Last updated: Sep. 7th 2023
Your
privacy is one of our fundamental commitments, and therefore, we take utmost
care to process your personal data in accordance with the principles set forth
in the applicable legislation, including without limitation the General Data
Protection Regulation no. 679/2016 (“GDPR”).
We recognize the importance of maintaining the confidentiality, integrity and
security of your personal information ("Personal Data") and have prepared this privacy policy (“Policy”) to explain how your Personal
Data is collected, stored, used and disclosed by
SMART
BIT AGILE CONSULT S.R.L,
a company incorporated under the Romanian law ("WebShopAssist”, “we”, "us"), as
a data controller, with respect to (i) your access to
and use of our Shopify application(s) („App”),
(ii) the access to, and use of our website available at the URL
https://www.webshopassist.com („Site”)
and (iii) the access to, and use of the content of the App and of the Site
including of the services provided by WebShopAssist
(“Services”).
Each
time we are required by the applicable law or, otherwise, want to use this
legal basis, we will request your free, informed, specific and unequivocal
consent for the processing of your Personal Data. By expressing your consent,
you agree that we can collect, use, reveal, process and transfer your Personal
Data in accordance with this Policy.
We
reserve the right to amend the provisions of this Policy from time to time. If
we make changes to this Policy, we will make the updated version available on
the Site and App and we will update the "Last updated” date.
Any
capitalized term which is not defined in this Policy will have the meaning set
forth in the terms and conditions (“Terms”)
applicable to the App and the Site.
1.
APPLICABILITY
This
Policy applies strictly to the processing of Personal Data carried out by WebShopAssist as a data controller, in relation to (i) the Personal Data of the Client (if the Client is a
natural person) / of the representative or contact person of the Client (if the
Client is a company), and, if the case might be, (ii) the Personal Data of a
user navigating our Site.
2.
THE
SITE
As a rule, we do not process Personal
Data on our Site. However, in specific and limited cases where we do process
such Personal Data, this Policy is applicable.
3.
CATEGORIES
OF PERSONAL DATA, PURPOSES OF PROCESSING, AND LEGAL GROUNDS
3.1.
Browsing
data
Computer
systems and software procedures used for the operation of the Site and App
acquire, during their normal operation, some information (so-called log files), the transmission of which is
implicit in the use of internet communication protocols.
This
information is not collected in order to be associated to specific persons, but
due to its nature can, by means of processing and integration with data held by
third parties, allow users to be identified. Such information includes the IP
addresses, the time and date of your visit, pages of our Site that you visit,
the time spent on those pages and other parameters concerning the user's
operating system and computer environment.
Purpose
of processing |
Legal
ground |
We
use this data for the sole purpose of obtaining anonymous statistical
information concerning the use of the Site and App and to check their correct
operation. |
●
Our legitimate interest in the
improvement of our Site and App and in managing the server capacities, and in
the bug-free preservation of our Site and App (art. 6 para. 1, let. f GDPR); ●
Your consent. (art. 6 para. 1, let. a GDPR). |
3.2.
Contractual
notifications
During
the provision of our services, we will use your email address and your phone
number (as our Client / contact person from our
Client) to notify you in connection with any matters related to the performance
of the contract between the Client and WebShopAssist.
Purpose
of processing |
Legal
ground |
The
purpose of this processing is to carry out contractual notices in accordance
with the Terms of the Site and App. |
●
Processing is necessary for the
performance of a contract to which the data subject is party or in order to
take steps at the request of the data subject prior to entering into a
contract (art. 6 para. 1, let. b GDPR); |
3.3.
Contact
You
can contact us in relation to the applications and services we provide by
filling in the form on our Site or by sending messages via email or
Facebook. In this case, in general, we will process the following Personal
Data: first name, last name, email and any other information you voluntarily
provide when you contact us.
Purpose
of processing |
Legal
ground |
In
this situation, we will use your Personal Data only to contact you in
connection with the requested offer or in connection with the resolution of
the problem. |
●
Processing is necessary for the
performance of a contract to which the data subject is party or in order to
take steps at the request of the data subject prior to entering into a
contract (art. 6 para. 1, let. b GDPR); |
3.4.
