When you install the App, we are automatically able to access certain types of information from your Shopify account: Your Personal Data, Access to your Theme files, Access to add Shopify Script Tags to your Website, Products, Collections, Pages, Blogs, Blog Posts, Locales.
2. Personal Information the App Collects and Processing Purposes
2.1. Information from Merchants
When you install and use our App, we are automatically able to access certain types of information from your Shopify account such as: your name, company name, your Shopify-supported store URL, address, email address.
We will also collect and process data that you provide directly to us, for example your selected membership plan or any changes thereof. Additionally, we collect data such as how and when you access your account (access logs), including information about the device and browser you use, your network connection and your IP address, the configuration you choose to make to our App, history of payments and logs of install/uninstall or any other actions or activity while using our App.
We use this information to give you access and provide you with our Services; for example, to confirm your identity, provide you access on the Settings page of our App, to contact you in order to provide support, confirm install or uninstall actions for our App; end of trial period notifications; to conduct customer satisfaction surveys; automatic out-off-the-office notifications; notifications for updates to the App; end of discounts period and history of your payments with Shopify for your membership plan through the Shopify Billing API and to make sure that we comply with legal requirements. We also use it to make our App interface easier to use and to personalize the Services for you; for example to translate the App in your language.
In certain cases, in order to solve technical issues, we might request access to some sections of your Shopify Admin. It is your responsibility to allow us access only to the sections we requested and once the technical problem is solved you agree to delete our access from your Shopify Admin.
2.2. Information from Merchant's customers and visitors of the Merchant’s store
When you install and use our App, we do not collect, process or retain any personal data of the customers or visitors or your Shopify store.
2.3. Information from Hurdle Apps website visitors
As you visit or browse our websites, we collect information about the device and browser you use, your network connection, your IP address, and information about the cookies installed on your device. We also collect this information when you engage with us either by email or web form. We also collect any additional information that you might provide to us. We use this information, to provide and enhance our Services, including supporting or servicing your account, if applicable.
2.4. Information from cookies and similar tracking technologies
“Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device.
We use cookie technology for our App [functional cookies] to recognize your device and to keep you logged into your account. We also use them to provide and enhance our Services, including supporting or servicing your account, if applicable.
For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
If you decide to opt out of certain types of this processing, disable the storage of cookies or remove registered cookies, please see the links above.
We also use “Log files” to track actions occurring on the Hurdle Apps websites, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps. This information is collected for security purposes in order to prevent different types of attacks such as a DDOS attack.
“Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Site.
Google Analytics uses "web beacons" and "tags" only when using the App in the Shopify Admin. This information allows us to better understand the users of the App, and how they use the App in order to improve our Services.
3. How Do We Use Your Personal Information?
We use the personal information we collect from you and your customers in order to provide the Service and to operate the App. Additionally, we use this personal information to: Communicate with you; Optimize or improve the App; and Provide you with information or advertising relating to our products or services, as detailed in Section 2 above.
4. Sharing Your Personal Information
We may share your data, by disclosure or providing remote access, exclusively to the extent necessary to serve the applicable processing purposes for which your data is collected and processed and only through secured applications, to third parties such as commercial partners, acting as data processors for and on behalf of the App Provider (e.g. e-mail services provider, hosting, cloud - based help desk solution, legal and financial advisors, payment processor provider, technical support service providers or service providers providing dispatch support), with whom we made the necessary contractual agreements required by EU and national regulations.
In addition, we may disclose the data in order to comply with the law or in response to a request from a court or other legal authority, such as a warrant or a subpoena. We might also share the information if we believe, in good faith, that it is necessary to prevent or address frauds, protect our legitimate interests or to enforce the Terms and Conditions.
5. Retention Period
Personal data collected and used for the supply of the Services by the App Provider will be stored:
personal data of the Merchant for a period of 60 days after uninstallation, to ensure technical assistance, if needed, after uninstalling the App;
support e-mails are kept for 120 days after the support ticket has been closed. After which it will be archived 10 years for legal purposes.
log files are only kept for a period of 30 days.
