Privacy Policy
Dear User,
this privacy policy provides you with information on the processing of your personal data carried out through our website not only to comply with the obligations imposed by the Laws on the protection of personal data - Regulation (EU) 2016/679 (hereinafter "GDPR"), D.Lgs 196/2003, as updated by D.Lgs 101/2018 (or "Codice per la protezione dei dati personali") and the relevant measures of the Data Protection Authority - but also because ShippyPro believes that the protection of personal data is a fundamental value of its business and wishes to provide any information that may help you protect your privacy and control the use that is made of personal data when you browse the site shippypro.com (hereinafter the "Site").
The Data Controller is ShippyPro by Italian Valley S.r.l. based in Via Ricasoli n.9, CAP 50122, Firenze (FI) Italy. For questions about this privacy policy, or our use of your personal information, cookies or similar technologies, please contact us by email at [email protected]. Please note that when you contact us to assist you, for your safety and ours we may need to authenticate your identity before fulfilling your request.
The personal data being processed are mainly provided by you, when you browse the Site or use the services made available. This policy analyzes the personal data processed in the various sections of the Site and regulates only the personal data processing activities carried out on the Site and not for other websites to which you may be redirected.
IP addresses, pages visited, cookies related to the Site as per Cookie Policy, browser and operating system versions, log data, data relating to installation and configuration licenses.
To enable you to browse our website and provide any of its features.
In particular:
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
(Article 6 (1)(b) GDPR).
Consenting to the treatment of general navigation data is necessary if
you want to navigate and interact with our website.
The withdrawal
of the consent to the treatment of the data referred to in paragraph
3.1.1.1 would prevent you from browsing this website in all its
parts.
Data relating to recordings carried out, interaction and transaction processes, performance indicators, data relating to browsing flows and page views, usage of features and counts.
To understand feature relevancy and effectively market the Site across platforms.
In particular:
The data subject has given consent to the processing of his or her personal data.
(Article 6(1)(a) GDPR).
Your personal data is necessary and mandatory only for the aforementioned purpose.
The withdrawal of the consent to the treatment of the data would prevent us from effectively marketing the Site and improve its current features.
First name, last name, email, phone, company name, reason for contact, monthly shipment volume and any other information you enter in the request form, in the chat provided or via email.
To provide you with explanations and clarifications requested by you in relation to ShippyPro products.
The data subject has given consent to the processing of his or her personal data.
(Article 6(1)(a) GDPR).
Your personal data is necessary and mandatory only for the aforementioned purpose and only if you’ll use these features. The withdrawal of the consent to the treatment of the data referred to in paragraph 3.2.1 would prevent us from reaching out in response to your contact request.
First name, last name, email, CV and cover letter.
To consider your application.
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
(Article 6 (1)(b) GDPR).
Your personal data is necessary and mandatory only for the aforementioned purpose. Any refusal to provide them would prevent us from considering your application.
First name, last name, email, phone number, company name, company website, type of partner, reason for contact, monthly shipping volume and any other information you enter in the request form.
To consider the viability of a partnership with our Company.
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
(Article 6 (1)(b) GDPR).
Your personal data is necessary and mandatory only for the aforementioned purpose and only if you’ll use these features. The withdrawal of the consent to the treatment of the data referred to in paragraph 3.4.1 would prevent us from considering the viability of a partnership.
Full name, email, phone number, delivery address, shipment content and value, optionally company name.
To allow your partner parcel carriers to deliver shipments to the correct recipient.
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
(Article 6 (1)(b) GDPR).
Your customers personal data is necessary and mandatory only for the aforementioned purpose and only if you’ll use these features. The withdrawal of the consent to the treatment of the data referred to in paragraph 3.5.2.1 would prevent us from providing the requested services part of the Shipping automation features - for instance but not limited to printing shipping labels, booking the pick up of a shipment by the parcel carrier, comparing rates between different carriers, organizing shipment documents, automating logistic flows via ShippyPro Shipping Rules, merge orders that should be delivered to the same customer, and augment the checkout on the configured order sources.
Full name, email, phone number, pick-up address, shipment content and value, company name.
