This policy applies to information we collect when you choose to use this website, and also to personal data which we process further to supplying services/goods to you should you purchase from our retailers using this website and app.
Who we are
This website is owned by ShopAppy Limited and our registered office is at 15 Victoria Park, Shipley, West Yorkshire BD15 4RL (Company No. 10285855) ShopAppy ('we' or 'us') are a 'data controller' for the purposes of the Data Protection Act 2018 (the "Act") where we control the purposes for which we process your personal data.
Any questions about our data protection policy or how we handle your personal data should be addressed to Jackie@shopappy.com. (See ‘How to contact us’ below.)
What personal data do we collect?
We collect personal data about you (such as your name, address, email address and contact number, age, credit/debit card information), when you make an enquiry, fill out forms on the website (or email, telephone or otherwise contact us), subscribe with us, use social media functions available on our website, or when you purchase products or services from our retailers via our website.
Who do we share your personal data with?
We may send information about you to other parties, our retailers, service providers and law enforcement agencies in connection with any investigation to help prevent unlawful activity.
Due to the nature of our business we work with a variety of service providers who act as our processors who store and process your personal data on our instructions. Below is a list of our service providers for your information:
- Retailers- to fulfil and process your order;
- Website and app development and hosting companies- who host our website;
- App development companies – to develop and update the App for mobile use;
- Website development companies – to develop and update the website
- Technology organisations – to develop new technology to support ShopAppy
- Customer Relationship Management platforms – to tailor a better experience for customers;
- Email platforms to distribute emails to customers;
- Business partners that help to promote or deliver ShopAppy;
- Sub-contractors who help to improve, promote and extend the reach of ShopAppy;
- Delivery companies – so that they can contact you directly regarding your delivery or processing your orders if and when applicable;
- Information Technology platforms that host our site or support our IT development work or where we link our social media or videos;
- Secure servers that host the site and data;
- Secure payment platforms – so that we can take payment for your order in a secure safe manner;
- Credit Reference Agencies who work with the payment platforms;
- Search information providers who help us optimise our presence online to make it easier for people to find us.
We only send your data outside the EEA where we have in place a legal agreement which complies with the Legislation and where you have given your express consent. In order to fulfil our contractual agreement with you, we use an invoicing platform called Xero to process all of our invoices and to ensure an improved experience for our customers we use services called MailChimp and Drip.
MailChimp, Drip and Xero's servers are all based in the US which means the personal data of our customers is transferred and stored within the US. Due diligence has been completed with these processor’s which has confirmed that Mailchimp and Xero have the EU-US Privacy Shield which is required as the legal basis by the Act for transferring personal data to the US. Drip complies with the Act by agreeing to EU approved standard moral clauses for the transfer of personal data.
You can find out more information about how they safeguard your personal data by visiting: https://www.xero.com/uk/about/terms/privacy/, https://www.drip.com/privacy and https://mailchimp.com/legal/privacy/.
How will we use the information about you?
We process information about you so that we can:
- provide the products and/or services to fulfil the contract between you and any retailer;
- identify you and manage any account you hold with us;
- answer any questions you may have about our website and the products and/or services;
- detect and prevent fraud;
- develop, maintain and protect our website;
- customise our website and its content to your particular preferences;
- notify you of any changes to our website or to our services that may affect you;
- improve our services;
- let you know about other products or services that may be of interest to you (see 'Marketing’ section below)
- send our newsletter to you (if requested by you);
- participate in discussion boards, functions on the website;
- enter a competition, promotion or survey.
We use any personal data submitted to us by you to provide you with further information by email about the products and services we offer or our retailers offer which you have requested and/or which may be similar and which we consider could be of interest to you. You can choose to unsubscribe at any point by clicking on the link at the bottom of the emails or removing yourself from notifications or our social medial platoforms. We shall not sell your personal data or disclose your data third parties for the purpose of such third party marketing to their products or services to you.
Email marketing campaigns published by us may contain tracking facilities within the actual email. Subscribed activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include: the opening of emails, forwarding of emails, the clicking of links within the email consent, times, dates and frequency of activity (this is by no means a comprehensive list).
Any comments you make on these social media platforms in general must be not offensive, insulting or defamatory. You are responsible for ensuring that any comments you make comply with any relevant policy on acceptable use of those services.