Promptly after the applicable storage period has ended, the data shall be:
(a) securely deleted or destroyed; or
(b) transferred to an archive (unless this is prohibited by law or an applicable records retention regulation); or
(c) anonymized in the case of information related to website visits, without identifiers, in order to improve our services.
We are aware that the security of your private information is an important concern. The protection of your personal data is highly important for us, data protection and the protection of personal privacy being a priority for our business.
The following principles are central to how we process the Data:
Transparency and fairness: When we collect and process your personal information, we inform you as to who collects and receives these data, and the reasons for this. When required by law, we always seek your prior consent (e.g. before collecting any sensitive information). We never use your personal information for purposes that are incompatible with the processing purposes outlined herein.
Legitimacy: We do not collect or process personal information without a lawful reason. We use your personal information only for appropriate business purposes (e.g. to provide the Services, manage relationships with Merchants, perform accurate invoicing, to better serve customers, to conduct satisfaction surveys or draft reports and comply with our legal obligations).
Privacy: We endeavor to ensure privacy when implementing personal data processing. To this end we also carry out privacy impact assessments to ensure that our safeguards are appropriate and that your information is protected.
We follow industry standards on information security management to safeguard personal information entrusted to us. Nevertheless no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee the absolute security of your personal information.
You shall be notified with respect to a data security breach, within a reasonable period of time following discovery of such breach, unless a law enforcement official determines that notification would impede a criminal investigation or cause damage to national security. In this case, notification shall be delayed as instructed by such law enforcement official. We shall promptly respond to your enquiries relating to such data security breach.
7. Data Subjects Rights with respect to processing of their personal data
According to applicable data privacy regulation, including without limitation the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), you have the following rights:
Access. You have the right to obtain a confirmation (free of charge if once per year) as to whether or not data concerning you is being processed and, where the case, access to the data and the following information: purpose of the processing, personal data concerned, recipients of the data, storage period, your rights under the data protection regulations and the source of the data.
Rectification. You have the right to obtain, without undue delay, the rectification of inaccurate personal data. You can do this by changing the information from your Shopify Account settings page, or by emailing us at firstname.lastname@example.org
Erasure. You have the right to request erasure of your personal data provided that conditions for such operation are met under the applicable law. You can request the deletion of your personal information in the following cases:
if your personal information is no longer necessary for the purpose of the data processing;
if you have withdrawn your consent for data processing based exclusively on such consent;
if you objected to the data processing;
if the personal information must be erased to comply with a legal obligation to which the App Provider is subject.
It’s important to remember that if you erase your personal information, the Services may not function properly.
Restriction. You have the right to request restriction of the processing in the following cases:
for a period enabling the App Provider to verify the accuracy of your personal data in the event you challenge the accuracy of your personal information;
if the processing is unlawful and you wish to restrict your personal information rather than deleting it;
if you wish the App Provider to keep your personal information because you need it for your defense in the context of legal claims;
if you have objected to the processing but we need to check whether we have legitimate grounds for such processing which may override your own rights.
It’s important to remember that if you restrict the use of your personal information, the Services may not function properly.
Portability. You have the right to Data portability (receiving your personal data in a structured, commonly used and machine-readable format and transmitting those data to another controller) and a right to object, on grounds relating to your particular situation, at any time to processing of your personal data, including profiling, if the processing of personal data is based on legitimate interest pursued by the App Provider or a third party.
Except for cases when processing of your personal data is necessary for performance of the Services, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Complaint. You may exercise your rights freely and at any time, by sending a written and dated request accompanied by a proof of your identity by sending an e-mail to email@example.com. Requests for access, correction, restriction of processing or erasure are subject to applicable legal restrictions.
If you have any further questions about how we process your personal information, or if you would like to exercise any of your rights under this policy, please send us a written and dated request accompanied by a proof of you identity, using the following contact details: firstname.lastname@example.org
We shall ensure adequate steps are taken to address your request without undue delay and, in any event, within 30 (thirty) days of receipt of the request. The information shall be provided by electronic means where possible, unless otherwise expressly requested by you in writing.
Last updated: June 21, 2022