Marketing
messages
You
can opt in to receive marketing messages via email.
Purpose
of processing |
Legal
ground |
If
you opt to receive such marketing messages, we will use your email address to
send you marketing messages about our activities and promotions. |
●
Your consent. (art. 6 para. 1, let. a GDPR). |
You
can revoke your prior consent at all times and without any costs, with altering
consequences for the future.
4.
FAILURE
TO PROVIDE PERSONAL DATA
You
may refuse to provide certain Personal Data (indicated above) but, in such a
case, you may not be able to benefit from certain App or Site services and
features, including, but not limited to, contacting you to respond to your
query, to solve your problem and/or to provide support.
5.
AUTOMATIC
PROCESSING OF PERSONAL DATA
Your
Personal Data will not be processed for taking decisions based solely on
automatic processing that would result in legal effects concerning you or could
similarly significantly affect you.
6.
STORAGE
PERIOD
As a
rule, we will process your Personal Data during the term of your Subscription.
Personal
Data collected based on your consent will be processed until the date of
withdrawal of the consent.
In
certain circumstances, we may retain your Personal Data for longer periods of
time, for example if we are obliged to do so in accordance with the legal,
regulatory, tax or accounting requirements.
We
may also keep your Personal Data for longer periods of time so that we have
accurate records of your dealings with us in the event of any complaints or
challenges, or if we reasonably believe there is a prospect of litigation
relating to your Personal Data or dealings.
7.
TRANSFER
OF PERSONAL DATA
Your
Personal Data is filed and stored on the servers of our contractual partners
that are helping us to provide our services to you.
We
may transfer Personal Data, as far as necessary, to the following categories of
recipients:
●
contractual partners;
●
subcontractors;
●
payment processors;
●
companies offering IT services;
●
marketing companies;
●
public authorities, courts of law or
arbitral tribunals, and authorities competent to investigate criminal offence.
These
recipients can be located in the European Union and/or in the European Economic
Area. Where recipients are located outside the European Union and the European
Economic Area, including in countries not recognized as ensuring an adequate
level of protection, the transfer of Personal Data shall be carried out only if
there are appropriate guarantees, in accordance with applicable law. In this
respect, we rely on the standard contractual clauses issued by the European
Commission.
You
may receive from us a list of recipients from third countries, as well as a
copy of the agreed provisions that ensure an adequate level of protection of
Personal Data. For any request to this effect, please contact us at the contact
details mentioned below.
8.
SECURITY
The
security of your Personal Data is important to us. Your Personal Data will
therefore be processed by applying reasonable technical and organizational
measures to protect Personal Data, such as limiting access to Personal Data,
encryption or anonymization of Personal Data, storage on secure environments.
However, despite our efforts, we cannot always guarantee the effectiveness of
the security measures implemented, and therefore we cannot guarantee the
security of Personal Data at any time.
9.
RIGHTS
IN CONNECTION WITH THE PROCESSING OF YOUR PERSONAL DATA
9.1.
Your
rights
You
have the following rights in connection with the processing of your Personal
Data:
Access right: You have the right to obtain from
us confirmation that your Personal Data is processed by us, as well as
information on the specific processing, such as: the purposes of processing,
categories of processed Personal Data, recipients of Personal Data, the period
for which Personal Data is stored, if we transfer the Personal Data abroad and
how we protect it, your rights, the right to lodge a complaint before the
supervisory authority, the source of your Personal Data.
Right to rectification: You
have the possibility to request rectification of your Personal Data, provided
that the applicable legal requirements are met. In the event of errors, after
notification, we will immediately correct your Personal Data.
Right to erasure: In certain cases, you have the
possibility to request the deletion of Personal Data, namely when: (i) the
Personal Data are no longer necessary in relation to the purposes for which
they were collected or otherwise processed; (ii) you withdraw consent on which the processing is based
according and where there is no other legal ground for the processing; (iii) you exercise the right to object
to the processing; (iv) the Personal
Data have been unlawfully processed. We are not obliged to comply with your request
when the processing is necessary (among others) for compliance with a legal
obligation or for the establishment, exercise or defense of legal claims. There
are also other circumstances in which we are not obliged to comply with this
request for the deletion of Personal Data.