Lawful basis for processing personal data
We will only process your personal data where we have a legal basis for doing so. There are 6 lawful reasons for processing personal data which are:
- Contractual - the processing is necessary to fulfil a contract we have with you, or because you have asked you to take specific steps before entering into a contract
- Legal Obligation - the processing is necessary for us to comply with the law
- Vital Interests - the processing is necessary for us to protect a person’s life
- Legitimate Interest - the processing is necessary for our legitimate interest and this does not override an individual' s personal data rights and freedoms
- Consent - you have given clear consent for that processing of your personal data
- Public Task - the processing is necessary for us to perform a task in the public interest or for our official functions
Most of the processing we carry out in relation to your personal data is done in order to fulfil our contractual obligations with you but we also have legal obligations to keep and use certain personal data, legitimate interest and consent.
If we are relying on the legitimate business interest basis for lawful processing be assured that we only do this where we have considered carefully the risks to your rights and freedoms (as we are required to do by the GDPR) and we will not process personal data on this basis if we have any doubt that your rights might be adversely affected. We also revisit this assessment regularly and update our procedures according to our findings.
Keeping your data secure
Our staff and associates are bound by obligations of confidentiality and trained in the protection of personal data. We will take all reasonable steps to comply with the Act and use the appropriate technical and organisational measures necessary to safeguard your personal data. We only share your personal data with third parties who are required to comply with the Act.
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that is transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us (see ‘How can you contact us?’ below).
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
We store your personal data on secure servers for a period of:
- 1 years from the date on which you cease to be registered on our website; or
- until you ask us to destroy it,
in each case unless the law requires us to store the data for a longer period.
What rights do you have?
The GDPR provides the following rights for individuals whose personal data is processed:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object to processing
- Rights in relation to automated decision making and profiling. We do not carry out automated decision making and profiling)
Right to access – i.e., to request a copy of your information
You can request a copy of your information which we hold (this is known as a subject access request). If you would like a copy of some or all of it, please:
- email or write to us (see ‘How can you contact us?’ below);
- let us have proof of your identity (a copy of your driving licence or passport); and
- let us know what information you want.
Right to correct any mistakes in your information
You can require us to correct any mistakes in your information which we hold free of charge. If you would like to do this, please:
- email or write to us (see ‘How can you contact us?’ below)
- let us have enough information to identify you
- let us know the information that is incorrect and what it should be replaced with.
Right to remove your details from our records or restrict how we use your information
You can ask us to stop contacting you for particular purposes or remove your information completely from our records. There may be a legal reason why we need to keep your personal data and in that circumstance we will destroy your personal data as soon as we are legally entitled to do so. If you would like us to stop contacting you with information about our services, please:
- email or write to us (see ‘How can you contact us?’ below). You can also click on the ‘unsubscribe’ button at the bottom of the email and/or newsletter
- let us know what method of contact you are not happy with if you are unhappy with certain ways of contacting you only (for example, you may be happy for us to contact you by email but not by telephone).
Right to complain
If you have any concerns or complaints about how we use your personal data we hope you will alert us to these directly (see the Contact information below). You are entitled to complain to the Information Commissioners Office (ICO) which is the supervisory authority in the UK. Their contact details and the procedure can be found at www.ico.gov.uk
For example, your log-in information, browser type and version, we may monitor how many times you visit the website, dates and times, which pages you go to, page response time, download errors, traffic data, page interaction information, (such as scrolling, clicks and mouse overs), location data (IP address) and the originating domain name of a user's internet service provider, to improve the user's experience whilst visiting the website, and better understand how you use it. This information helps us to build a profile of our users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually.
You can set your browser not to accept cookies and the websites below tell you how to remove cookies from your browser. However, some of our website features may not function as a result.
Third Party Cookies: These are cookies set on your machine by external websites whose services are used on this site. Cookies of this type are the sharing buttons across the sites which allow visitors to share content onto social networks. Links are currently provided to LinkedIn, Twitter, Facebook,and Instagram. In order to implement these buttons, and connect them to the relevant social networks and external sites, there are scripts from domains outside of our websites. You should be aware that these sites are likely to be collecting information about what you are doing all around the internet, including on our websites. You should check the respective policies of each of these sites to see how exactly they use your information and to find out how to opt out, or delete, such information.
How to contact us