2. Information from customers
What information do we collect from our customers and why?
- We collect our customers’ name, email, shipping and billing address, payment details, company name, phone number, IP address, information about orders you initiate, information about other Shopify-supported merchant stores that you visit, and information about the device and browser you use.
- Shopify uses this information to provide us with the Services, including supporting and processing orders, risk and fraud screening, authentication, and payments. They also use this information to improve their Services.
- Shopify uses some of the personal information you provide us to conduct some level of automated decision-making -- for example, they use certain personal information (for example, ip addresses or payment information) to automatically block certain potentially fraudulent transactions for a short period of time.
When do we collect this information?
- We collect this information when you use or access our Web Store, place an order or sign up for an account on our Web Site.
- Additionally, Shopify partners with third parties who provide them with information about our customers, for example to help us screen out customers associated with fraud.
When and why do we share this information with third parties?
- Shopify works with a variety of third parties and service providers to help provide Loupe System with the Services and they may share personal information with them to support these efforts.
- We or Shopify may also share your information in the following circumstances:
- To prevent, investigate, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Shopify’s Terms of Service or any other agreement related to the Services, or as otherwise required by law.
- To conform to legal requirements, or to respond to lawful court orders, subpoenas, warrants, or other requests by public authorities (including to meet national security or law enforcement requirements).
- Personal information may also be shared with a company that acquires Shopify’s business or Loupe System’s business, whether through merger, acquisition, bankruptcy, dissolution, reorganization, or other similar transaction or proceeding.
- Shopify is responsible for all onward transfers of personal information to third parties in accordance with the EU-U.S. Privacy Shield Framework, the Swiss-U.S. Privacy Shield Framework, and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).
3. Information from cookies and similar tracking technologies
What is a cookie? A cookie is a small amount of data, which may include a unique identifier. Cookies are sent to your browser from a website and stored on your device. We assign a different cookie to each device that accesses our website.
- Opting out: You can opt out of targeted ads served via specific third-party vendors by visiting the Digital Advertising Alliance’s Opt-Out page.
- Shopify may also use web beacons, software development kids, and other automated tracking methods on our Web Site, in our communications with you, and in their products and services, to measure performance and engagement.
- Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, Shopify does not alter its data collection and usage practices when they detect such a signal from your browser.
4. For how long do we retain your personal information?
- In general, we keep your personal information throughout your relationship with us.
- Once you terminate your relationship with us, we generally will continue to store archived copies of your personal information for legitimate business purposes and to comply with the law, except when we receive a valid erasure request.
- Shopify will continue to store anonymous or anonymized information, such as website visits, without identifiers, in order to improve their Services.
5. What we don’t do with your personal information
- Loupe System and Shopify do not and will never share, disclose, sell, rent, or otherwise provide personal information to other companies (other than to specific Shopify third party apps or service providers being used by our Web Store) for the marketing of their own products or services.
6. How do we keep your personal information secure?
- Shopify follows industry standards on information security management to safeguard sensitive information, such as financial information, intellectual property, employee details and any other personal information entrusted to them. Their information security systems apply to people, processes and information technology systems on a risk management basis.
- They perform annual audits to ensure their handling of your credit card information aligns with industry guidelines. They are certified as a PCI DSS Level 1 compliant service provider, which is the highest level of compliance available, and their platform is audited annually by a third-party qualified security assessor.
- No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, they cannot guarantee the absolute security of your personal information.
7. Residents of the European Economic Area (“EEA”)
Shopify works with merchants and users around the world, including in the EEA. If you are located in the EEA, your personal information is processed by Shopify’s Irish affiliate, Shopify International Ltd. As part of their service, they may transfer your personal information to other regions, including to Canada and the United States. In order to ensure that your information is protected when transferred out of the EEA, Shopify relies on the EU-U.S. Privacy Shield (described in more detail below), as well as inter-company agreements between their various affiliates that may process your information on behalf of Shopify International Ltd.
If you are located in the EEA, you have certain rights under European law with respect to your personal data, including the right to request access to, correct, amend, delete, port to another service provider, or object to certain uses of your personal data. If you are a Loupe System customer and wish to exercise these rights, please write to
“privacy @ loupesystem . com”.
