ShippyPro Privacy Notice
GDPR Updated: May 24th 2018
Summary
Keeping your Personal Data 100% secure and giving you full control over it is one of our main priorities at ShippyPro. Below is a summary of key points from our Privacy Policy, but we highly suggest you read the document in full.
If you’d like to access, amend or delete any information please contact [email protected].
If at any time you are concerned or have questions about how we handle your and/or your Users’ Personal Data, please reach out at [email protected].
IF YOU DO NOT ACCEPT AND AGREE TO OUR PRIVACY POLICY THEN YOU MUST NOT ACCESS OR USE SHIPPYPRO OR THE SERVICE.
Who we are:
ShippyPro by
Italian Valley Srls
Registered office address:
Via Ricasoli 9 Firenze (Italy)
Regional Data Protection Regulator is:
Italian Privacy Authority
Privacy Notice
ShippyPro (“ShippyPro”, “Service”, "We", “Us” and “Our”) remains fully committed to the protection of your and your Users’ privacy at all times. The information contained in this privacy policy has been published to inform you of the way in which any Personal Data (as defined below) you provide us with or we collect from you will be used. Please read this information carefully in order to fully understand how we treat such Personal Data.
When you access or use ShippyPro, and when you enter your data on forms on ShippyPro website (shippypro.com) or blog (blog.shippypro.com), you agree to our privacy policy and you consent to our collection, storage, use and disclosure of your and your Users’ Personal Data for the purpose of making ShippyPro and/or the Service available to you, in accordance with this policy, and for commercial and marketing purposes.
We will collect, store, use and disclose Personal Data in accordance with all applicable laws relating to the protection of Personal Data, including the EU Data Protection Directive 95/46/EC, the EU General Data Protection Regulation 2016/679, the EU ePrivacy Directive 2002/58/EC as amended by Directive 2009/136/EC, as amended or superseded from time to time, and any national implementing legislation (“Data Protection Laws”).
For the purpose of Data Protection Laws, in relation to any Personal Data you or any Users submit to our service, you will be the “Data Controller” and we will be a “Data processor” of such Personal Data, as defined by the GDPR.
Personal Data We May Obtain From You
We may obtain and use the following Personal Data about you and anyone you chose to add to our service:
Any correspondence we have with you and your Users should you or your Users contact us. Data you or your Users provide when you fill out forms on our Website, including but not limited to data you provide when you register to become a user of the Service.
Data and information you or your Users submit or upload to ShippyPro or the Service, including employee data (which may include, among other things, names, addresses, email addresses, telephone numbers, information about your shipping performances and card details)
Data and information you or your Users submit or upload to ShippyPro or the Service, or data we collect from your systems or third party services, including your customer data: (which may include among other things, names, email addresses, shipping/billing addresses, phone numbers, contact details); Sales data: (such as, details of the transactions undertaken through the Services, products/services purchased, date/time, payment amount/method, cancellations, returns, exchanges, communications with controller), Financial or payment information, Marketing preferences and communications.
Any other data that consumers/end users have provided to the Customer which are processed through the Services, the extent of which is determined and controlled by the Customer or consumer/end-user in their sole discretion.
Details of transactions made by you through the Website and through the selling platforms you have connected to your ShippyPro account (Marketplaces, CMS, API or Excel data injection on our systems).
Details of your or your Users’ visits to our Website, which includes without limitation location and traffic data, weblogs, resources you access and other communication data.
We ask that you not send or disclose to us any sensitive personal information
You will be submitting and providing Client Data which may contain Personal Data
You represent and warrant that you i) have the right to transfer such Personal Data (including Sensitive Personal Data, if applicable) to us for the purpose of receiving the Service; and ii) are solely responsible for obtaining all required consents, authorisations and permissions from such Users and third parties and providing all required notifications to such Users and third parties (where applicable) to enable you to provide such information to us and to grant to us the rights set forth in this privacy policy. It is your responsibility to ensure that all such Users and third parties are aware of and accept the terms of this policy and that you have obtained explicit and informed consent of Users to our processing any of their Sensitive Personal Data in accordance with this policy. You may not provide us with any Client Data or other information containing Personal Data of Users or third parties unless and until you have obtained all necessary consents, authorisations and permissions to do so.