To allow your partner parcel carriers to pick up shipments.
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
(Article 6 (1)(b) GDPR).
Your personal data, or of your employees, is necessary and mandatory only for the aforementioned purpose and only if you’ll use these features. The withdrawal of the consent to the treatment of the data referred to in paragraph 3.5.3.1 would prevent us from providing the requested services part of the Shipment Automation features - for instance but not limited to printing shipping labels, booking the pick up of a shipment by the parcel carrier, comparing rates between different carriers, organizing shipment documents, automating logistic flows via ShippyPro Shipping Rules, merge orders that should be delivered to the same customer, and augment the checkout on the configured order sources.
Full name, email, phone number, delivery address, shipment content and value, optionally company name.
To provide updates on the delivery progress to the shipment recipient.
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
(Article 6 (1)(b) GDPR).
Your customers personal data is necessary and mandatory only for the aforementioned purpose and only if you’ll use these features. The withdrawal of the consent to the treatment of the data referred to in paragraph 3.6.2.1 would prevent us from providing the requested services part of the Delivery experience features - for instance but not limited to sending emails to update the user, sending SMS messages to update the user, sending WhatsApp messages to update the user, including your configured products in tracking email messages, supplying a script through which your customers may find out the status history of their shipment.
Full name, email, phone number, delivery address, shipment content and value, optionally company name.
To easily generate shipping labels and book shipment pick-up appointments through which your customers may return the merchandise they’ve purchased from your company.
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
(Article 6 (1)(b) GDPR).
Your customers personal data is necessary and mandatory only for the aforementioned purpose and only if you’ll use these features. The withdrawal of the consent to the treatment of the data referred to in paragraph 3.7.2.1 would prevent us from providing the requested services part of the Return management features - for instance but not limited to creating shipment return labels, supplying a script through which your customers may issue a request for a return shipment, creating a shipping label to insert in the shipped parcel to potentially request a return shipment at a later time.
Full name, email, phone number, delivery address of any shipment pertaining to the reported issue.
To provide you with a self-service help center, respond to your support requests, and when needed implement any code change to address any technical issue brought to light by your requests.
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
(Article 6 (1)(b) GDPR).
Your customers personal data is necessary and mandatory only for the aforementioned purpose and only if you’ll use these features. The withdrawal of the consent to the treatment of the data referred to in paragraph 3.8.1 would prevent us from providing the requested services part of the Support tools features - for instance but not limited to responding to your support requests, providing the self-service help center, or deploy the relevant code changes to address the issue you could have reported.
Full name, email, phone number, company name and other data relevant to the payment or contract.
To accept your online payments for the services of the Site, to create invoices for the due or fulfilled payments for the services of the Site, to offer you an online signing tool for contracts involving the Site.
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
(Article 6 (1)(b) GDPR).
Your personal data is necessary and mandatory only for the aforementioned purpose and only if you’ll use these features. The withdrawal of the consent to the treatment of the data referred to in paragraph 3.9.1 would prevent us from providing the requested services part of the Invoicing, payments and contract signing features - for instance but not limited to accepting your online payments, generate invoices for the services of the Site, or digitally signing legally binding contracts with the company operating the Site.
You can freely decide whether to accept cookies and other tracking technologies that are not strictly necessary for the functioning of this website. To know how we process your personal data through the use of cookies or other similar technologies, see the Cookie Policy.
We will store your personal data for as long as necessary to fulfill the purposes set out above, except where retention for a longer period is necessary to comply with applicable legislation or requests received from competent authorities. Personal data that we process on the basis of your consent is retained until your consent is revoked.
The data collected by the Site are mainly processed electronically using software and computer procedures suitable to ensure the technical and computer security measures.
In compliance with the Amazon Marketplace Developer Agreement, the Amazon Data Retention and Recovery guidelines (https://developer-docs.amazon.com/sp-api/docs/protecting-amazon-api-applications-data-encryption-and-recovery), and the Amazon Services API Data Protection Policy (https://sellercentral.amazon.com/mws/static/policy?documentType=DPP), PII from Amazon customers will be anonymized 30 solar days after the shipment delivery.
