Privacy Notice




Effective as of August 12, 2021
Definitions

Website :("https://shopiro.ca/")

Shopiro Ltd :also referred to as "Shopiro", "we", "us" or "our")

Preface and updates to this privacy notice

For all purposes, the English language version of this notice will be the original and governing instrument. In the event of a conflict between the English version of this notice and any subsequent translation to another language, the English version shall prevail and control.

We will send you an e-mail to advise you of changes done to the english version. These changes take effect immediately.


We must inform you at the beginning of your visit to our website about the type, scope and purposes of the collection and use of personal data in a precise, transparent, comprehensible and easily accessible form in clear and simple language.


We are therefore obliged to inform you which personal data is collected or used. Personal data is any information relating to an identified or identifiable natural person.


We attach great importance to the security of your data and compliance with data protection regulations. The collection, processing and use of personal data is subject to the provisions of the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and the European General Data Protection Regulation 2016/679 (GDPR).


With the following privacy policy, we would like to show you how we handle your personal data and how you can contact us:


Shopiro Ltd.

https://shopiro.ca/

Québec, Canada

help@shopiro.ca

+1-800-123-4567


General Information

For the purpose of clarity, we do not differentiate between the genders in our privacy policy. In the interest of equal treatment, corresponding terms apply to all genders.


The personal data of users processed within the scope of this website includes inventory data (e.g. name and addresses of customers), contract data (e.g. services used, payment information), usage data (e.g. websites visited our website, interest in the products) and content data (e.g. entries in a order form, product advertisements).


"Users" here includes all categories of persons affected by the data processing. This includes, for example, our business partners, customers, interested parties and other visitors to our website.


Specific Information

We guarantee that we will only collect, process, store and use your data in connection with the processing of your queries and for internal purposes as well as in order to provide the services you have requested or to make content available.


Principles of data processing

We process users' personal data only in compliance with the relevant data protection regulations. The data of the users are only processed if the following legal permissions exist:


  • in order to provide our contractual services (e.g. processing of orders) and online services
  • processing is required by law
  • with your consent
  • on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation and security of our website in particular in the case of advertising and marketing purposes as well as collection of access data and use of third-party services).

Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, A consent serves as the legal basis for the processing of personal data.


When processing personal data that is necessary for the performance of a contract to which the data subject is a party, the performance of a contract serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, a legal obligation serves as the legal basis. If processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, legitimate interest serves as the legal basis for the processing.


Data transfer to third parties

Data is only passed on to third parties within the framework of legal requirements. We only pass on users' data to third parties if this is necessary, for example, for contractual purposes or on the basis of legitimate interests in the economic and effective operation of our business.


If we use subcontractors to provide our services, we take appropriate legal precautions as well as corresponding technical and organisational measures to ensure the protection of personal data in accordance with the relevant legal regulations.


Data transfer to a third country or an international organisation

Third countries are countries in which the PIPEDA is not directly applicable law. This basically includes all countries outside Canada. This takes into account that appropriate/adequate safeguards are in place and that enforceable rights and effective remedies are available to you. Such transfer takes place exclusively on the basis of your consent. You give your consent by selecting the appropriate option in the consent management tool, which is displayed when you access our site. You can view and adjust your data protection settings using the consent management tool at any time.


Storage period of your personal data

We adhere to the principles of data minimisation and data economy. This means that we only store the data you provide to us for as long as is necessary to fulfil the aforementioned purposes or as specified by the various storage periods provided for by law. If the respective purpose ceases to apply or after the relevant periods have expired, your data will be routinely blocked or deleted in accordance with the statutory provisions.


Contact

If you contact us by e-mail, you agree to electronic communication. Personal data is collected when you contact us. Your data will be transmitted SSL-encrypted. The information you provide will be stored exclusively for the purpose of processing the query and for possible follow-up questions. We would like to point out that e-mails can be read or changed unauthorised and unnoticed during transmission. Furthermore, we would like to point out that we use software to filter unwanted e-mails (spam filter). The spam filter can reject e-mails if they have been falsely identified as spam by certain characteristics.


