FB

Privacy Policy

 

Last updated: Sep. 7th 2023

 

Your privacy is one of our fundamental commitments, and therefore, we take utmost care to process your personal data in accordance with the principles set forth in the applicable legislation, including without limitation the General Data Protection Regulation no. 679/2016 (“GDPR”). We recognize the importance of maintaining the confidentiality, integrity and security of your personal information ("Personal Data") and have prepared this privacy policy (“Policy”) to explain how your Personal Data is collected, stored, used and disclosed by SMART BIT AGILE CONSULT S.R.L, a company incorporated under the Romanian law ("WebShopAssist, “we”, "us"), as a data controller, with respect to (i) your access to and use of our Shopify application(s) („App”), (ii) the access to, and use of our website available at the URL https://www.webshopassist.com („Site”) and (iii) the access to, and use of the content of the App and of the Site including of the services provided by WebShopAssist (“Services”).

Each time we are required by the applicable law or, otherwise, want to use this legal basis, we will request your free, informed, specific and unequivocal consent for the processing of your Personal Data. By expressing your consent, you agree that we can collect, use, reveal, process and transfer your Personal Data in accordance with this Policy.

We reserve the right to amend the provisions of this Policy from time to time. If we make changes to this Policy, we will make the updated version available on the Site and App and we will update the "Last updated” date.

Any capitalized term which is not defined in this Policy will have the meaning set forth in the terms and conditions (“Terms”) applicable to the App and the Site.

 

1.                  APPLICABILITY

This Policy applies strictly to the processing of Personal Data carried out by WebShopAssist as a data controller, in relation to (i) the Personal Data of the Client (if the Client is a natural person) / of the representative or contact person of the Client (if the Client is a company), and, if the case might be, (ii) the Personal Data of a user navigating our Site.

2.                  THE SITE

As a rule, we do not process Personal Data on our Site. However, in specific and limited cases where we do process such Personal Data, this Policy is applicable.

3.                  CATEGORIES OF PERSONAL DATA, PURPOSES OF PROCESSING, AND LEGAL GROUNDS

3.1.            Browsing data

Computer systems and software procedures used for the operation of the Site and App acquire, during their normal operation, some information (so-called log files), the transmission of which is implicit in the use of internet communication protocols.

This information is not collected in order to be associated to specific persons, but due to its nature can, by means of processing and integration with data held by third parties, allow users to be identified. Such information includes the IP addresses, the time and date of your visit, pages of our Site that you visit, the time spent on those pages and other parameters concerning the user's operating system and computer environment.

 

Purpose of processing

Legal ground

We use this data for the sole purpose of obtaining anonymous statistical information concerning the use of the Site and App and to check their correct operation.

                    Our legitimate interest in the improvement of our Site and App and in managing the server capacities, and in the bug-free preservation of our Site and App (art. 6 para. 1, let. f GDPR);

                    Your consent. (art. 6 para. 1, let. a GDPR).

3.2.            Contractual notifications

During the provision of our services, we will use your email address and your phone number (as our Client / contact person from our Client) to notify you in connection with any matters related to the performance of the contract between the Client and WebShopAssist.

Purpose of processing

Legal ground

The purpose of this processing is to carry out contractual notices in accordance with the Terms of the Site and App.

                    Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (art. 6 para. 1, let. b GDPR);

3.3.            Contact

You can contact us in relation to the applications and services we provide by filling in the form on our Site  or by sending messages via email or Facebook. In this case, in general, we will process the following Personal Data: first name, last name, email and any other information you voluntarily provide when you contact us.

Purpose of processing

Legal ground

In this situation, we will use your Personal Data only to contact you in connection with the requested offer or in connection with the resolution of the problem.

                    Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (art. 6 para. 1, let. b GDPR);

3.4.            Marketing messages

You can opt in to receive marketing messages via email.

Purpose of processing

Legal ground

If you opt to receive such marketing messages, we will use your email address to send you marketing messages about our activities and promotions.

                    Your consent. (art. 6 para. 1, let. a GDPR).

You can revoke your prior consent at all times and without any costs, with altering consequences for the future.

4.                  FAILURE TO PROVIDE PERSONAL DATA

You may refuse to provide certain Personal Data (indicated above) but, in such a case, you may not be able to benefit from certain App or Site services and features, including, but not limited to, contacting you to respond to your query, to solve your problem and/or to provide support.

5.                  AUTOMATIC PROCESSING OF PERSONAL DATA

Your Personal Data will not be processed for taking decisions based solely on automatic processing that would result in legal effects concerning you or could similarly significantly affect you.

6.                  STORAGE PERIOD

As a rule, we will process your Personal Data during the term of your Subscription.

Personal Data collected based on your consent will be processed until the date of withdrawal of the consent.

In certain circumstances, we may retain your Personal Data for longer periods of time, for example if we are obliged to do so in accordance with the legal, regulatory, tax or accounting requirements.

We may also keep your Personal Data for longer periods of time so that we have accurate records of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your Personal Data or dealings.

7.                  TRANSFER OF PERSONAL DATA

Your Personal Data is filed and stored on the servers of our contractual partners that are helping us to provide our services to you.

