Data Policy for Formful Shopify App

1. Introduction

Formful is committed to protecting and respecting your privacy. This data policy outlines how we collect, use, and safeguard personal data in line with the General Data Protection Regulation (GDPR).

2. Data Collection

We collect two primary types of data:

  1. Merchant Data: Pertains to the Shopify store owner or operator.
  2. Customer Data: Information provided by customers interacting with or submitting the form created using Formful.

3. Legal Basis for Processing

Data is processed based on:

  1. Consent: Where users have given explicit permission.
  2. Contractual Obligations: Necessary for the performance of a contract.
  3. Legitimate Interests: Where processing is in our legitimate interests and not overridden by data protection interests or fundamental rights and freedoms.

4. How We Use Data

  1. Merchant Data: For account creation, authentication, support, and related communication.
  2. Customer Data: Used for its intended purpose like fulfilling a request. We don't use this for promotions or sell to third parties.

5. Data Storage, Security, and Transfers

Data is stored on secure servers hosted by DigitalOcean:

101 6th Ave,
New York, NY 10013,
United States

We employ robust encryption and security measures. Transfers outside the European Economic Area (EEA) are protected by appropriate safeguards.

6. Data Sharing and Third Parties

We don't sell or lease data to third parties without explicit consent or unless legally required. Partners, like DigitalOcean, adhere to GDPR standards.

7. Data Retention

Data is retained as necessary for its intended purpose, legal or regulatory reasons. We periodically review stored data and remove unnecessary information.

8. Rights of Data Subjects

Under GDPR, individuals have:

  • Right of Access: To obtain a copy of their data.
  • Right to Rectification: Correcting inaccurate data.
  • Right to Erasure: Deletion of data ("right to be forgotten").
  • Right to Restrict Processing: Limiting how data is used.
  • Right to Data Portability: Obtain and reuse data.
  • Right to Object: Objecting to data use, including for direct marketing.
  • Rights related to Automated Decision Making and Profiling: Decisions made without human involvement.

9. Changes to this Policy

We may update this policy for operational, legal, or regulatory reasons. Users are encouraged to review periodically.

10. Contact and Complaints

For questions, to exercise your rights, or to complain, contact:

Stefano Di Legami
Eduard-Heis-Str. 3
51061 Köln

Phone: +491794300756

Data subjects also have the right to lodge a complaint with a supervisory authority.