Digismoothie s.r.o., a company having its registered office at Rohanske nabrezi 678/29, 186 00 Prague, Czech Republic, ID No.: 037 18 751, registered in the Commercial Register maintained by the Municipal Court in Prague under Insert C 336746 and duly incorporated under the laws of the Czech Republic (“Company” or “we”), who develops the software, applications and plugins for the Shopify Stores (the “App(s)”) as well as providing licenses to them via the Shopify App Store and any related services thereto.
Your privacy is important to us. It is our policy to respect your privacy regarding any information and personal data we may collect from you during our cooperation, through our website, as well as other sites we own and operate. As we care about the protection of your personal data, we have prepared the following information about the processing of your personal information, which complies with Regulation (EU) No. 2016/679 of the European Parliament and of the Council on the General Data Protection Regulation (“GDPR”) and with the California Consumer Privacy Act of 2018 (“CCPA”), respectively.
This Privacy Policy explains how we collect, use, process, disclose and secure information and personal data we obtain from and about our clients and customers, users of the Apps, including information we collect when you visit our websites. It also tells you about your rights and choices with respect to your information, and how you can contact us if you have any questions or concerns in connection therewith.
Information about the collection and use of your personal data
1. Who is the controller of your personal data?
The controller is generally a person who, alone or together with others, determines the purpose of collection and decides how the personal data will be processed.
The Company is a controller of personal data.
2. How do we collect personal data?
We obtain your personal data directly from you. This is primarily done via filled in forms, installation of the App, mutual communication, or agreements. Also, we can obtain personal data from third parties we cooperate with, who are entitled to access and process your personal data. We may also collect your personal data from publicly accessible sources and registers as well as social media or other online platforms.
3. What personal data do we process?
Contact and personal information
We process your basic identification data, such as your name and/or business name, address, and VAT or ID number. We may also process your telephone number and/or e-mail address, if they have been provided.
Log data
When you visit our website or use our App, our servers may automatically log the standard data that are provided by your web browser. This may include your computer's Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of a visit, the time spent on each page, and other details.
Billing information
We may also collect data regarding invoicing details, billing conditions, payments received (and our payment processors and providers) with billing details.
Information from our mutual conversations
We may also collect and process data regarding mutual communication such as information derived from e-mails, phone calls, contact forms as well as the content of our communications.
Installation and settings data
We collect and process installation data and settings, such as the date of installation, personal App settings, and the Shopify API key for the purpose of improving our services and Apps and your access to them.
4. Legal basis and purposes for processing personal data
We process your personal data lawfully, fairly and in a transparent manner. We collect and process information about you only when we have a legal basis for doing so.
The legal basis depends on the services you use and the way you use them. We collect your information only if:
- it is necessary for the performance of an agreement by and between us, or to take steps at your request before entering into such an agreement (for example, when we provide you with services you have requested from us);
- it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for conducting research and development, to market and promote our services, and to protect our legal rights and interests;
- you grant us consent to do so for a specific purpose (for example, you might grant consent to receiving our newsletter); or
- we need to process your data in order to comply with a legal obligation.
If you provide us with your consent to use your information for a specific purpose, you have the right to change your mind at any time (however, this will not affect any processing that has already taken place).
We do not keep your personal data for any longer than is necessary. While we retain this data, we protect it within commercially acceptable means so as to prevent any loss or theft, as well as protection from any unauthorized access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure and cannot guarantee absolute data security. If necessary, we may retain your personal information so that we can remain compliant with a legal obligation.
5. How long do we process your personal data for?
Personal data will be processed and stored for the term of an agreement, then for the next 3 years after the contractual relationship is terminated, unless otherwise provided.
Personal data are processed for the purpose of defending our legal claims in judicial or similar proceedings and will be processed for a period of 15 years following contract termination, which represents the longest statute of limitation set out by law.
Personal data that are processed on the grounds of our legal obligations arising from accounting, tax and other statutory regulations, are stored for the time limit set out in these regulations.
