February 4, 2019
February 20, 2019
WHAT DO WE COLLECT
“Personal Data” means any information relating to an identified or identifiable natural person. We collect Personal Data from two (2) classes of users of the service: Administrators for entities that contract with us or that might be interested in contracting with us (“Merchants”) and the persons that Merchants desire to use the Service offered by the Merchants (“Customer End Users”).
For Merchants, we will collect Personal Data such as:
Email address provided by Merchant
Unique Identifier (token provided by Shopify)
Log Files, which record errors encountered during app use.
IP address of Merchant accessing the Service
Such Email or contact information automated workflows that Merchants choose to make public on your site or disclose to others by through data entered into workflows using the Services.
For Merchants we may also collect non personally identifiable data that may be linked to Merchant Personal data by us or Third Party Service and Application Providers.
Logs of completed tasks and configured triggers and actions.
Third Party Services and Applications linked to and their APIs
Workflow logs that you can view containing tasks and configured triggers and actions.
Third Party Applications Integration
For non-Shopify platform Third Party Services and Applications, we will authorize your access and enable you to share your workflows and data with the Third Party Services and Applications You can change this access by editing your workflows.
Customer End Users:
We do not knowingly collect Personal Data on Merchant Customers or Customer End Users. The Services allow you to create workflows to transmit or use data that you collect using tokenized fields, but we do not store any End User data unless you enter it directly into the workflow. You should not store Customer End User Personal Data or other Personal Data in workflows as it will not be secure.
We and our third-party service providers may collect certain tracking information about your use of our Service. For example, we collect;
• Log information (including your dates/time of access and related data)
We collect information when you visit the Service including viewing any of our documents linked to this Policy, use our App or Service, which may include personal information or other information considered personal, such as your browser details, the date and time of your visit, and even your Internet Protocol address.
The Policy covers in detail the technologies used by us, why we use them, and your rights to opt in or out of being tracked in your Company account with cookies.
What are cookies?
Cookies are small text files that are downloaded by the browser that you use to reach and use our service. These cookies collect, store, and share data of your activities across websites. They are mainly used to learn about your actions when you interact with the sites and services and "remember" you and your preferences, such as your preferred browser or language, either for a single visit (via a 'session cookie') or for multiple visits (using a 'persistent cookie').
We use both session-based and persistent cookies. Here’s what they are:
• Session cookies are temporary and last only while your browser is open. They are deleted from your device when you leave the service.
• Persistent cookies remain in your browser or device for a much longer time mostly until your browser deletes them or when they reach their expiry date, depending on the cookie. They are unique and allow us to perform site, app and Service analytics and customization, among other similar things.
Cookies may be set by either the site that you are visiting (‘first party cookies’) or by third parties, such as those who use our services (‘third party cookies’). More information on cookies can be found at www.aboutcookies.org.
Types of cookies
The table below explains the types of cookies we use on our websites, apps and the Service and why we use them.
Category of cookies Why we use these cookies
Necessary These cookies are strictly necessary to perform important activities such as allowing registered users to authenticate themselves to secure areas and perform account related functions.
Preference These cookies allow our services to recognize you and remember your preferences when using our services. This enables us to personalize our content for you and provide you with a more personal experience without you having to re-enter your preferences every time you visit our Services.
Security These cookies help to detect, identify, and prevent suspicious or malicious activities on our services. They also detect authentication failures and take measures to increase the security of the service
Analytics These cookies collect information on how users interact with our services. This helps us understand how well our services are doing and what improvements are need. This enables us to operate our Services more efficiently, and to research and develop new Services and features.
Third-Party / Embedded Content Cookies operated by third-party applications or service providers gather browsing activity across multiple websites and across multiple sessions and use them to enhance the experience of website visitors. These cookies may be used for providing certain statistical and analytics purposes and can help to prevent fraudulent traffic or other suspicious activities. They are usually a persistent cookie and continue to stay in your system until you delete them or they expire based on the time period set in each third-party cookie.
Please note that we have no direct control over the information collected by these cookies or how they use them. So it is advisable to review each third-party's cookie disclosure before consenting to this use category.
What cookies do we use?
