Digismoothie Agency s.r.o., a company having its registered office at Rohanske nabrezi 678/29, 186 00 Prague, Czech Republic, ID No.: 17151902, registered in the Commercial Register maintained by the Municipal Court in Prague under Insert C 336746 and duly incorporated under the laws of the Czech Republic (“Company” or “we”), who develops the software, applications and plugins for the Shopify Stores (the “App(s)”) as well as providing licenses to them via the Shopify App Store and any related services thereto.
Your privacy is important to us. It is our policy to respect your privacy regarding any information and personal data we may collect from you during our cooperation, through our website, as well as other sites we own and operate. As we care about the protection of your personal data, we have prepared the following information about the processing of your personal information, which complies with Regulation (EU) No. 2016/679 of the European Parliament and of the Council on the General Data Protection Regulation (“GDPR”) and with the California Consumer Privacy Act of 2018 (“CCPA”), respectively.
Information about the collection and use of your personal data
1. Who is the controller of your personal data?
The controller is generally a person who, alone or together with others, determines the purpose of collection and decides how the personal data will be processed.
The Company is a controller of personal data.
2. How do we collect personal data?
We obtain your personal data directly from you. This is primarily done via filled in forms, installation of the App, mutual communication, or agreements. Also, we can obtain personal data from third parties we cooperate with, who are entitled to access and process your personal data. We may also collect your personal data from publicly accessible sources and registers as well as social media or other online platforms.
3. What personal data do we process?
Contact and personal information
We process your basic identification data, such as your name and/or business name, address, and VAT or ID number. We may also process your telephone number and/or e-mail address, if they have been provided.
When you visit our website or use our App, our servers may automatically log the standard data that are provided by your web browser. This may include your computer's Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of a visit, the time spent on each page, and other details.
We may also collect data regarding invoicing details, billing conditions, payments received (and our payment processors and providers) with billing details.
Information from our mutual conversations
We may also collect and process data regarding mutual communication such as information derived from e-mails, phone calls, contact forms as well as the content of our communications.
Installation and settings data
We collect and process installation data and settings, such as the date of installation, personal App settings, and the Shopify API key for the purpose of improving our services and Apps and your access to them.
4. Legal basis and purposes for processing personal data
We process your personal data lawfully, fairly and in a transparent manner. We collect and process information about you only when we have a legal basis for doing so.
The legal basis depends on the services you use and the way you use them. We collect your information only if:
- it is necessary for the performance of an agreement by and between us, or to take steps at your request before entering into such an agreement (for example, when we provide you with services you have requested from us);
- it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for conducting research and development, to market and promote our services, and to protect our legal rights and interests;
- you grant us consent to do so for a specific purpose (for example, you might grant consent to receiving our newsletter); or
- we need to process your data in order to comply with a legal obligation.
If you provide us with your consent to use your information for a specific purpose, you have the right to change your mind at any time (however, this will not affect any processing that has already taken place).
We do not keep your personal data for any longer than is necessary. While we retain this data, we protect it within commercially acceptable means so as to prevent any loss or theft, as well as protection from any unauthorized access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure and cannot guarantee absolute data security. If necessary, we may retain your personal information so that we can remain compliant with a legal obligation.
5. How long do we process your personal data for?
Personal data will be processed and stored for the term of an agreement, then for the next 3 years after the contractual relationship is terminated, unless otherwise provided.
Personal data are processed for the purpose of defending our legal claims in judicial or similar proceedings and will be processed for a period of 15 years following contract termination, which represents the longest statute of limitation set out by law.
Personal data that are processed on the grounds of our legal obligations arising from accounting, tax and other statutory regulations, are stored for the time limit set out in these regulations.
If you grant us consent to having your personal data processed, you are entitled to withdraw it any time. However, we would like to inform you that in the case you choose to withdraw your consent, it might be necessary to keep some of your data for the purposes of maintaining compliance with our legal obligations. Please note that we may also keep the data if our legitimate interest entitles us to do so.
Please note that we are not obliged to delete all of your personal data if you cancel the subscription or uninstall our App. We may still keep the data which are obtained during the installation of the App, such as your store URL, email address, and your first and last name, for the purposes of maintaining compliance with our legal obligations.
You may also choose to use our website without cookies. In such a case we would not be able to collect any information about you or about your activity on the website. Moreover, if you disable the cookies, the website or App may not display correctly.
The collected cookies are processed by the Company or other processors:
We collect these specific types of cookies:
7. Disclosure and transfer of personal data to third parties
We may disclose personal data to:
- third-party service providers (data processors) for the purpose of enabling them to provide their services, including (without limitation) IT service providers; data storage; hosting and server providers; CRM providers; ad networks; analytics; error loggers; debt collectors; maintenance or problem-solving providers; marketing or advertising providers; professional advisors and payment systems operators; and
- our employees, contractors and/or related entities.