Cookies and IP Addresses
“Cookies” are small data files that may be placed on the hard drive of your computer when you visit the ShippyPro site or a ShippyPro service. Cookies permit the ShippyPro to identify your browser whenever you interact with the ShippyPro site or a ShippyPro service.
ShippyPro may obtain information about your and your Users’ computer, which includes your and your Users’ IP address, browser type and operating system where available. This accumulation of data is used to assist system administration.
We may also collect information regarding your or your Users’ browsing activity and interests through use of a cookie file. We use this data to help us improve the experience of users on our Website and Service, and to deliver a more personalised service with more relevant content. The collection of this data allows us to:
Store data indicative of your or your Users’ preferences, allowing us to adjust our Website and service to appeal to your individual interests; estimate the size and usage patterns of our audience;
Record the details of any transactions carried out by you through our Website and service;
Identify you or your Users upon your/their return to our Website and service; and/or
Increase the speed of your or your Users’ service.
In all cases you can opt out of Advertising cookies via our cookie popup form. If you don’t opt out and keep on visiting, we will consider it as an implicit opt-in.
You can find more information about some of the individual cookies we use and the purposes for which we use them below. Example of cookies used by the Service:
Tool | Cookie Purposes |
Google Analytics | We use Google Analytics to collect information about how visitors use the Site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. For more information about Google’s privacy policy, please visit GA website. |
We use Facebook cookies to understand the effectiveness of our Facebook advertising campaigns and to compare the performance of those campaigns to ads displayed on other websites and apps. For more information about Facebook’s privacy policy, please visit the relevant section on Facebook website. | |
Hubspot | We use Hubspot cookies to personalise the users experience on our company website. This could be by way of smart CTAs based on the history of user interactions, or by automatically fully or partially completing forms using progressive profiling, to keep forms served to the user short and easy to complete. This affords users quick and easy access to our content. For more information about Hubspot’s privacy policy, please visit the relevant section on Hubspot website |
Onesignal | We use Onesignal as a push notification service. Onesignal has a built-in opt-in form, so users will receive push notifications from Onesignal only if they opt-in on our site. |
Google Tag Manager | We use Google Tag Manager to put the other cookies listed in this table into our website and services. |
Double Click & Google Adwords | We use Adwords cookies to understand the effectiveness of our Adwords advertising campaigns and to compare the performance of those campaigns to ads displayed on other websites and apps. |
Hotjar | We use Hotjar to collect information about how visitors use our website and service. We use the information to compile reports and to help us improve our website and service. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. For more information about Hotjar’s privacy policy, please visit the relevant section on Hotjar website. |
Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies. You and your Users remain entitled to refuse cookies by adjusting your browser settings accordingly. Doing so however may restrict your and your Users’ access to certain areas within our Website or Service. Unless you or your Users adjust your/their browser settings to refuse cookies, or opt-out from our popup cookie form, our system will issue cookies when you/they log on to our Website.
Where We Store Personal Data
The Personal Data we obtain from you, your Users and your systems (including, without limitation, Client Data) may be moved to and stored at a destination within the European Economic Area ("EEA"). Staff members operating within the EEA who work for or on behalf of us may process this information. Such staff members may, among other things, be involved in the provision of support services and the delivery of your and your Users’ request(s) for us to provide the Service.
Without limiting the foregoing, you agree that Personal Data we obtain from you, your Users and your systems (including, without limitation, Client Data) may be processed by our service providers based in, countries outside of the EEA for the purposes of providing you with the Service. Such countries may not have laws offering the same level of protection for Personal Data as those inside the EEA; however where such transfers of data occur, we will take steps to prevent the transfer of Personal Data without adequate safeguards being put in place and will ensure that your and your Users’ Personal Data collected in the EEA and transferred internationally is afforded the same level of protection as it would be inside the EEA.
