Privacy Policy for Merchants
We have issued our policies in accordance with European Union’s General Data Protection Regulation (GDPR) to ensure that we make it easy for our users to be compliant.
Appio is a web application that provides an online reviews solution (the “Application”) for merchants who use the Shopify platform to operate and enhance their e-commerce websites (the “Merchants”). The Application is owned and operated by Appio Ltd. (“we”, “us”, “our”).
This Privacy Policy (the “Policy”) explains our privacy practices for the Application. The Notice also describes the rights and options available to you with respect to your personal information.
Personal data we process
Information we obtain from Shopify. The Application is available only to Merchants who own a Shopify store. When you install the Application through the Shopify app store, we automatically gain access to the following information from your Shopify account: your full name, address, e-mail address, cell phone number and details of your Shopify store.
While you use the Application, we collect information on your Shopify store customers, such as: name, email address, address, order history (purchase amount, purchase date, item purchased) and reviews information on your store (photos, videos, rating, review text, comments).
How we process and use personal data
We process your data for the following purposes:
- To operate the Application and provide its features and functionality.
We process the Information we obtain from Shopify to identify you and to operate the Application and provide you with its features and functionality.
- To provide you with technical support and assistance
We process your Information we obtain from Shopify to send you updates and other communications related to the Application.
When is your personal data shared with others
- We do not sell your personal information to third parties.
- We will not share your information with third parties, except in the events listed below or when you provide us your explicit and informed consent.
- We will share your information with our service providers helping us to operate the Application.
These companies are authorized to use your personal information only as necessary to provide their services to us and not for their own purposes. We uses the following sub-processors to process Personal Data (Vendors) as below:
-
- DigitalOcean LLC (United States; Standard Contractual Clauses).
-
- SendGrid Inc. (United States; Standard Contractual Clauses).
-
- CloudFlare Inc. (United States; Standard Contractual Clauses).
-
- HelpScout (United Stated; Standard Contractual Clauses).
-
- Amazon Web Services Inc. (United Stated; Standard Contractual Clauses).
- If you violate the law, we might share your information with competent authorities.
- We might share your information if we are legally required by a judicial, governmental or regulatory authority.
Security and data retention
We retain your personal data as long as the Application is installed in your Shopify store, and thereafter for compliance and legal purposes.
We also implement measures to secure your Information.
Your EU rights
You have the right to access, update or delete your Information and obtain a copy of your Information.
If you are an individual in the EU, you have the following rights:
Right to Access your personal data that we process and receive a copy of it.
Right to Rectify inaccurate personal data we have concerning you and to have incomplete personal data completed.
Right to Data Portability, that is, to receive the personal data that you provided to us, in a structured, commonly used and machine-readable format. You have the right to transmit this data to another service provider. Where technically feasible, you have the right that your personal data be transmitted directly from us to the service provider you designate.
If the legal basis for processing your personal information is your consent, you may Withdraw Your Consent at any time. If you do that, we will still process certain information on legal basis other than consent, as described in this Notice. Withdrawing your consent will not affect the lawfulness of data processing we carried out based on your consent before such withdrawal.
Right to Object, based on your particular situation, to using your personal data on the basis of our legitimate interest. However, we may override the objection if we demonstrate compelling legitimate grounds, or for the establishment, exercise of defense of legal claims. You may also object at any time to the use of your personal data for direct marketing purposes.
Right to Restrict processing your personal data (except for storing it) if you contest the accuracy of your personal data, for a period enabling us to verify its accuracy; if you believe that the processing is unlawful and you oppose the erasure of the personal data and requests instead to restrict its use; if we no longer need the personal data for the purposes outlined in this Policy, but you require them to establish, exercise or defense relating to legal claims, or if you object to processing, pending the verification whether our legitimate grounds for processing override yours.
Right to be Forgotten. Under certain circumstances, such as when you withdraw your consent, you have the right to ask us to erase your personal data. However, we may still process your personal data if it is necessary to comply with a legal obligation we are subject to under laws in EU Member States or for the establishment, exercise or defense of legal claims.
If you wish to exercise any of these rights, contact us at [email protected]
We reserve the right to ask for reasonable evidence to verify your identity before we provide you with information. Where we are not able to provide you with information that you have asked for, we will explain the reason for this.
You have a right to submit a complaint to the relevant supervisory data protection authority.
Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If you are in the EU, you can lodge a complaint to the supervisory authority, in particular in the Member State of your residence, place of work or of an alleged infringement of the GDPR.
Minors
The Application is not intended for minors under the age of 18. We do not knowingly or intentionally collect information from minors under the age of 18.
Changes to this privacy policy
From time to time, we may change this Policy, in which case we will notify you of the updated Policy by email. The latest version of the Policy will always be accessible on the Application.
Data controller and processor
We are the data controller and processor of your personal data as we collect and process your Customer Information through the Application.
