Welcome to Retter, a web application that provides heatmaps & replay sessions for merchants who use the Shopify platform (the “Application” or the “Service”). The Application is owned and operated by Upify. (“Company”, “we”, “us”).
We respect your privacy. This Privacy Notice (the “Notice”) explains our privacy practices for the Application. The Notice also describes the rights and options available to you with respect to your personal information.
PERSONAL DATA WE PROCESS
Information we obtain from Shopify. The Application is available only to merchants who own a Shopify store. When you install the application through the Shopify app store, we automatically gain access to the following information from your Shopify account: your full name, address, e-mail address, and cell phone number. We also obtain details of your Shopify store.
Customers Information. While using the Application, we gain access to the following information of your Shopify store customers: name, address, email address, order history. Depending on your choice to use some features in the Application, we may also gain access to birth dates and answers to customer surveys.
Meta Data. When you use the Application, we collect information about your computer or mobile device, your operating system, and your browser.
We also collect Meta Data of your customers.
Analytics. When you use the Application, we collect information about your use of the Application. For example, we may record the frequency and scope of your use, action taken while using the Application, and the interactions you make with the Application.
HOW WE PROCESS AND USE PERSONAL DATA
We process your data for the following purposes:
We process the information we obtain from Shopify to identify you and to operate the Application and provide you with its features and functionality.
We process the information we obtain from Shopify to provide you with technical support and assistance.
The legal basis under EU law for processing your Information is our legitimate interest in assisting our users on issues relating to their use of the Application.
We process your information to send you updates and other communications related to the Application.
The legal basis under EU law for processing your information is our legitimate interest in promoting our business by updating users of new features of the Application and other information pertaining to the Application.
If you indicate your explicit consent, we will use your information to send you marketing communications about our services, including updates about new services that we believe may be suitable to you.
You may ‘opt-out’ of using your information for marketing communications by sending an email to: firstname.lastname@example.org, or as otherwise provided in our marketing communications. By doing so, we will only delete or stop processing the information which is required to contact you for marketing communications, while the rest of the Information which is necessary to provide you with the Service will continue to be processed and used.
The legal basis under EU law for processing your information for marketing communication purposes is your explicit consent.
We process Meta Data for security and monitoring purposes.
The legal basis under EU law for processing Meta data is our legitimate interests in monitoring and securing our Service.
We process your Analytics Information to understand how users interact with the Application so that we can personalize, develop and improve it.
The legal basis under EU law for processing your Analytics Information is our legitimate interest in understanding how the Application is used in order to develop and improve it.
WHEN IS YOUR PERSONAL DATA SHARED WITH OTHERS
We do not sell your personal information to third parties.
We will not share your information with third parties, except in the events listed below or when you provide us your explicit and informed consent.
We will share your personal information with service providers, who assist us with the internal operations of the Service. These companies are authorized to use your personal information only as necessary to provide these services to us and not for their own purposes. The service providers we use are: Digital Ocean, AWS, MySQL, Klaviyo, SendGrid, Onesignal, Crisp, Facebook, Google, Adroll, Bing, Reddit, Quora, LinkedIn, Twitter.
If you violate any applicable law, your information will be shared with competent authorities and with third parties (such as legal counsels and advisors), for the purpose of handling the violation.
The legal basis under EU law for such processing is our legitimate interest in enforcing our legal rights.
If we are required to disclose your information by a judicial, governmental or regulatory authority.
The legal basis under EU law for this processing is our compliance with the legal obligations we are subject to.
If the operation of the Company is organized within a different framework, or through another legal structure or entity (such as due to a merger or acquisition), provided that those entities agree to be bound by the provisions of this Notice, with reasonably necessary changes taken into consideration.
The legal basis under EU law for this processing is our legitimate interests in business continuity following a structural change.
INTERNATIONAL DATA TRANSFER
The Application, by its nature as an online service, may store and process Information in various locations throughout the globe, including through cloud services.
Transfer of Information outside the EU. Information we collect from you will be processed in Israel, which is recognized by the European Commission as having adequate protection for personal data.
When we transfer your information from within the EU to the United States or other countries, which are not recognized by the European Commission as having adequate protection for personal data, we will endeavor to do so while using adequate safeguards determined by the European Commission, such as the privacy shield framework for the United States.
YOUR EU RIGHTS
If you are an individual in the EU, you have the following rights:
Right to Access your personal data that we process and receive a copy of it.
Right to Rectify inaccurate personal data we have concerning you and to have incomplete personal data completed.
Right to Data Portability, that is, to receive the personal data that you provided to us, in a structured, commonly used, and machine-readable format. You have the right to transmit this data to another service provider. Where technically feasible, you have the right that your personal data be transmitted directly from us to the service provider you designate.
If the legal basis for processing your personal information is your consent, you may Withdraw Your Consent at any time. If you do that, we will still process certain information on legal basis other than consent, as described in this Notice. Withdrawing your consent will not affect the lawfulness of data processing we carried out based on your consent before such withdrawal.
Right to Object, based on your particular situation, to use your personal data on the basis of our legitimate interest. However, we may override the objection if we demonstrate compelling legitimate grounds, or for the establishment, exercise of defense of legal claims. You may also object at any time to the use of your personal data for direct marketing purposes.
Right to Restrict processing your personal data (except for storing it) if you contest the accuracy of your personal data, for a period enabling us to verify its accuracy; if you believe that the processing is unlawful and you opposes the erasure of the personal data and requests instead to restrict its use; if we no longer need the personal data for the purposes outlined in this Policy, but you require them to establish, exercise or defense relating to legal claims, or if you object to processing, pending the verification whether our legitimate grounds for processing override yours.
Right to be Forgotten. Under certain circumstances, such as when you withdraw your consent, you have the right to ask us to erase your personal data. However, we may still process your personal data if it is necessary to comply with a legal obligation we are subject to under laws in EU Member States or for the establishment, exercise or defense of legal claims.
If you wish to exercise any of these rights, contact us at email@example.com. We reserve the right to ask for reasonable evidence to verify your identity before we provide you with information. Where we are not able to provide you with the information that you have asked for, we will explain the reason for this.
Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If you are in the EU, you can lodge a complaint to the supervisory authority, in particular in the Member State of your residence, place of work, or of an alleged infringement of the GDPR. For a list of supervisory authorities in the EU, click here.
The Application is not intended for minors under the age of 18. We do not knowingly or intentionally collect information from minors under the age of 18.
From time to time, we may change this Notice, in which case we will notify you of the updated Notice by email. The latest version of the Notice will always be accessible on the Application.
DATA CONTROLLER AND PROCESSOR
Upify. is the data controller of the personal data we collect and process through the Application.
Upify. Is the data processor of your Customers Information we collect and process through the Application.
If you have any questions or requests concerning your personal data or about our privacy practices and policies, you may contact our Data Protection Officer.