Restriction of processing: You
may request us to restrict the processing of your Personal Data in the
following circumstances: (i) you contest the accuracy of the Personal Data, for a
period enabling us to verify the accuracy of the Personal Data; (ii) the processing is unlawful and
then you oppose to the erasure of the Personal Data and request the restriction
of their use instead; (iii) we no
longer need the Personal Data for the purposes of the processing, but you
require them for the establishment, exercise or defense of legal claims; (iv) you have objected to processing,
pending the verification whether our legitimate grounds override yours.
However, we can continue to process your Personal Data (i) when you consent; (ii) for the establishment, exercise or
defense of legal claims or (iii) for
the protection of the rights of another natural or legal person.
Right to data portability:
Insofar the Personal Data is processed based on your consent or on the
execution of the agreement and the processing is carried out by automated
means, you have the right to have your data Personal Data provided to you in a
structured format, which is currently used and can be read automatically and
you have the right to request us to transfer this Personal Data to another
controller. This right shall not adversely affect the rights and freedoms of
others.
Right to opposition: In certain situations, such
as when we process your Personal Data on the basis of a legitimate interest or
for sending marketing messages, you have the right to object to the processing
of your Personal Data by us. In the event of unjustified objection, WebShopAssist is entitled to continue processing Personal
Data.
Revocation of consent:
Insofar you consented to the processing of your Personal Data, you can at all
times revoke your consent, without affecting the lawfulness of processing based
on consent before its withdrawal.
Right not to be subject to any automatic individual decisions: You
have the right not to be subject to a decision based solely on automated
processing, including profiling, which produces legal effects concerning you or
similarly significantly affects you. Such right cannot be exercised when the
decision: (i)
is necessary for entering into, or performance of, a contract between you and
us; (ii) is authorized by law which
lays down suitable measures to safeguard your rights and freedoms and
legitimate interests; or (iii) is
based on your explicit consent.
Right to lodge a complaint with the supervisory authority: You
have the right to lodge a complaint with The National Supervisory Authority for
Personal Data Processing (“DPA”) in
relation to any breach of your rights regarding the processing of your Personal
Data. The contact details of the DPA are: 28-30 Gheorghe Magheru
Boulevard, District 1, Postal Code 010336, Bucharest, Romania; e-mail: [email protected]
9.2.
How
to exercise your rights
To
learn more about how you may exercise the aforementioned rights, please contact
us at [email protected].
Identity verification: We take utmost care of the
confidentiality of all Personal Data and we reserve the right to verify your
identity if you make a request in relation to your Personal Data
Fees: As a rule, you can exercise your
rights free of charge. However, we reserve the right to request a reasonable
fee if your claims are manifestly unfounded or excessive, in particular because
of their repetitive nature.
Response Time: We make every effort to respond to
your request within one month of receiving the request. This period may be
extended by two further months where necessary, taking into account the
complexity and number of the requests, in which case we will inform you of any
such extension and of the reasons for the delay
10.
LINKS
TO OTHER SITES
Our Site may contain links to
other sites. If you click on a third-party link, you will be directed to that
site. Note that these external sites are not operated by us. Therefore, we
strongly advise you to review the Privacy Policy of these websites. We have no
control over, and assume no responsibility for the content, privacy policies,
or practices of any third-party sites or services.
11.
CHILDREN’S
PRIVACY
Our Site and our App do not
address anyone under the age of 16. We do not knowingly collect personal data
from individuals under 16. In the case we discover that a child under 16 has
provided us with personal data, we immediately delete this from our servers. If
you are a parent or guardian and you are aware that your child has provided us
with personal information, please contact us so that we will be able to do
necessary actions.
12.
CONTACT
If
you have any questions or concerns about this Policy or its implementation, you
may contact us using the contact form.