Contact us
You can contact us at [email protected]
Privacy Policy for End Users
Appio Ltd. (“Appio“, “we”, “us”, “our”) provides an online reviews solution which enables users to share reviews and/or interact with them on a variety of platforms (the “Service“). This Privacy Policy (the “Policy“) describes how we collect and use your personal data through our Service. It also describes the rights and options available to you with respect to your personal information.
“User” or “you” shall mean a person posting a review and/or interacting with reviews on a Merchant Website via the Service.
“Merchant” means any third party that uses our Service to enable you to post reviews to Merchant Website. “Merchant Website” shall refer to the website of a Merchant implementing the Service.
Please note that this Policy covers the Service’s privacy practices in general matters. The Merchant has an additional privacy policy related to your personal data (the “Merchant’s Policy”).
Personal data we process
Information about your purchases at the Merchant’s website.
Once you have completed the purchase on the Merchant’s website, we will receive and process the following information regarding your purchases: email address, full name, purchase amount, purchase date, order ID and item you purchased and your address (“Transaction Information“).
Your reviews on the Merchant’s website.
If you choose to submit a review on the Merchant’s website, we will collect your name and email address, and also collect any information you choose to provide within such review, including: photos, rating, review text, comments to the review and your responses to other questions that the Merchant presents in the submission form.
How we use personal data
- We use your Information on behalf of the Merchant, in order to provide the Service.
- to send request email communications.
Subject to your consent to the Merchant, we process your Information to allow the Merchant to send you request email communications, such as asking you to submit a review for products you purchased, informing you of a response to a review, etc.
You may ‘opt-out’ of using your Information for promotional communications at any time by clicking the “Unsubscribe” link at the bottom of any email we send or by sending an email to our support service at: [email protected]
You may opt-out from the Merchant’s promotional email communications.
- We and the Merchant will publicly display your review on the web.
When and how we share personal data with others
- We do not sell your Information to third parties.
- We will not share your information with third-parties, except in the events listed below or when you provide us your explicit and informed consent
- We share your Information with the Merchant to which you submitted the review. The Merchant will use the information according to its own policies.
- We share your Information with the service providers who assist us in operating our business and the Service. The service providers we use are listed below:
-
- DigitalOcean LLC (United States; Standard Contractual Clauses).
-
- SendGrid Inc. (United States; Standard Contractual Clauses).
-
- CloudFlare Inc. (United States; Standard Contractual Clauses).
-
- HelpScout (United Stated; Standard Contractual Clauses).
-
- Amazon Web Services Inc. (United Stated; Standard Contractual Clauses).
- We may share your Information when you violate our Terms of Service.
If you have breached our Terms of Service, this Policy or any other agreement you have with Appio, abused your rights to use the Service, or violated any applicable law – Your Information will be shared with third parties (such as legal counsels and advisors), who handle the matter on our behalf, or with the competent authorities.
- We may share your Information if we are legally required by a governmental or regulatory authority acting within its legal authority
Security and data retention
- How long will we retain your Information.
We retain your Transaction Information for one (1) year, unless you submitted a review through our Service. If you submitted a review, we will retain your Information as long as we need it for the purposes for which it was obtained or until you ask to delete it.
- We implement measures to secure your Information
We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information. However, these measures do not provide absolute information security.
Your rights
- If you are in the EU, you have the right to access, update or delete your Information and obtain a copy of your Information. Contact the Merchant to do so.
- If you are in the EU, you may ask the Merchant to exercise your rights to access the personal information about you that we store on our systems, and have the Merchant update, correct or delete it. You are also entitled to obtain your Information (excluding data obtained from other sources) in a structured, commonly used and machine-readable format, and have the right to transmit those data to another data controller. If you wish to exercise any of these rights, contact the Merchant directly.
- You have a right to submit a complaint to the relevant supervisory data protection authority.
If you are in the EU, you can lodge a complaint to the supervisory authority under the General data Protection Regulations (“GDPR”), in particular in the Member State of your residence, place of work or where the alleged infringement of the GDPR occurred.
Minors
You must be at least 18 years of age to use the Platform.
The Platform are not intended for minors under the age of 18. IF YOU ARE UNDER THE AGE OF 18 YOU MAY NOT USE THE PLATFORM.
Changes to this privacy policy
From time to time, we may change this Policy. We will post a notice of such change on our website at https://getappio.com/. The latest version of the Policy will always be accessible through the Service.
Data controller and data processor
We are the data processor (and CCPA service provider) on behalf of the Merchant, who is the data controller (CCPA Business).
The Merchant is the data controller of your personal data on the Service. It determines the purposes and means of processing your data.
You can review the Merchant’s contact information in the Merchant’s Policy. We are the data processor of your personal data on the Service, processing the data on behalf of the Merchant.
If the California Consumer Privacy Act (CCPA) applies to the Merchant, the Merchant is considered the ‘Business’ and we are the ‘Service Provider’ under the CCPA.
Contact us
You can contact us at [email protected]