are for Google Analytics. Google Analytics is a web analytics tool that helps website owners understand how visitors engage with their website. Google Analytics customers can view a variety of reports about how visitors interact with their website so that they can improve it.
Like many services, Google Analytics uses first-party cookies to track visitor interactions as in our case, where they are used to collect information about how visitors use our site. We then use the information to compile reports and to help us improve our site.
Cookies contain information that is transferred to your computer’s hard drive. These cookies are used to store information, such as the time that the current visit occurred, whether the visitor has been to the site before and what site referred the visitor to the web page.
Google Analytics collects information anonymously. It reports website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit our site. For
information about how Google Analytics uses your personal information, and about how to control the information sent to Google, please visit https://www.google.com/policies/privacy/partners and https://www.google.com/policies/technologies/types. To opt out of Google Analytics, please visit https://tools.google.com/dlpage/gaoptout.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
5. Disclosures of your personal data
We may need to share your personal data with service providers based in the UK and elsewhere who provide website development, email and website hosting services, file transfer services, and printing services or other project-related work. The service providers that we use are as follows:
DPD, DHL and Royal Mail (for deliveries of printed materials)
Dox Direct - www.doxdirect.com
Route 1 Print - www.route1print.co.uk
The Pad Printers - www.thepadprinters.co.uk
Instant Print - www.instantprint.co.uk
FastMail (business email) - https://www.fastmail.com/
Digital Ocean (website hosting) - https://www.digitalocean.com/
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. We have ensured as much as possible that all our third party suppliers who MAY hold personal data are also GDPR compliant, and where they are not I have taken steps to remove any possible data and found GDPR compliant companies.
6. International Transfers
We do not transfer your personal data outside the European Economic Area (EEA) or Switzerland, save to our service providers who are based outside the EEA, as stated above in paragraph 5. When we share your data with entities located in countries outside the EEA or Switzerland that do not provide for an equivalent level of data protection to that offered within the EEA, we will put in place contractual guarantees in accordance with the applicable law.
7. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to service providers and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Unfortunately, no information security system can be 100% secure. As a result, although we strive to protect your personal data, we cannot ensure or warrant the security of your personal data against unpredictable loss or unauthorised access.
8. Data Retention
How long will you use my personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
You can request details of retention periods for different aspects of your personal data by contacting us
In some circumstances you can ask us to delete your data: see 'Request Erasure' in section 9 below
for further information.
9. Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. Please visit section 10 below to find out more about these rights:
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data.
- Object to processing of your personal data.
- Request restriction of processing your personal
data. - Request transfer of your personal data.
- Right to withdraw consent.
If you wish to exercise any of the rights set out above, please contact
us.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
10. Glossary
LAWFUL BASIS
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
YOUR LEGAL RIGHTS
You have the right to:
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Vivid Lion Design - Cookie Policy
This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping baskets, and provide anonymised tracking data to third party applications like Google Analytics.
As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser.
Use of Cookies
This website uses cookies to better the users experience while visiting the website. Where applicable this website uses a cookie control system allowing the user on their first visit to the website to allow or disallow the use of cookies on their computer/device.
This complies with recent legislation requirements for website’s to obtain explicit consent from users before leaving behind or reading files such as cookies on a user’s computer/device.
Cookies are small files saved to the user’s computers hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and it’s external serving vendors.
This website uses tracking software to monitor its visitors to better understand how they use it.
This software is provided by Google Analytics and Facebook which uses cookies to track visitor usage. The software will save a cookie to your computers hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information. You can read Google’s privacy policy here for further information [ http://www.google.com/privacy.html ]. You can read Facebook’s
privacy policy at: www.facebook.com for further information
Other cookies may be stored on your computers hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected.
You can find more information about cookies in our Privacy Policy. Our website is powered by Shopify, please find below the Shopify Cookie and Privacy Policy for your convenience. These policies are subject to change, current policies are available at: www.shopify.com
We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here:
Shopify Privacy Policy
Introduction
In our mission to make commerce better for everyone at Shopify, we collect and use information about you, our
- merchants using Shopify to power your business
- customers who shop at a Shopify-powered business
- partners who develop apps for merchants to use, build stores on behalf of merchants, refer potential entrepreneurs to Shopify, or otherwise help merchants operate or improve their Shopify-powered business
- users of Shopify apps and services like Shop or Shop Pay
- visitors to Shopify’s websites, or anyone contacting Shopify support
This Privacy Policy will help you better understand how we collect, use, and share your personal information. If we change our privacy practices, we may update this privacy policy. If any changes are significant, we will let you know (for example, through the Shopify admin or by email).
Our Values
Trust is the foundation of the Shopify platform and includes trusting us to do the right thing with your information. Three main values guide us as we develop our products and services. These values should help you better understand how we think about your information and privacy.