Furthermore, we only use Amazon data pertaining to Shipment and Tax
features, and the latter only to cross-reference order numbers and
generate invoices for the customers explicitly requiring said
service.
Should the company operating the Site undergo any
organizational change or be affected by any event that will necessitate
a change in the need or scope of use of this information we will notify
Amazon within 30 solar days via email at [email protected].
In order to provide you the support you may have required from our staff we may have to impersonate your profile, and access your account data. This chapter aims at clarifying when this may be necessary, what data will be visible to the staff member operating the impersonation, and what measures have been put in place to ensure the accountability of all actions taken during such an impersonation.
Staff members are allowed to impersonate Customers only upon an explicit and contingent request by the Customer: any other impersonation is expressly prohibited from the Terms of Employment.
Impersonation implies that the system presents the same data to the impersonating staff member as it would to the Customer: therefore, all data will be accessible including the following:
Please note that impersonating staff members must not access data that isn’t potentially useful to providing you assistance.
In order to hold every eligible staff member accountable for the actions they take when impersonating a Customer, all actions undertaken are logged and retained in a pseudonymized form for 19 months.
Should you feel any issue has arisen as a consequence of an action performed by a ShippyPro staff member during their impersonation of your profile, feel free to contact us at [email protected].
The personal processed data may also be transferred to third countries or sites outside the European Economic Area (EEA). In these cases, if it become necessary to transfer data to a third country located outside the EEA, ShippyPro guarantees that such transfer will take place only in the presence of an adequacy decision by the European Commission or other appropriate guarantees provided for by the Laws on the protection of personal data (such as, for example, the stipulation of standard contractual clauses with the subject who will receive the data and who must in any case guarantee that the user's personal data is subject to the same level of protection guaranteed by ShippyPro).
The data can be accessed exclusively under Article. 29 GDPR by authorized individuals duly trained (e.g. staff and employees are responsible for providing feedback to requests for contact made by users).
We will never sell your personal data, or the personal data for your customers.
The data may be accessed also, as independent data controllers or managers under Art. 28 GDPR, by professionals and consultants appointed by the Data Controller. To obtain an up-to-date list of the subjects who may become aware of your personal data, please contact us by e-mail at [email protected], taking care to specify the reason for the request.
You can request access to your personal information or correct or update out-of-date or inaccurate personal information we hold about you. You may also request that we delete personal information that we hold about you.
You can object to processing of your personal information, ask us to restrict the processing of your personal information or request portability of your personal information; if we have collected and processed your personal information with your consent, then you can withdraw your consent at any time; withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
You also have the right to lodge a complaint with a Data Protection Authority about our collection and use of your personal information, in particular in the Member State in which you habitually live or work or in the place where the alleged violation took place.
If you wish to exercise any of these rights, you can write an e-mail to [email protected].
This policy may be subject to modification also as a consequence of any regulatory changes. We kindly invite you to periodically review this Privacy Policy for the latest information on our privacy practices.
The most updated full sub-processors list, that is the list of all data sub-processors regardless of which feature they pertain to, may be found at https://www.shippypro.com/en/legal/privacy/sub-processors/. Within that list, for each sub-processor you may find a summary description of the data treatment purpose they fulfill, and the country they operate from (represented with the matching ISO-3166-2 code).
This does not mean that each of those companies gets all of your data, quite the opposite - most of them will never receive any PII pertaining to you or your customers from us. Taking “17TRACK DEMON NETWORK TECH CO., LIMITED“ as an example, they will receive your PII and/or that of your customers if and only if you make use of the shipment tracking features after dispatching a shipment with the carrier SFExpress, and they will receive only the data pertaining to that shipment.
This policy is an intellectual property of the company operating the Site, Italian Valley S.r.l., with registered number 06587610483, hereafter the “Company”, and is distributed with the sole purpose of informing on the privacy practices of the Company.
This policy should be considered an integral part of the Software as defined in the Terms & Conditions, and as such any reproduction, in whole or otherwise, is against the Terms & Conditions of the Site and is explicitly forbidden.