The General Data Protection Regulation (GDPR) exists to protect personal data and digital privacy, and Froonze complies with this legislation to make sure the rights of merchants and their customers are guaranteed when it comes to personal information.
The General Data Protection Regulation (GDPR) is a legal framework approved in 2016 that updates and unifies data privacy laws across the European Union (EU), setting guidelines for the collection and processing of personal information from European citizens whether they live or not in Europe. GDPR aims to give consumers control over their own personal data and ensure the rights the legislation grants them by holding companies responsible for the way they handle and treat this information.
Merchants are the administrators of the stores that install and use our application. When you install our app we access and store information from your Shopify account profile to identify and communicate with you (name, email, phone) and from the account settings that are relevant to install and run the application (shop domains, plan, country, language, currency, product and customers count)
Since this data is synced with the platform Shopify, the tools to access, correct and update this information are those provided by Shopify in their Store Settings. Whenever necessary, the deletion of this information in our database can also be processed in 72 hours through direct request to our support channel at firstname.lastname@example.org once the application is uninstalled.
Customers are all those individuals with active accounts in the store and it is to them that the GDPR legislation is mainly aimed. For the purposes of GDPR, the Merchant is the Controller of the customers’ data, which means that is the Merchant that collects customers’ data and chooses how it is handled, while Froonze acts as Processor by following instructions to process this personal data on behalf of the Controller. The Merchant, as the Controller, is able to manage this data (including all that our app processes) from the Shopify Admin dashboard, and is obliged to fulfill the personal data rights (DSR) of customers that are European citizens.
As a Processor we help the Merchant to fulfill your customers’ data rights precisely by making available to them in our Customer Portal different panels where customers can review and edit their profile information, access the details of their orders or information provided by other applications through integrations, or contact the shop.
As Processors, we access customers’ information once they sign up at your site, and store some of it only in order to operate our main features: a Customer Portal where content is adapted to each of the customers, profile and addresses edit panels, and customer-level registration tools. Accordingly, the information we store is basically that corresponding to a part of the customers’ profiles (email, name, phone number, country, date of birth, gender, total spent, orders count, subscription status and customer tags) while other customer information like order details, addresses or metafield values remain stored uniquely in Shopify, and is only accessed punctually via API to be presented on the Customer Portal.
We only retain customer information on our servers for as long as necessary to provide the Merchant with a service, and we only request access to that information that is strictly needed. If an individual, either directly or through the Merchant, wants his/her personal information to be deleted from our database, this action can be processed in 72 hours through direct request to our support channel at email@example.com
We store both stores and customer data on Heroku, production servers located in the US, running on Amazon Web Service (AWS). Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilizes the Amazon Web Service (AWS) technology where data is encrypted at all times. Amazon conducts recurring assessments to ensure compliance with industry standards. In particular, their data center operations have been accredited under:
If you integrate Froonze Customer Accounts Concierge with other apps, the personal data of you and your customers will be processed by these apps.