While there are several types of cookies (as specified in the ‘types of cookies’ section), Company uses ‘Strictly Necessary’, ‘Preference’, and ‘Third-Party’ cookies.
‘Strictly Necessary’ cookies are required for using our sites and services. If you refuse to accept these cookies, we are not liable for any security breach nor can we predict how our sites and services will perform.
We use ‘Preference’ cookies to track your behavior and remember your preferences.
Company uses third-party applications to provide better service to all our users. These apps and services make use of persistent cookies to improve user experience, analyze user behavior, and manage content.
How to control and disable cookies
You have the right to decide whether or not to accept cookies and similar technologies. If, however, you choose to disable cookies, it may affect the availability and functionality of some components or features of our Services.
Opt-out of cookies through browser
Most browsers accept cookies, by default. However, they provide ways that allow you to change cookie settings in order to make the browser refuse certain types of cookies or at least inform you before accepting cookies. You can make these changes either through the browser’s inbuilt settings or through external plugins. The procedure for changing cookie settings is different for different browsers. You can go to the help page of your browser to learn more.
If you do not opt out of accepting cookies, you agree to the collection, usage as well as sharing of your details, including your personal data, by us and by the various third-party apps (subject to their privacy and cookie policies) that we use. You can change cookie setting to revoke your consent anytime by following the steps mentioned in the ‘How to control and disable cookie settings’ section given above.
HOW DO WE USE YOUR DATA?
BONIFY, LLC utilizes Tracking Information to access anonymous data to help us understand how our Services are used. We use Tracking Information to customize content for you and improve our Services. Google Analytics provides reports to Company with website trends without identifying individual visitors.
We use Merchant Personal Data to match and authenticate your account access to Shopify and related applications.
Providing the Services
We use Merchant Personal Data to provide the Services, provide customer service/support and communicate with you regarding the Services and new features. If you are a Merchant, it enables us to track your use for merchant service purposes.
SHARING YOUR DATA
We will not sell, rent, or share Personal Data with third parties outside of our company without your consent, except in the following ways:
Note About Automation Tools.
While we do not post your Personal Data directly, Bonify, LLC’s Services includes automation of certain functions by Merchant to Merchant website and other Third Party Services and Applications, some of which may involve communicating with your customers or other members of the public for viewing by the public If you choose to link workflows to these Third Party Services and Applications or post your contact information or other Personal Data into these tools or share your Personal Data or that of your customers with Third Party Services and Applications, they may be viewable by third parties. Please consult with the privacy policies of any Third Party Service and Application providers you choose to link the Services to.
Excluding the Personal Data you provide to use to administer your use of the Services, you can control what data you share by editing your workflows.
Processing Your Payment
We work with Shopify to process your payment in order to use the Services. We do not collect or store your payment information or Personal Information related to payment.
We use Merchant Personal Data to communicate with you regarding the provisioning of the Services, but also to let you know about additional features and services we provide that may be of interest to you. If you do not wish to receive marketing communications, you may opt out at any time
Law Enforcement and Internal Operations
We sometimes contract with other companies and individuals to perform functions or services on our behalf, such as software maintenance, data hosting, sending email messages, etc. We necessarily have to share your Personal Data with such third-parties as may be required to perform their functions. We take steps to ensure that these parties take protecting your privacy as seriously as we do, including entering into Data Processing Addendum(s), EU Model Clauses and/or ensuring these third-parties have EU-U.S. and Swiss-US Privacy Shield certification.
Third Party Service Providers
Use of the Shopify Platform and Shopify as Controller in Common
Shopify Residents outside of the European Economic Area:
Attn: Chief Privacy Officer
150 Elgin St., 8th Fl
Ottawa, ON K2P 1L4
Shopify Residents of the European Economic Area:
Shopify International Limited
Attn: Data Protection Officer
c/o Intertrust Ireland
2nd Floor 1-2 Victoria Buildings
Dublin 4, D04 XN32
The following third-party processors collect personal data on our behalf and transmit it to us
Third Party Provider: Google Analytics
Location of Processing: United States
Basis for Processing: US-EU Privacy Shield and EU Standard Contractual Clauses with Data Processing Amendment.
