Privacy & Data Protection Agreement for Shopify Merchants
This Data Protection Agreement describes how Experify is using and protecting data governed by clients who use any of the Apps made available by Experify in the Shopify App store. As a Shopify Merchant using any of the Experify Apps available in the Shopify App store, you agree to this Privacy & Data Protection Agreement.
General
Experify is committed to protecting and respecting your and your customer's privacy and is taking data protection very serious. This declaration (the 'Data Protection Declaration') is intended to provide you with information about our procedures for collecting, processing or using data that you provide to us.
The protection of personal data and the responsible handling of the information that you entrust to us (collectively “the data”) are important to us. We therefore collect, process, use and store the data in accordance with European data protection and data security laws.
This data protection declaration (together with our general terms and conditions, our declaration on cookies) and other documents referred to in this document form the basis on which we process all data collected by you or made available by you or Shopify. Read the following statement carefully to understand how we process your personal data.
What data do we collect?
We collect (personal) data to enable you to use any of Experify's services and to provide an optimal service. We collect information in two ways:
Merchant and shop data that you provide to us or that is provided to us by Shopify: names, emails, phone numbers, products in your shop incl. details.
Customer data that you provide to us or that is provided to us by Shopify: names, email, marketing consent information, order data
Information we receive based on your use of our services: we collect information about the Experify services you use and how you use them in form of analytics
How we use collected data
In the following, when we write "user data", we mean all data you provide. This includes data about you as merchant as well as data on your customers as outlined in section 2.
3.1 We do not sell user data to third parties and do not use user data for purposes other than those specified in this data protection policy.
3.2 We only disclose user data to third parties in the following cases:
3.2.1 If it is necessary to fulfil a contract concluded with you for the provision of a service, a third party is required (e.g. for the sending of the rewards by the participating brand);
3.2.2 If you expressly request this (e.g. if you log in using social media authentication methods).
3.2.3 Experify can also disclose data if we are legally obliged to do so or assume in good faith that such access, such security or such disclosure (i) to answer claims made against Experify, (ii) to comply with a judicial or official order or request, (iii) to enforce an agreement with our users such as our general terms and conditions, our data protection declaration or our code of conduct, (iv) in the event of an emergency that poses a risk to life and limb or for public health is related, (v) required by an investigation or (vi) to protect the rights, property, or personal safety of Experify, its employees, or others;
How we use customer data
Some parts of our service require that you disclose data about your customers to Experify, usually in an automated way via the Shopify API. Whenever we request such data, we make sure to only request the minimal amount of data necessary to provide you with the service you requested and to store them only as long as necessary to provide the service.
Currently the usage of customer data is limited to: you requesting us to send review invitation emails to your customers; you requesting us to monitor orders in your shop in order to automatically send review invitation emails to your customers. These services are never enabled by default, meaning you need to explicitly opt-in to use them. Furthermore, we respect customer's marketing consent and will only send such review invitation emails if your customer consented to receiving marketing emails.
How and where your data is transmitted and stored
Our services run in a cloud computing environment with industry-standard privacy and security measures. We prefer to use cloud services with computer facilities within the EU. When we need to use cloud services outside the EU, we make sure that this only applies to temporary results and not to long-term data storage.
Third-party data processors can, for example, be involved in processing your service request, moderating the images for your user account, processing your payment data, providing advertising and marketing services on our behalf and providing support services electronically. We cannot control where and how third-party processors transmit and store your data.
With such a transmission, we make sure that it is carried out in accordance with this data protection declaration and that the recipient is guaranteed an adequate level of data protection for you and other data subjects (e.g. by concluding a contract based on the so-called standard contractual clauses of the European Commission).
On request, we can provide you with a list of the countries in which your data is stored and / or transmitted. Upon request, we will also be happy to provide you with a copy of the so-called standard contractual clauses of the European Commission or other documents that we use to ensure that the recipient is guaranteed an adequate level of data protection.
Information about your data
Article 8 of the Data Protection Act stipulates that every person can request information collection holders to provide information about their stored and processed data. These requests for information must be submitted in writing. Please let us know your last name, first name, your date of birth and, if available, your email address. Contact us with your request via: Experify AG, Albisriederstrasse 199, CH-8047 Zurich.
Deletion of your data
You have the right to request that the data stored about you be deleted at any time. This does not include data that we must keep for legal reasons (e.g. accounting, taxes, ongoing proceedings, etc.) or to prevent attempts to defraud and in the event of a violation of the terms of use.
Area of application
Our privacy policy may change from time to time. We will not limit your rights under this privacy policy without your expressed consent. We will publish all changes to the data protection declaration on this page. If the changes are material, we will provide an even clearer notification (including, in the case of certain services, an email notification of changes to the privacy policy). We will also keep older versions of this data protection declaration in an archive for your inspection.
Contact and data protection officer
If you would like to contact us to exercise your rights, give us your opinion, or if you have any questions related to your personal information, you can either:
contact our data protection officer by email at gdpr@experify.com.
write to us via our contact page;
or send us a letter to the following address: Experify AG, Albisriederstr. 199, CH-8047 Zurich.