We store the Personal Data you, your Users and your systems provide us with on our secure servers. In the event of us giving you or your Users (or you/they choosing) a password which grants you/them access to specific areas within our Website or Service, it remains your/their responsibility to maintain the confidentiality of this password. This includes the responsibility to refrain from sharing your/their password with other parties.
As the transmission of data via the Internet cannot be assumed completely secure, we cannot guarantee the security of any of your or your Users’ data transmitted to our Website or Service; you are therefore responsible for any risk associated with such transmission. We will however at all times take all reasonable steps to ensure the transmission of your and your Users’ data is executed as securely as possible, and upon receipt of your/their data we will continue at all times to enforce strict security procedures and features in an attempt to prevent any unauthorised access.
In case of security breach, we will notify all interested users within 72 hours.
The security of your personal information is important to us. We take a number of organisational, technical and physical measures designed to protect the personal information we collect, both during transmission and once we receive it. However, no security safeguards are 100% secure and we cannot guarantee the security of your information.
From our side, we ensure secure HTTPS connection on all our website. We use secure SSL connections whenever confidential information is collected.
You can find more information about some of the individual 3rd party sub processors we use and the purposes for which we use them below. Example of 3rd party used by the Service:
Sub-processors | Purposes |
Serverplan | We use Serverplan to process and store the Personal Data we obtain from you, your Users and your systems (including, without limitation, Client Data). |
Cloudflare | We use Cloudflare for DDos protection |
Hubspot | We use a number of systems to manage our interactions and support with customers and prospective customers. These systems use some Personal Data we obtain from you and your Users. For more information about the privacy policy of these systems, please visit the relevant privacy website. |
Paypal | We use a number of systems to manage our payment methods. These systems use some Personal Data we obtain from you and your Users. For more information about the privacy policy of these systems, please visit the relevant privacy website. |
How We Protect Your Personal Data
We take reasonable steps to maintain appropriate technical and organisational measures to protect the Personal Data you provide to us against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to your Personal Data.
How We Use Your Personal Data
The Personal Data we hold about you and your Users may be used in any of the following ways:
To provide you and your Users with the Service, including administration and management of your account.
To allow you to upload, store and access Client Data.
To enable Users to access certain aspects of ShippyPro.
To provide you and Users with user support.
To moderate your account.
For research and analytics purposes (for example, to improve the quality of the Service).
To ensure security for you, the Users, our staff and other users of the Service.
To send you further information about our services for which we think you may have an interest.
To send you further information about our services based on a request we have received from you.
To fulfil the obligations we have in relation to any contracts we have in place with you
To provide you with notification about any changes to the Service.
Third Party Integration Partners
We will never supply your, your Users’ or your systems (including, without limitation, Client Data) Personal Data to third parties unless under the conditions stated beneath this section of our privacy policy. Notwithstanding the foregoing, you acknowledge and agree that we may process, aggregate and anonymise your, and your Users, Personal Data (excluding, for the avoidance of doubt, Sensitive Personal Data) and use and share such aggregated and anonymised Personal Data with third parties for statistical purposes and for the purpose of data analytics, product development, Service improvement, providing the service, and/or in order to fulfil the obligations we have in relation to any contracts we have in place with you. Such services are optional and by using the services you agree to these terms.
You can find more information about some of the individual 3rd party sub processors we use for services and the purposes for which we use them below. Example of 3rd party used by the Service:
Sub-processors | Purposes |
Shipping: | We integrate with partners to offer you solutions to support your business challenges. These services are optional and use some Personal Data we obtain from you, your Users and your systems (including, without limitation, Client Data). For more information about the privacy policy of these services, please visit the relevant page on each service website. |
Selling: | We integrate with partners to offer you solutions to support your business challenges. These services are optional and use some Personal Data we obtain from you, your Users and your systems (including, without limitation, Client Data). For more information about the privacy policy of these services, please visit the relevant page on each service website. |
Disclosure Of Your Information
Disclosure of your and your Users’ Personal Data (including, without limitation, Client Data) to third parties will only occur in any of the following events:
We sell or purchase any business or assets. In such case, we may authorise the disclosure of your personal data to prospective sellers or buyers of such business or assets.