Your information belongs to you
We carefully analyse what types of information we need to provide our services, and we try to limit the information we collect to only what we really need. Where possible, we delete or anonymize this information when we no longer need it. When building and improving our products, our engineers work closely with our privacy and security teams to build with privacy in mind. In all of this work our guiding principle is that your information belongs to you, and we aim to only use your information to your benefit.
We protect your information from others
If a third party requests your personal information, we will refuse to share it unless you give us permission or we are legally required. When we are legally required to share your personal information, we will tell you in advance, unless we are legally forbidden.
We help merchants and partners meet their privacy obligations
Many of the merchants and partners using Shopify do not have the benefit of a dedicated privacy team, and it is important to us to help them meet their privacy obligations. To do this, we try to build our products and services so they can easily be used in a privacy-friendly way. We also provide detailed FAQs and documentation covering the most important privacy topics, and respond to privacy-related questions we receive.
Why we process your information
We generally process your information when we need to do so to fulfill a contractual obligation (for example, to process your subscription payments to use the Shopify platform), or where we or someone we work with needs to use your personal information for a reason related to their business (for example, to provide you with a service). Laws in the European Economic Area (“EEA”) and in the United Kingdom (“UK”) call these reasons “legitimate interests.” These “legitimate interests” include:
- preventing risk and fraud
- answering questions or providing other types of support
- helping merchants find and use apps through our app store
- providing and improving our products and services
- providing reporting and analytics
- testing out features or additional services
- assisting with marketing, advertising, or other communications
We only process personal information for these “legitimate interests” after considering the potential risks to your privacy and balancing any risks with certain measures—for example, by providing clear transparency into our privacy practices, offering you control over your personal information where appropriate, limiting the information we keep, limiting what we do with your information, who we send your information to, how long we keep your information, or the technical measures we use to protect your information.
We may also process your personal information where you have provided your consent. In particular, where we cannot rely on an alternative legal basis for processing, where you direct us to transfer information to a third party, where we receive your data from a third party is sourced and it already comes with consent or where we are required by law to ask for your consent (including in the context of some of our sales and marketing activities). At any time, you have a right to withdraw your consent by changing your communication choices, opting out from our communications or by contacting us.
Depending on whether you are a merchant, customer, partner, user or visitor, please refer to our supplemental privacy policies, as relevant, to understand our purposes for processing, categories of recipients and legal basis for processing for each type of personal data.
Your rights over your information
We believe you should be able to access and control your personal information no matter where you live. Depending on how you use Shopify, you may have the right to request access to, correct, amend, delete, port to another service provider, restrict, or object to certain uses of your personal information. We will not charge you more or provide you with a different level of service if you exercise any of these rights. Please note that a number of these rights apply only in certain circumstances, and all of these rights may be limited by law.
If you buy something from or otherwise provide your information to a Shopify-powered store and wish to exercise these rights over information about your purchase or interaction, you need to directly contact the merchant you interacted with. We are a processor and process information on their behalf. We will of course help our merchants to fulfill these requests to the extent required by law, such as by giving them the tools to do so and by answering their questions.
If you are a merchant, partner, Shop user, Shopify employee, website visitor or other individual that Shopify has a direct relationship with, please submit your data subject request through ouronline portal. Please note that if you send us a request relating to your personal information, we have to make sure that it is you before we can respond. In order to do so, we may use a third party to collect and verify identification documents. Further information about rights available to US residents can be found below under the header “United States Regional Privacy Notice”.
If you are not happy with our response to a request, you can contact us to resolve the issue. If you are located in the EEA or UK, you also have the right to lodge a complaint with your local data protection or privacy authority at any time.
Finally, because there is no common understanding about what a “Do Not Track” signal is supposed to mean, we don’t respond to those signals in any particular way.
Where we send your information
We are a Canadian company, but we work with and process data about individuals across the world. To operate our business, we may send your personal information outside of your state, province, or country, including to the United States. This data may be subject to the laws of the countries where we send it. We take steps to protect your information when we send your information across borders.
Depending on whether you are a merchant, customer, partner, user or visitor, please refer to our supplemental privacy policies, as relevant.
Transfers outside of Europe and Switzerland
If you are located in the EEA, the UK, or Switzerland, your personal information is controlled by our Irish affiliate, Shopify International Ltd. Your information is then sent to other Shopify locations and to service providers who may be located in other regions, including Canada (where we are based) and the United States. When we send your personal information outside of the EEA, UK or Switzerland, we do so in accordance with applicable law.
If you are in the EEA, the UK, or Switzerland, when we send your personal information to Canada it is protected under Canadian law, which the European Commission has found adequately protects your information. If we then send this personal information outside of Canada (for example, when we send this information to our Subprocessors), this information is protected by contractual commitments that are comparable to those provided in the Standard Contractual Clauses.