Data processing in the context of simply visiting the Shopiro website

For the simple use of our online platform Shopiro, only the processing of your IP address is absolutely necessary . Without internet protocol addresses, or "IP addresses" for short, the internet would not function - to put it very simply. In computer networks, an IP address is an address that can be used to address and reach web servers and/or individual end devices. Without an IP address, the web server and the end devices cannot communicate - and thus cannot display anything. The web server on which Shopiro is hosted is therefore pinged with a data request from you, because you want to use Shopiro. In order to provide you with the data, the web server needs to know your IP address. Consequently, the web server must save your IP address at this moment of the data request. For this purpose, the web server receives information about which website or file was accessed, which browser and which operating system was used. The whole process is called a log file. We store the IP addresses and the log files for 60 days in order to quickly detect brutforce attacks and other manipulations and to be able to take countermeasures.



Further storage for purposes of technical support of our IT security is based on legitimate interest, as we have a legitimate interest in protecting our services from attacks and manipulation. A predominantly legitimate interest of the data subject is not recognisable, as only the IP address is stored, which we as the responsible party cannot de-pseudonymise; i.e. we cannot establish a personal reference by means of the IP address.


Data processing in the context of using the Shopiro website as a customer

If you would like to use our website as a customer in order to purchase goods and services via it, then we naturally require more personal data from you. In this case we will need the following data from you in order to process the transaction:


  • Full name;
  • e-mail address;
  • telephone number;
  • complete address.

If you make the purchase, we will of course also process:


  • All contractual data between the provider and the customer (offer, acceptance, non-binding reservation of goods);
  • data from the supplier's invoice to the customer

Data processing when creating a customer account

To create a customer account we require some basic information from you, i.e.


  • Full name;
  • e-mail address.

This data processing is also carried out on the basis of the performance of the contract. The performance of the contract includes the offer of tracking, i.e. for the purpose of sending a tracking link or tracking ID.


Data processing within the framework of payment processing

Of course, you must provide payment data such as your bank, credit card for a purchase. However, this data is not processed by us, but exclusively at and by the payment service providers, which are embedded on our site (but technically separate from us). We only process a so-called authenticity token, which acts as a payment reference for us. Via this token under the respective reference, the respective payment service informs us whether a payment was successful or failed. We have no insight into or access to your payment data! If you have any questions about data protection with the payment providers, please contact them directly.


Data processing in the context of using the Shopiro website as a seller

If you would like to use our platform as a seller in order to offer goods and services via it, then we naturally require more personal data from you.

We require the following data from you in order to process the transaction:


  • Name of the business;
  • full name of the authorised representative and the contact person displayed in the public profile;
  • if applicable, commercial registration number;
  • complete address of the local shop;
  • complete billing address incl. tax number;
  • e-mail address.

In the course of the cooperation we also process the following data:

  • Phone number, if applicable;
  • billing and invoice data between Shopiro and the seller;
  • commercial and business letters in connection with the provision of services (this also includes e-mail correspondence).

On your behalf, we process the following data for you as a seller

  • Content data in connection with the provision of services:
  • Personal data uploaded to and/or published on the platform in connection with the business presentation.
  • In the case of the purchase of a good and service until the assignment of the claim;
  • Customer data of the providers;
  • full name of the authorised representative and the contact person displayed in the public profile;
  • e-mail address;
  • telephone number;
  • complete address;
  • all contract data between seller and customer;

Newsletter

When you subscribe to our e-mail newsletter, personal data is collected. This data will be used by us for our own advertising purposes in the form of your e-mail newsletter, provided you have expressly consented to it.

You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list and included in a blocking file to ensure revocation.


Newsletter tracking:If you have expressly consented to the newsletter, newsletter tracking (also known as web beacons) is used. When delivering the newsletter, the external server can then record certain data of the recipient, e.g. the time of the retrieval, the IP address or details of the e-mail programme used (client). The name of the image file is individualised for each mail recipient by appending a unique ID. The mail sender notes which ID belongs to which email address and can thus determine which newsletter recipient has just opened the email when the image is retrieved.


In newsletter tracking, user behaviour is recorded pseudonymously. This involves the following pseudonymised data:Recipients, Recipients minus bounces, Recipients in queue, Recipients skipped, Unique unsubscribe rate, Unique unsubscribes, Bounce rate, Bounces (of which hard and soft bounces), Unique open rate, Unique opens, Open rate, Opens, Unique click rate, Unique clicks, Click rate, Clicks, Effective unique click rate, Clicks for segmenting target groups.