We may transfer Personal Data, as far as necessary, to the following categories of recipients:

                    contractual partners;

                    subcontractors;

                    payment processors;

                    companies offering IT services;

                    marketing companies;

                    public authorities, courts of law or arbitral tribunals, and authorities competent to investigate criminal offence.

These recipients can be located in the European Union and/or in the European Economic Area. Where recipients are located outside the European Union and the European Economic Area, including in countries not recognized as ensuring an adequate level of protection, the transfer of Personal Data shall be carried out only if there are appropriate guarantees, in accordance with applicable law. In this respect, we rely on the standard contractual clauses issued by the European Commission.

You may receive from us a list of recipients from third countries, as well as a copy of the agreed provisions that ensure an adequate level of protection of Personal Data. For any request to this effect, please contact us at the contact details mentioned below.

8.                  SECURITY

The security of your Personal Data is important to us. Your Personal Data will therefore be processed by applying reasonable technical and organizational measures to protect Personal Data, such as limiting access to Personal Data, encryption or anonymization of Personal Data, storage on secure environments. However, despite our efforts, we cannot always guarantee the effectiveness of the security measures implemented, and therefore we cannot guarantee the security of Personal Data at any time.

9.                  RIGHTS IN CONNECTION WITH THE PROCESSING OF YOUR PERSONAL DATA

9.1.            Your rights

You have the following rights in connection with the processing of your Personal Data:

Access right: You have the right to obtain from us confirmation that your Personal Data is processed by us, as well as information on the specific processing, such as: the purposes of processing, categories of processed Personal Data, recipients of Personal Data, the period for which Personal Data is stored, if we transfer the Personal Data abroad and how we protect it, your rights, the right to lodge a complaint before the supervisory authority, the source of your Personal Data.

Right to rectification: You have the possibility to request rectification of your Personal Data, provided that the applicable legal requirements are met. In the event of errors, after notification, we will immediately correct your Personal Data.

Right to erasure: In certain cases, you have the possibility to request the deletion of Personal Data, namely when: (i) the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) you withdraw consent on which the processing is based according and where there is no other legal ground for the processing; (iii) you exercise the right to object to the processing; (iv) the Personal Data have been unlawfully processed. We are not obliged to comply with your request when the processing is necessary (among others) for compliance with a legal obligation or for the establishment, exercise or defense of legal claims. There are also other circumstances in which we are not obliged to comply with this request for the deletion of Personal Data.

Restriction of processing: You may request us to restrict the processing of your Personal Data in the following circumstances: (i) you contest the accuracy of the Personal Data, for a period enabling us to verify the accuracy of the Personal Data; (ii) the processing is unlawful and then you oppose to the erasure of the Personal Data and request the restriction of their use instead; (iii) we no longer need the Personal Data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims; (iv) you have objected to processing, pending the verification whether our legitimate grounds override yours. However, we can continue to process your Personal Data (i) when you consent; (ii) for the establishment, exercise or defense of legal claims or (iii) for the protection of the rights of another natural or legal person.

Right to data portability: Insofar the Personal Data is processed based on your consent or on the execution of the agreement and the processing is carried out by automated means, you have the right to have your data Personal Data provided to you in a structured format, which is currently used and can be read automatically and you have the right to request us to transfer this Personal Data to another controller. This right shall not adversely affect the rights and freedoms of others.

Right to opposition: In certain situations, such as when we process your Personal Data on the basis of a legitimate interest or for sending marketing messages, you have the right to object to the processing of your Personal Data by us. In the event of unjustified objection, WebShopAssist is entitled to continue processing Personal Data.

Revocation of consent: Insofar you consented to the processing of your Personal Data, you can at all times revoke your consent, without affecting the lawfulness of processing based on consent before its withdrawal.

Right not to be subject to any automatic individual decisions: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Such right cannot be exercised when the decision: (i) is necessary for entering into, or performance of, a contract between you and us; (ii) is authorized by law which lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or (iii) is based on your explicit consent.

Right to lodge a complaint with the supervisory authority: You have the right to lodge a complaint with The National Supervisory Authority for Personal Data Processing (“DPA”) in relation to any breach of your rights regarding the processing of your Personal Data. The contact details of the DPA are: 28-30 Gheorghe Magheru Boulevard, District 1, Postal Code 010336, Bucharest, Romania; e-mail: [email protected]

9.2.            How to exercise your rights

To learn more about how you may exercise the aforementioned rights, please contact us at [email protected].

Identity verification: We take utmost care of the confidentiality of all Personal Data and we reserve the right to verify your identity if you make a request in relation to your Personal Data

Fees: As a rule, you can exercise your rights free of charge. However, we reserve the right to request a reasonable fee if your claims are manifestly unfounded or excessive, in particular because of their repetitive nature.

Response Time: We make every effort to respond to your request within one month of receiving the request. This period may be extended by two further months where necessary, taking into account the complexity and number of the requests, in which case we will inform you of any such extension and of the reasons for the delay

10.              LINKS TO OTHER SITES

                Our Site may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over, and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

11.              CHILDREN’S PRIVACY

                Our Site and our App do not address anyone under the age of 16. We do not knowingly collect personal data from individuals under 16. In the case we discover that a child under 16 has provided us with personal data, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to do necessary actions.

12.              CONTACT

If you have any questions or concerns about this Policy or its implementation, you may contact us using the contact form.