Finally, while we do what we can to protect your information, we may at times be legally required to disclose your personal information (for example, if we receive a valid court order). For information about how we respond to such orders, please review our Guidelines for Legal Requests.
How long do we retain your information
We will retain your personal data only for as long as necessary to fulfill the purposes for which we have collected it. To determine the appropriate retention period, we consider the amount, nature and sensitivity of your personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements. We will also retain and use your personal information to the extent necessary to comply with our legal obligations, resolve disputes and enforce our policies. If you stop using our services or if you delete your account with us, we will delete your information or store your information in an aggregated and anonymized format.
Depending on whether you are a merchant, customer, partner, user or visitor, please refer to our supplemental privacy policies, as relevant, for further details on the retention of your personal information.
Our use of Machine Learning
One of the ways in which we are able to help merchants using Shopify is by using techniques like “machine learning” (some laws, including certain EEA and UK laws, may refer to this as “automated decision-making”) to help us improve our services. When we use machine learning, we either: (1) still have a human being involved in the process (and so are not fully automated); or (2) use machine learning in ways that don’t have legal or similarly significant effects (for example, reordering how apps might appear when you visit the app store).
How we protect your information
Our teams work tirelessly to protect your information, and to ensure the security and integrity of our platform. We also have independent auditors assess the security of our data storage and systems that process financial information. However, we all know that no method of transmission over the Internet, and method of electronic storage, can be 100% secure. This means we cannot guarantee the absolute security of your personal information. You can find more information about our security measures at /security.
How we use “cookies” and other tracking technologies
We use cookies and similar tracking technologies on our website and when providing our services. For more information about how we use these technologies, including a list of other companies that place cookies on our sites, a list of cookies that we place when we power a merchant’s store, and an explanation of how you can opt out of certain types of cookies, please see our Cookie Policy.
How you can reach us
If you would like to ask about, make a request relating to, or complain about how we process your personal information, please contact Shopify Support, or mail us at one of the addresses below. If you would like to submit a legally binding request to demand someone else’s personal information (for example, if you have a subpoena or court order), please review our Guidelines for Legal Requests.
If you are a merchant, partner, Shop user, Shopify employee, website visitor or other individual that Shopify has a direct relationship with and you are located in the EEA or UK, Shopify International Ltd is the controller of your personal data. If you buy something from or otherwise provide your information to a Shopify-powered store, the merchant is your data controller and we are acting as a processor on their behalf.
If you have questions about how a merchant or store processes your personal information, you should contact the merchant or visit their privacy policy.
If you are located in the EEA, the UK, the Middle East, South America, or Africa:
Shopify International Ltd.
Attn: Data Protection Officer
c/o Intertrust Ireland
2nd Floor 1-2 Victoria Buildings
Haddington Road
Dublin 4, D04 XN32
Ireland
United States Regional Privacy Notice
This United States Regional Privacy Notice (“US Notice”) supplements our Privacy Policy and all supplemental privacy policies on www.shopify.com (together, the “Shopify Privacy Policies”).
This US Notice is for individuals residing in certain US states and is designed to help you better understand how we collect, use, and disclose your personal information and, depending on how you use Shopify and where you reside, how to exercise available rights under various applicable privacy laws in the US, specifically the California Consumer Privacy Act, the Colorado Privacy Act, the Connecticut Act Concerning Personal Data Privacy and Online Monitoring, the Utah Consumer Privacy Act, and the Virginia Consumer Data Protection Act (collectively, the “US Privacy Laws”).
What information we collect and share about you
To provide our apps and services to you, we must process information about you, including personal information.
We do not “sell” your personal information as that term is defined under US Privacy Laws.
Here is a summary of the categories of personal information we may have collected about you over the past 12 months and with whom we may have disclosed that information to, depending on how you use Shopify.
Categories of personal information collected:
- Identifiers, including name, email address, mailing address, phone number;
- Personal information categories listed in the California Customer Records statute, including name, mailing and billing address, phone number, credit or debit card information;
- Commercial information, including products you purchase, place in your shopping cart, favorite or review (if you are a customer) and information you provide us about you and your business (if you are a merchant);
- Photos and videos, which may include face imagery, if you choose to provide them.
- Internet or other electronic network activity information, including information regarding the device and browser you use, network connection, IP address, and how you browse through our apps and sites;
- Geolocation data, including your mailing and billing address;
- Inferences, or information derived from other personal information about you, which could include your preferences, interests, and other information used to personalize your experience;
- Other information you provide; and
- Sensitive personal information, which may include:
Recipients of personal information:
- Companies who help us provide you with our services, including cloud storage providers, payment processors, fulfillment partners, security vendors, email providers, marketplaces and data analytics vendors;
- Advertisers and marketing vendors;
- Merchants whose shops you visit or make purchases from;
- Partners who provide a range of services to merchants, such as by developing apps or themes for use by merchants, serving as an affiliate that refers potential merchants to us, or helping merchants build or manage stores;
- Law enforcement or other third parties in connection with legal requests, to comply with applicable law or to prevent harm.