If you grant us consent to having your personal data processed, you are entitled to withdraw it any time. However, we would like to inform you that in the case you choose to withdraw your consent, it might be necessary to keep some of your data for the purposes of maintaining compliance with our legal obligations. Please note that we may also keep the data if our legitimate interest entitles us to do so.
Please note that we are not obliged to delete all of your personal data if you cancel the subscription or uninstall our App. We may still keep the data which are obtained during the installation of the App, such as your store URL, email address, and your first and last name, for the purposes of maintaining compliance with our legal obligations.
6. Cookies
We use cookies to collect information about you and your activities on our site. A cookie is a small piece of data analytics that our website stores on your computer, and accesses it each time you visit, so we can understand how you use our site. This helps us better to serve you content that is based on the personal preferences you have specified.
We also use cookies to secure a better user experience and personalized content for you. In addition, cookies for marketing purposes, analyzing a visitor’s activity on a website or during communication with the third parties. You may set up cookie processing options via your web browser and you can grant consent to processing the marketing cookies via a cookie bar.
You may also choose to use our website without cookies. In such a case we would not be able to collect any information about you or about your activity on the website. Moreover, if you disable the cookies, the website or App may not display correctly.
The collected cookies are processed by the Company or other processors:
- the Google Analytics services provided by the Google Inc. company. Collected cookies are processed in compliance with Google Inc. Privacy Policy, which you can find here;
- the Intercom chat application is provided by the Intercom R&D Unlimited Company. Collected cookies are processed in compliance with Intercom R&D Unlimited Company Privacy Policy, which you can find here.
We collect these specific types of cookies:
7. Disclosure and transfer of personal data to third parties
We may disclose personal data to:
- third-party service providers (data processors) for the purpose of enabling them to provide their services, including (without limitation) IT service providers; data storage; hosting and server providers; CRM providers; ad networks; analytics; error loggers; debt collectors; maintenance or problem-solving providers; marketing or advertising providers; professional advisors and payment systems operators; and
- our employees, contractors and/or related entities.
Below is a list of the engaged processors who may receive your personal data from us:
- Google LLC – a service we use to track usage of our Apps and website, and improve their UX;
- Intercom R&D Unlimited Company – the tool used to provide you with the live chat and helpdesk service;
- Heroku by Salesforce.com, Inc. – the service used to host our Apps;
- Smartlook.com, s.r.o. – the service used to track usage of our Apps and improve their UX;
- Twilio Inc. (Segment) – the service used to track events in our Apps;
- Mixpanel Inc. – the analytics service used to track usage of our Apps and improve their UX;
- Mailgun Technologies, Inc. – the email delivery service, and
- Pipedrive, Inc – the tool used to collect leads and manage deals (not used for Apps, only for the agency part of our business).
We do not transfer your data to any international organizations. However, we are entitled to transfer some of your personal data outside of the European Economic Area (EEA) via some entities we cooperate with. This transfer is made only if it complies with the terms and conditions of the legal provisions for such transfer. In such a case, we will inform you about such a transfer at the same time or an update of this Privacy Policy will be published.
The personal data we collect is stored and processed in the European Union, or where we or our partners, affiliates and third-party providers maintain facilities. By providing us with your personal data, you acknowledge that the data may be disclosed to these overseas third parties.
We will ensure that any transfers of personal information from countries in the European Economic Area (EEA) made to countries outside the EEA will be protected by using the appropriate safeguards, for example, by applying standard data protection clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means.
Where we transfer personal information from a non-EEA country to another country, you acknowledge that third parties in other jurisdictions may not be subject to similar data protection laws to those applicable in our jurisdiction. There are risks if any such third party engages in any act or practice that would contravene the data privacy laws in our jurisdiction, and this could mean that you will not be able to seek redress under our jurisdiction's privacy laws.
Information about your rights
1. General information
We ensure that the processing of all personal data is carried out in a proper and safe manner. You can exercise the rights imparted to you in this section with the data controller by sending an email.