Prevention and detection of fraud and abuse

In order to protect our website from fraud and abuse, we have implemented security measures which check whether there are indications of abuse of our website or of an attempted fraud. These measures also serve to protect you. The data processed within the framework of the security measures may include all security risk-relevant user information that accrues within the framework of the use of our website. For example, but not exhaustively, this includes inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), usage data (e.g. websites visited, access times), meta/communication data (e.g. device information, IP addresses), contract data (e.g. subject matter of contract, term), content data (e.g. advertisements and chat content:text entries and images), payment data (e.g. bank details, invoices).


Advertising

This website may use user data to communicate advertising in the form of banners and other marketing methods - possibly based on the user's interests. This does not mean that all personal data will be used for this purpose.

Some of the services listed below may use cookies to identify users or use so-called behavioural retargeting. This method can also be used to identify the interests and surfing behaviour of users who do not take place via this website, in order to specifically tailor advertisements to them. For more information, please refer to the privacy policies of the respective services. In addition to any exclusion (or opt-out) option offered by the services listed below, the user may opt-out of the use of cookies by third party services by visiting the Network Advertising Initiative opt-out page.


SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or queries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.


Your Rights

You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them.


Right to information:You can request information from us as to whether and to what extent we process your data.


Right to rectification:If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.


Right to erasure:You may request that we erase your data if we are processing it unlawfully or if the processing disproportionately interferes with your legitimate interests in protection. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of legally regulated retention obligations. Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no legal or statutory obligation to retain data in this respect.


Right to restriction of processing:You may request us to restrict the processing of your data if you dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data, the processing of the data is unlawful, but you object to erasure and request restriction of data use instead, we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or

you have objected to the processing of the data.


Right to data portability:You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transfer this data to another controller without hindrance from us, provided that we process this data on the basis of a revocable consent given by you or for the performance of a contract between us, and this processing is carried out with the aid of automated procedures. If technically feasible, you may request us to transfer your data directly to another controller.


Right to object:If we process your data for legitimate interest, you may object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the assertion, exercise or defence of legal claims. You may object to the processing of your data for the purpose of direct marketing at any time without giving reasons.


Right of complaint:If you are of the opinion that we violate data protection law when processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision. If you wish to assert any of the aforementioned rights against us, please contact us. In case of doubt, we may request additional information to confirm your identity.


Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time.


The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.


We encourage you to get in touch if you have any concerns with how we collect or use your personal information.


Automated decision-making and profiling

We use the information that you have provided to us for automated decision making and profiling. Automated decision making is making a decision solely by automated means without any human involvement.

The logic that we use to make automated decisions is as follows:

Based on provided information site content may be altered to provide a more relevant user experience and to highlight specific areas of interest. Profiling is the automated processing of personal data to evaluate certain things about an individual. The logic that we use to profile is as follows:The logic of our automated profiling examines the services you have requested information on, items you have viewed and/or commented on (within our site) to determine information to provide that is most relevant to your experience.


Do Not Track

Do Not Track is a privacy preference you can set in most browsers. We support Do Not Track because we believe that you should have genuine control over how your info gets used and our site responds to Do Not Track requests.


Do Not Sell My Personal Information

We do not sell any information that can directly identifies you, like your name, address or phone records.


Accuracy

It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.


Children Data

Our website is not intended for children and we do not knowingly collect data relating to children. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us and we will take the necessary steps to remove that information from our server.


Online presences in social media

We maintain online presences in social networks and platforms on the basis of our legitimate interests and in order to communicate with customers, interested parties, members and users who are active there. Unless otherwise stated in this policy, we process the data of users if they communicate with us within the social networks and platforms, e.g. write articles on our online presences or send us messages.


Integration Of Services And Contents Of Third Parties

We use within our website on the basis of our legitimate interests, content or services offered by third-party providers in order to integrate their content and services.


This always requires that the third-party providers of this content are aware of your IP address, since the content or service could not send to your browser without the IP address. The IP address is thus required for the display of this content and we endeavor to use providers that only use your IP address for the delivery of the content or services. However, Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our website, as well as be linked to such information from other sources.


Changes

This policy and our commitment to protecting the privacy of your personal data can result in changes to this policy. Please regularly review this policy to keep up to date with any changes.


Queries and Complaints

Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.