What is GDPR?
Under GDPR, you might need to obtain consent to process a customer's personal data or change how you currently obtain that consent. In particular, GDPR says that consent must be "freely given, specific, informed and unambiguous." For example, if you are using online advertising or retargeting apps, then you might need a heightened form of consent. Consider the following questions:
- Do you need to get a more specific consent from customers because of the personal information that you or a third-party app processes?
- Do you need to change your processes to get affirmative, opt-in consent for processing personal data?
How does this app help you achieve GDPR compliance?
The app allows customers to request their Shopify data at their disposal when they are logged in to their account on your shop. Once logged in, they will see a compliance icon in the bottom right of their page and when this is clicked on, they can send you a request directly.
You'll receive an email notifying you that a request is waiting for you from one of your customers.
How can I get support?
Email our apps team at firstname.lastname@example.org for support.
Please note, we don't give legal advice relating to your GDPR compliance. We strongly suggest you seek professional legal council.
How does the app handle my data?
This app is a data processor and does not retrieve nor store any personal data about you.
When a customer requests data, we extract but do not store, the necessary details from Shopify in order to facilitate this request.
This app's aim is to ensure your exposure to your customers is minimised as much as possible by automating the request process so you don't store their data on your computer or in your email software.
What data does the app extract for the customer?
At present, the app only extracts data held in your Shopify store. Namely, customer and order data.
We are busy integrating with third party app like Mailchimp to extract your customer data from these apps too.
So stay tuned for upcoming integrations or you can contact us directly if you have a suggested integration: email@example.com.
What are the penalties for non-compliance?
Non-compliance can face massive penalties of up to 4% of worldwide annual turnover or €20,000,000, whichever is higher.
See Article 83 point 5 of the GDPR text.
What do I do if I have more questions about GDPR or my local privacy laws?
We are in the process of compiling a list of lawyers who specialise in privacy or data protection law. In the meantime, we highly recommend that you contact a local lawyer with these specialties.