The information regarding your rights is provided free-of-charge, unless the request for information is clearly unreasonable or inadequate, especially due to a repetitive nature. In this case, we are entitled to charge a reasonable fee, taking into account any additional administrative costs for providing the requested information.
We will provide you with comments and, if applicable, information about the measures that have been taken as soon as possible, but at the latest within a month. We are entitled to extend the period by two months, if necessary, and, in view of the complexity and number of applications. We will inform you of such an extension, including the reasons for making such an extension.
You have the following rights besides those rights already mentioned in this Privacy Policy:
2. Right to be informed about the processing of your personal data and the right to access
You are entitled to request information as to whether the personal data are subject to processing or not. If your personal data are being processed, you have the right to request information concerning:
- us, as the data controller;
- our representatives or personal data protection commissioners;
- the purpose for processing the personal data;
- the categories of personal data;
- the recipients or categories of recipients of personal data;
- the enumeration of your rights; and
- the option to send an inquiry the Office for Personal Data Protection about the sources of personal data processing as well as automated decision-making and profiling.
You have the right to be provided with a copy of your processed personal data; however, the right to obtain this copy cannot interfere with the rights and freedoms of other persons.
If we intend to use the personal data for a purpose other than which it was originally collected for, we will provide you with additional information as well as information about the intended purpose prior to commencing any additional data processing.
3. Information from third parties
If we receive personal data about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal data about somebody else, you represent and warrant that you have such person's consent to provide the personal data to us.
4. Right to restrict
You may choose to restrict the collection or use of your personal information. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below. If you ask us to restrict or limit how we process your personal information, we will let you know how the restriction affects your use of our website or products and services.
5. Right to data portability
You may request details of the personal data that we hold about you. You may request a copy of the personal data we hold about you. You may also request that we transfer this personal data to another third party.
6. Right to erasure (right to be forgotten)
You have the right to request the erasure of your personal data where one of the following grounds applies, for example, the personal data are no longer necessary in relation to the purposes for which they were collected. We erase the personal data automatically; however, you can also request that the data be erased. In such a case, your request will be reviewed individually and you will be informed about the outcome. Please note that in some cases we still might be legally required to process your personal data.
7. Right to correction
If you believe that any information that we have about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, please contact us. We will take reasonable steps to correct any information which is found to be inaccurate, incomplete, misleading or out-of-date.
8. Right to non-discrimination
If you choose to exercise your rights, such as the right to refuse to provide us with personal information or the right to ask us to delete your data, we cannot refuse to provide you with services, charge you different prices, or provide you with a different level of our services merely due to the fact that you have exercised your rights.
9. Complaints
If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details above and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you in writing, detailing the outcome of our investigation and the steps to be taken in order to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.
Information about automated individual decision-making
Automated decision-making refers to a decision which is taken solely on the basis of the automated processing of your personal data. This means processing using, for example, software codes or algorithms, which does not require any human intervention.
We will not make any decisions which are based solely on automated processing that would have legal consequences concerning the data subject or that may similarly significantly affect the data subject.
Changes to this Privacy Policy
At our discretion, we may change our Privacy Policy from time-to-time to reflect current acceptable practices. We will also take reasonable steps to let users know about any changes implemented via our website. Your continued use of this website after any changes have been made to this Privacy Policy will be regarded as acceptance of our practices in connection with privacy and personal data.
If we make any significant changes to this Privacy Policy, for example, changing the lawful basis upon which we intend to process your personal information, we will ask you to re-consent to the amended Privacy Policy.
Contact us
In case of any questions about this Privacy Policy, please contact us by email at: dpo@digismoothie.com or via the Intercom Chat integrated into our Apps.
You can also reach us at our mailing address: Digismoothie s.r.o., Rohanske nabrezi 678/29, 186 00 Prague, Czech Republic.
This Privacy Policy is effective as of June 1, 2021.