Last updated: 29 August 2020
This Privacy Policy forms part of the Terms of Service. AskBeat Customer Feedback acknowledges your right to confidentiality and is committed to protecting your privacy. This Privacy Policy describes how personal information is collected, used and shared when you install or use the App in connection with your Shopify-supported store.
AskBeat Customer Feedback acts both as a data controller and data processor for different categories of personal data. More specifically:
A session cookie will be stored on your browser when you log in to our App. Insofar as this cookie is strictly necessary for the operation of the App, consent is not required.
In this Section the following are set out: specific categories of personal data that we obtain through Shopify API; personal data that we obtain directly from you; data collected on your behalf; and the purposes for which we may process personal data.
Our App cannot provide the Services to your store, unless you grant us permission to access and process specific personal data, relating to your store and store customers. You still own and control all these data; we process it to provide you with our App and Services. Under Data Protection laws, we are the data processor and you are the data controller of the personal data that we obtain.
When you install the App, you will be asked to give us permission to access certain types of information from your Shopify account through Shopify API. If you approve these permissions and install the AskBeat Customer Feedback App, we will be granted access to the following information:
More specifically we access your:
We process this personal data for the purposes of operating our App, providing the Services, maintaining back-ups, communicating with you and complying with applicable anti-spam and privacy laws requirements. We may also process some of the data in case we receive a GDPR request from Shopify. For more information about the data processed for responding to Shopify GDPR requests, visit the Shopify GDPR requirements page.
When using our App, you may edit some of the personal information that was initially obtained through Shopify API. More specifically, you may edit your store name & store customer / reply-to email. This updated data will be processed solely for the provision of the Services and maintaining back-ups.
Also, when using our App, you have the option to enter or upload a customer email list. We process this information for the purposes of providing the Services to you and linking received NPS® surveys responses to your originating customer. We may also process this data in case we receive a GDPR request from Shopify.
By using our App and the provided Services, responses will be collected from your store customers for the NPS® surveys sent on your behalf. We process this information to present you with the results of your survey and maintaining back-ups. We may also process this data in case we receive a GDPR request from Shopify.
In this Section the following are set out: the general categories of personal data that we may process; the source of that data; the purposes for which we may process personal data; and the legal bases of the processing.
Overall, all above-mentioned data are and will solely processed for the purposes of operating our App, providing the Services, maintaining back-ups of our databases and communicating with you.
In addition, we may process any of your personal data identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
We may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect ours or your vital interests or the vital interests of another natural person.
We do not sell your personal data. We may share and disclose your personal information to third parties in the following circumstances:
In this Section, we provide information about the circumstances in which your personal data may be transferred to countries outside the EEA.
Some of our sub-processors are situated in countries outside the EEA, including the United States of America. The European Commission has made an "adequacy decision" with respect to the data protection laws of the USA. Transfers to the United States of America will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission, a copy of which you can obtain from: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en
Our sub-processors, that are located in the United States of America, provide Standard Contractual Clauses (SCCs), as a transfer mechanism for personal data being transferred out of the EEA. For more information on their SCCs, please visit their Privacy Policies, as outlined in Section 5 of this Privacy Policy.
Also, our sub-processors, that are located in the United States of America, participate, comply and are certified to the EU-US and Swiss-US Privacy Shield Frameworks:
This Section sets out our data retention policies and procedures, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
We will retain the personal data as follows:
Notwithstanding the other provisions of this Section, we may retain your personal data, where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect ours or your vital interests or the vital interests of another natural person.
We will retain the personal data as follows:
Notwithstanding the other provisions of this Section, we may retain your personal data, where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect ours or your vital interests or the vital interests of another natural person.
We use a variety of technologies (such as data transmission through SSL, data encryption and anonymization and 24/7 monitoring of our App and Services) to ensure an appropriate level of security for protecting personal data from unauthorized access, use or disclosure. However, please keep in mind that the Internet cannot be guaranteed to be 100% secure.
In the case of a personal data breach:
In this Section, we have listed the rights that you have under data protection law. Your principal rights under the data protection law are:
EU individuals also have the right to complain to a supervisory authority.
These rights are subject to certain limitations and exceptions. You can learn more by clicking here.
If you wish to exercise any of your rights in relation to your personal data, please refer / login to the App through your Shopify dashboard (e.g. if you uninstall our App, you withdraw your consent, you restrict processing and your data will be deleted within 30 days) or contact us.
For NPS® survey respondents who wish to opt out from receiving survey email communications from a store, there is an unsubscribe link at the end of each communication. For NPS® survey respondents who wish to exercise other data-related rights, please contact the store directly, who is the data controller of your data or ask us to notify the store about your request. As data processor of respondents’ personal data, we opt to not process data without getting instructed from the data controller first. We will process respondents personal data if we receive a GDPR request from Shopify or we are asked by the data controller to do so (GDPR Article 29: The processor and any person acting under the authority of the controller or the processor, who has access to personal data, shall not process those data except on instructions from the controller, unless required to do so by Union or Member State law).
Note for California residents: Under the California Consumer Privacy Act (“CCPA”), California residents have the right to know what personal information about them is collected, request deletion of their personal data, opt-out of the sale of their personal data, and not be discriminated against if they choose to exercise any of these rights. AskBeat Customer Feedback does not sell and does not process any personal information for any commercial purpose other than operating the App and providing the Services. We will not discriminate against you for exercising any of your CCPA rights.
AskBeat Customer Feedback is not intended for anyone under 18 years of age (“Children”). We do not knowingly collect any personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you believe that your Children have provided us with personal data, please contact us asap.
A cookie is a file containing an identifier (a string of letters and numbers) that is stored by the browser. Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
A session cookie, which contains no personally identifiable information, will be stored on your browser when you log in to our App. This cookie will keep you logged in during your use of the App, so that you will be able to navigate through and use our Services. This cookie is strictly necessary, thus consent is not required. The cookie will expire when you close your web browser or log out from our App.
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
Important note: Blocking all cookies will have a negative impact upon the usability of many websites. If you decide to block all cookies, you will not be able to use our App and the provided Services, as you will be immediately logged out.
We may update this policy from time to time, in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons. We will publish a new version here, mentioning the “Last update date”, which is also the effective date of this policy.
You should check this page occasionally to ensure you are happy with any changes to this policy. If you continue to use our App after the effective date, then you will be considered as having consented to the revised Privacy Policy. If you do not agree with the updated Privacy Policy, you are advised to not use / uninstall the App through your Shopify dashboard.
We will notify you of significant changes to this policy by using a banner on the homepage of AskBeat Customer Feedback dashboard and/or via email.
If a provision of this Privacy Policy is determined by any court or other competent authority to be invalid, unlawful and/or unenforceable, the other provisions will continue in effect. If any invalid and/or unlawful and/or unenforceable provision of this Privacy Policy would be valid, lawful or enforceable if part of it were deleted, that part will be deemed to be deleted, and the rest of the provision will continue in effect.
This document was created using a template from SEQ Legal.
If you have any questions or concerns about this Privacy Policy, please feel free to email us at privacy@askbeat.com.