Below is a list of the engaged processors who may receive your personal data from us:
- Google LLC – a service we use to track usage of our Apps and website, and improve their UX;
- Intercom R&D Unlimited Company – the tool used to provide you with the live chat and helpdesk service;
- Heroku by Salesforce.com, Inc. – the service used to host our Apps;
- Smartlook.com, s.r.o. – the service used to track usage of our Apps and improve their UX;
- FullStory, Inc. – the service used to track usage of our Apps and improve their UX;
- Mailgun Technologies, Inc. – the email delivery service (for Payster app only), and
- Pipedrive, Inc – the tool used to collect leads and manage deals (not used for Apps, only for the agency part of our business).
The personal data we collect is stored and processed in the European Union, or where we or our partners, affiliates and third-party providers maintain facilities. By providing us with your personal data, you acknowledge that the data may be disclosed to these overseas third parties.
We will ensure that any transfers of personal information from countries in the European Economic Area (EEA) made to countries outside the EEA will be protected by using the appropriate safeguards, for example, by applying standard data protection clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means.
Where we transfer personal information from a non-EEA country to another country, you acknowledge that third parties in other jurisdictions may not be subject to similar data protection laws to those applicable in our jurisdiction. There are risks if any such third party engages in any act or practice that would contravene the data privacy laws in our jurisdiction, and this could mean that you will not be able to seek redress under our jurisdiction's privacy laws.
Information about your rights
1. General information
We ensure that the processing of all personal data is carried out in a proper and safe manner. You can exercise the rights imparted to you in this section with the data controller by sending an email.
The information regarding your rights is provided free-of-charge, unless the request for information is clearly unreasonable or inadequate, especially due to a repetitive nature. In this case, we are entitled to charge a reasonable fee, taking into account any additional administrative costs for providing the requested information.
We will provide you with comments and, if applicable, information about the measures that have been taken as soon as possible, but at the latest within a month. We are entitled to extend the period by two months, if necessary, and, in view of the complexity and number of applications. We will inform you of such an extension, including the reasons for making such an extension.
2. Right to be informed about the processing of your personal data and the right to access
You are entitled to request information as to whether the personal data are subject to processing or not. If your personal data are being processed, you have the right to request information concerning:
- us, as the data controller;
- our representatives or personal data protection commissioners;
- the purpose for processing the personal data;
- the categories of personal data;
- the recipients or categories of recipients of personal data;
- the enumeration of your rights; and
- the option to send an inquiry the Office for Personal Data Protection about the sources of personal data processing as well as automated decision-making and profiling.
You have the right to be provided with a copy of your processed personal data; however, the right to obtain this copy cannot interfere with the rights and freedoms of other persons.
If we intend to use the personal data for a purpose other than which it was originally collected for, we will provide you with additional information as well as information about the intended purpose prior to commencing any additional data processing.
3. Information from third parties
4. Right to restrict
You may choose to restrict the collection or use of your personal information. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below. If you ask us to restrict or limit how we process your personal information, we will let you know how the restriction affects your use of our website or products and services.
5. Right to data portability
You may request details of the personal data that we hold about you. You may request a copy of the personal data we hold about you. You may also request that we transfer this personal data to another third party.
6. Right to erasure (right to be forgotten)
You have the right to request the erasure of your personal data where one of the following grounds applies, for example, the personal data are no longer necessary in relation to the purposes for which they were collected. We erase the personal data automatically; however, you can also request that the data be erased. In such a case, your request will be reviewed individually and you will be informed about the outcome. Please note that in some cases we still might be legally required to process your personal data.
7. Right to correction
If you believe that any information that we have about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, please contact us. We will take reasonable steps to correct any information which is found to be inaccurate, incomplete, misleading or out-of-date.
8. Right to non-discrimination
If you choose to exercise your rights, such as the right to refuse to provide us with personal information or the right to ask us to delete your data, we cannot refuse to provide you with services, charge you different prices, or provide you with a different level of our services merely due to the fact that you have exercised your rights.
If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details above and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you in writing, detailing the outcome of our investigation and the steps to be taken in order to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.
Information about automated individual decision-making
Automated decision-making refers to a decision which is taken solely on the basis of the automated processing of your personal data. This means processing using, for example, software codes or algorithms, which does not require any human intervention.
We will not make any decisions which are based solely on automated processing that would have legal consequences concerning the data subject or that may similarly significantly affect the data subject.
You can also reach us at our mailing address: Digismoothie s.r.o., Rohanske nabrezi 678/29, 186 00 Prague, Czech Republic.