Third-Party Provider: Zendesk (Zendesk.com)
Location of the Processing: United States (US).
Basis for Processing: Zendesk is EU-US Privacy Shield Certified
Purpose and Personal Data collected: collects email address and correspondence history through service help center and support ticketing system, including, but not limited to install/uninstall and Merchant upgrades/downgrades.
Third-Party Provider: Drip (Drip.com)
Location of the Processing: United States
Basis for Processing: EU Standard Contractual Clauses and Data Protection Addendum
How is my data protected?
We have implemented reasonable administrative, technical and physical security measures to protect your personal information against unauthorized access, destruction or alteration. For example:
Restricting staff access to Personal Data protected by passwords, which are revoked when staff departs.
Restricting Personal Data to key BONIFY, LLC staff on a need to know basis.
Regular staff privacy and security training
Data is only available via HTTPS and SSL
Data is kept on secure, encrypted servers
However, because no security system can be 100% effective, we cannot completely guarantee the security of any information we store, process or transmit.
Right to Review or Withdraw Consent
You can update most of your Personal Data and change/remove your sharing authorizations with Third Party Services and Applications by logging on to your Shopify account. However, if additional assistance is required to change or delete inaccuracies within your Personal Data or would like to know what information about you was collected, please contact us at firstname.lastname@example.org. We reserve the right to charge for copies of data requested.
If you would like to stop receiving email communications, follow the unsubscribe instructions at the bottom of the email.
Right to Withdraw Consent
You have the right to withdraw consent where such consent is required to share or use data. People located in the European Economic Area (EEA) may request that we delete your Personal Data. If you receive communications from us and no longer wish to receive them, please follow the removal instructions in the email or change your account settings. You can delete your Personal Data by uninstalling the app through the Shopify dashboard. However, since your Personal Data is required for us to provide the Services to you, deleting it will also terminate your access to the services. Deleting your Personal Data does not mean that all of it will be removed. If you request that we remove your Personal Data, we will work with you to find ways to comply with your lawful request where possible. We may be required by law, to retain it to exercise or defend legal claims, or contractual obligations with our customers to retain some information in connection with our obligation to provide the Services. We may de-identify and anonymize some data for purposes of retaining it.
If you would like to stop receiving email communications, follow the unsubscribe instructions at the bottom of the email.
If you are located in the EEA and you would like us to transmit your Personal Data to another company providing similar services using the Shopify network or otherwise, we will work with them to do so upon request and verification of such request with both the requestor and the company receiving the Personal Data. You may already export your configured workflows in a machine readable format.
Right to Redress
If you are located in the EEA and you believe we have violated any data protection laws you may file a complaint with the Data Protection Authority.
Transnational Transfer of Data
If you are providing your Personal Data to us directly to use our Services, we will transmit your data, including your Personal Data, to the United States in order to fulfill our contractual obligations to you.
YOUR CALIFORNIA PRIVACY RIGHTS
California residents who have an established business relationship with BONIFY, LLC may make a written request to BONIFY, LLC about whether BONIFY, LLC has disclosed any Personal Information to any third-parties for the third-parties' direct marketing purposes during the prior calendar year. To make such a request, please send an email or write us:
ADDRESS: 83 Amherst Street, FL2, Manchester, NH 03101
PHONE: 603 518-7387
Third Party Websites
We may link to other websites or use third party services such to connect to the Services. When you click on one of these links or use these services, you are ‘clicking’ to another website or using a third party service. BONIFY, LLC does not control the data collection or privacy practices of such third-party sites. We encourage you to read the privacy policies of any third-party sites, as their collection, use and storage practices, and policies may differ from ours.
Minors Under 16-years of Age
BONIFY, LLC does not knowingly collect or store any personal information from or about children under the age of 16.
If you believe a child under the age of 16 has under any circumstances provided us with personal information and data, a parent or legal guardian can email us at email@example.com to request that their children’s information be deleted from our records and we will work with our partners to resolve the request
Do Not Track
Do Not Track” or DNT is a feature enabled on some browsers that sends a signal to request that a web application disable its tracking or cross-site user tracking. At present, our Site does not respond to or alter its practices when a DNT signal is received.