Additionally, if you are located in the EEA, Shopify notes that they are generally processing your information in order to fulfill contracts they might have with us (for example if you make an order through our Web Site), or otherwise to pursue their legitimate business interests listed above, unless they are required by law to obtain your consent for a particular processing operation. In particular they process your personal data to pursue the following legitimate interests, either for themselves, Loupe System, their partners, or other third parties (including Loupe System’s customers):
- To provide Loupe System and others with their services and applications;
- To prevent risk and fraud on their platform;
- To provide communications, marketing, and advertising;
- To provide reporting and analytics;
- To help Loupe System find and integrate with apps through their app store;
- To provide troubleshooting, support services, or to answer questions;
- To test out features or additional services; and
- To improve their services, applications, and websites.
When they process personal information to pursue these legitimate interests, they do so where they believe the nature of the processing, the information being processed, and the technical and organisational measures employed to protect that information can help mitigate the risks to the data subject.
8. How do we protect your personal information across borders?
While Shopify Inc. is a Canadian company, they provide services to individuals and their technology processes data from users around the world. Accordingly, Shopify may transmit your personal information outside of the country, state, or province in which you are located.
Shopify (specifically Shopify’s affiliates Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc., and Shopify (USA) Inc.) complies with the EU-U.S. Privacy Shield Framework, regarding the collection, use, and retention of personal information from data subjects in the European Economic Area (“EEA”), and with the Swiss-U.S. Privacy Shield Framework regarding the collection, use and retention of personal information from data subjects in Switzerland. In this regard, they have certified that they adhere to the Privacy Shield Principles of notice, choice, accountability for onward transfers, security, data integrity and purpose limitation, access, recourse, enforcement and liability.
If you are located in the EEA or in Switzerland, and believe that your personal information has been used in a manner that is not consistent with the relevant privacy policies listed above, please contact us at “privacy @ loupesystem . com”. If your complaint or dispute remains unresolved, you may also contact the International Centre for Dispute Resolution®, the international division of the American Arbitration Association® (ICDR/AAA). This organization provides independent dispute resolution services, at no charge to you. ICDR/AAA can be contacted at http://go.adr.org/privacyshield.html.
If, after attempting to resolve a dispute through ICDR/AAA, you feel that your concerns about the use of your personal information have not been resolved, you may seek resolution of the issue through binding arbitration. For more information about the binding arbitration process, please visit http://www.privacyshield.gov.
By participating in the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, Shopify’s participating U.S. entities are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. For more information about the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, please visit https://www.privacyshield.gov. You can view Shopify’s certification statement at https://www.privacyshield.gov/participant?id=a2zt0000000TNSNAA4&status=Active.
9. Control over and access to your personal information
In the course of offering their services, Shopify uses a number of machine learning algorithms and forms of automated decision-making. For example, they use automated decision-making: to prevent risk and fraud by merchants; to help merchants avoid fraudulent transactions from their customers; to personalize merchants’ experience when they use our admin and app store; and to determine eligibility for certain services (like Shopify Capital).
Most of these algorithms (excluding the personalization features and a subset of customer risk/fraud screening, discussed in more detail below) are not fully automated and include some human intervention (for example, customer risk and fraud scores are provided to merchants, who must intentionally decide how to act on them). Their personalization algorithms are fully automated, but only affect display features like how apps in the app store are presented to you. Similarly, they have a small subset of fully automated fraud screening blacklists, which, if they believe a transaction was made using stolen or fraudulent payment information, may stop a customer from completing a transaction--but only for a period of between a few hours and a few days.
10. Control over and access to your personal information
Loupe System and Shopify understand that you have rights over your personal information, and take reasonable steps to allow you to access, correct, amend, delete, port, or limit the use of your personal information. If you are a customer and wish to exercise these rights, please contact us at “privacy @ loupesystem . com”. It’s important to remember that if you delete or limit the use of your personal information, the Services may not function properly.
If you have any questions about your personal information or this policy, or if you would like to make a complaint about how Loupe System or Shopify process your personal data, please contact Loupe System by email at “privacy @ loupesystem . com”.