All or the substantial majority of our assets are sold to a third party. In such case, your personal data may be one of the transferred assets.
We are required to disclose your or your Users’ personal data in order to fulfil any legal obligation to protect the property, rights or safety of ShippyPro, users of our services or others. In such case, information may be exchanged with third party companies or organisations in order to prevent fraud.
You acknowledge and agree that we may also disclose Personal Data (including, without limitation, Client Data) with: (i) our service providers involved in the provision, distribution, delivery and support of the Service, including the storage of any Client Data; (ii) fraud prevention agencies; (iii) law enforcement agencies, regulators, courts and public authorities; and (iv) emergency services.
Our service providers have to follow our Privacy Policy when processing the Personal Data you or your Users provide and must have in place appropriate technical and organisational security measures to safeguard such Personal Data, and we do not allow them to use this information for their own commercial purposes.
Your Rights
You retain the right to request us to refrain from processing your data for the purposes of marketing. To exercise such right, you may reply to any information we send you, detailing your request that we refrain from sending any marketing correspondence, or you can exercise this same right by contacting us electronically via email at [email protected]. If at any time we intend to use your data for such marketing purposes however, it is standard practice for us to make you aware in advance of collecting such data.
We may at times provide links on our Website to third party websites, including without limitation those owned or managed by our partner networks, affiliates or advertisers. These websites have separate privacy policies, and we therefore cannot accept any responsibility for the content. As such, choosing to follow these links is a choice you make at your own risk, and we advise that you check these websites' individual privacy policies before submitting any personal data.
You retain at all times the right to access / amend / delete any Personal Data we hold about you or to exercise your right of data portability or to object to, or restrict, the purposes for which your Personal Data is processed on certain grounds. You may exercise this right by making a request in accordance with Data Protection Laws, by emailing [email protected].
You undertake to notify your Users of this privacy policy and of their rights under the Data Protection Law. We will provide you with reasonable assistance to enable you to comply and respond to a request, query or complaint from a User in relation to their Personal Data.
European data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:
Opt-out: Stop sending you direct marketing communications. You may continue to receive Service-related and other non-marketing emails.
Access: Provide you with information about our processing of your personal information and give you access to your personal information.
Correct: Update or correct inaccuracies in your personal information.
Delete: Delete your personal information.
Transfer: Transfer a machine-readable copy of your personal information to you or a third party of your choice.
Restrict: Restrict the processing of your personal information.
Children Privacy
We do not knowingly collect or solicit personal information from anyone under the age of 18. If you are under 18, please do not attempt to register for the Services or send any personal information about yourself to us. If we learn that we have collected personal information from a child under age 18, we will delete that information as quickly as possible. If you believe that a child under 18 may have provided us personal information, please contact us at [email protected]
How Long We Keep Your Personal Data
We will keep your and your Users’ Personal Data for the duration of the Service, we may keep your and your Users’ Personal Data for a further 18 months past the end of the service to ensure a seamless return if you should decide to restart the service, in accordance with your instructions or for such periods as may be required by law.
Personal data acquired with consent for marketing purposes will be kept for a maximum period of two years after a final interaction, unless consent is rescinded or we have been instructed to delete the personal data by the natural persons.
Changes to Our Privacy Policy
If at any time we make a change to this policy, we will update this page to reflect such change. Where we feel it appropriate, we will notify you by email, however we recommend you review this page periodically to ensure you remain happy with the latest version.
Questions, Comments and Getting in Touch
We welcome any questions or comments in relation to this privacy policy, and advise you to send any such communication to [email protected].