Why we collect and share your Personal Information
We use and share your personal information for the purposes set out in the Shopify Privacy Policies. For categories of sensitive personal information that we collect, we only use or disclose such information either with your specific consent when required, or as otherwise permitted by law.
Sources of Personal Information
To make commerce better for everyone at Shopify, we collect and use personal information provided by:
- You: We collect the information you provide when you use our platform, including when you sign up for Shopify as a merchant, visit a Shopify-powered store, fill in order information, visit one of Shopify’s websites or contact Shopify support. We collect account and payment information you provide to us (including information about your business if you are a merchant), Shopify stores or items you save to favorites, purchases you make, reviews you post, and how you otherwise interact or communicate with stores or other users on our apps or services. We also collect information about how you browse through our apps and sites, including search terms you may enter.
- Your device(s): We collect information from and about the devices you use, including computers, phones, and other web-connected devices you use to access our apps or services, and we combine this information across different devices you use.
- Third parties: We receive information from partners who help us provide you with our services including the following:
- Email providers. If you use the Shop App and you connect your third party inboxes, such as Gmail or Outlook (according to their terms and policies and as permitted by applicable law), we receive information to identify shopping-related emails and display within Shop information about specific orders you have made, stores you have engaged with in the past, and other related information.
- Service Providers. We receive information from our service providers, who help us provide services to our merchants, like reviewing accounts for fraud or other concerns.
- Marketplaces. If you use the Shop App, we receive information about purchases you have made from other marketplaces or platforms, such as Amazon, that you choose to connect through Shop. This information helps us to provide and improve Shop, to personalize your experience using our apps and services, and to determine if you are eligible for specific offers or payment methods.
- Subprocessors. We work with third party subprocessors for cloud hosting, content delivery, data analysis, internal logging, fulfillment services and email transmission, among others, to provide you with our services. For more information, see Shopify’s subprocessors.
- Analytics and cookie providers. We receive information through our use of cookies, social plugins (such as the Facebook “like” button), pixels and tags for business purposes, such as providing information to help measure how users interact with our website content. For more information about how we use these technologies, see our Cookie Policy.
How long we keep your information
Because we need your personal information to provide Shopify services, we generally keep your personal information, including sensitive personal information, while you use Shopify products or services or until you tell us to delete your information. We may also keep personal information to comply with legal obligations or protect our or other’s interests.
If you are a merchant operating a Shopify-powered store, and you close the store, stop paying your subscription fees, or we terminate your account, we retain store information for two years before we begin the deletion process.
When you visit or make a purchase from a merchant’s Shopify-powered store, we act as a service provider or processor for the merchant, and the merchant, not Shopify, decides how long your information is retained.
Your rights over your information
Depending on where you live, how you use Shopify, and subject to certain exceptions, you may have some or all of the following rights:
- Right to Know: The right to request that we disclose to you the personal information we collect, use, or disclose about you, and information about our data practices.
- Right to Request Correction: The right to request that we correct inaccurate personal information that we maintain about you.
- Right to Request Deletion: The right to request that we delete personal information that we have collected about you.
To exercise your rights, including the “right to know” and “right to delete,” please submit a request through our online portal. If you use Shop or Shop Pay, please visit https://shop.app/delete-account for instructions on how to request deletion of your information.
If you have visited or made a purchase from a merchant’s Shopify-powered store, please contact the specific merchant directly. If you make a request to us, we will forward your request to the relevant merchant.
Please note that to protect your information and the integrity of our products and services, we may need to verify your identity before processing your request. In some cases we may need to collect additional information to verify your identity, such as your email address or a government issued ID.
Under US Privacy Laws, you may also designate an authorized agent to make these requests on your behalf. If you use an authorized agent to submit a request, we may need to collect additional information, such as a government issued ID, to verify your identity before processing your request to protect your information.
For information on the CCPA requests we have received, please see here. In certain states, you may have the right to appeal our decision regarding a request related to these rights. If you wish to appeal a decision, please contact Shopify Support.
We will not discriminate against you for exercising any of these rights.
How you can reach us
If you would like to ask about or have concerns about how we process your personal information, please contact Shopify Support. If you want to make a request relating to your personal information, please contact us using the methods set out in the section immediately above.
Shopify Cookie Policy
We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information by reading the Shopify Cookie Policy on the Shopify website:https://www.shopify.com/uk/legal/cookies