Shopify Customer Privacy Policy Template
This Privacy Policy describes how [INSERT SHOPIFY STORE URL] (the
“Site” or “we”) collects, uses, and discloses your Personal Information when
you visit or make a purchase from the Site or register with the Site by
creating a pet profile and/or subscribing to receive email notifications from
us.
Collecting Personal Information
When you visit the Site, we collect certain information about your device,
your interaction with the Site, and information necessary to process your
purchases. We also collect additional information voluntarily provided by
you when subscribing to our email list, creating a pet profile or otherwise
registering with the Site. We may also collect additional information if
you contact us for customer support. In this Privacy Policy, we refer to
any information that can uniquely identify an individual (including the
information below) as “Personal Information.” See the list below for more
information about what Personal Information we collect and why.
Device information
-
Examples of Personal Information collected: version of
web browser, IP address, time zone, cookie information, what sites or
products you view, search terms, and how you interact with the Site.
-
Purpose of collection: to load the Site accurately for
you, to perform analytics on Site usage to optimize our Site, to provide you
with information and advertising of interest to you, to communicate with you
more effectively, to assist us in effectively managing any purchases you
make from us and to effectively manage any account you have with us.
-
Source of collection: Collected automatically when you
access our Site using cookies, log files, web beacons, tags, or pixels;
collected automatically when you subscribe to our email list, create a pet
profile concerning your pet, or otherwise register with us [ADD OR SUBTRACT ANY OTHER TRACKING TECHNOLOGIES USED].
-
Disclosure for a business purpose: shared with our
processor Shopify; shared with our processor/controller Good Boy Studios,
Inc.; shared with various third-party processor marketing agencies and
advertisers [ADD ANY OTHER VENDORS WITH WHOM YOU SHARE THIS INFORMATION].
Order information
-
Examples of Personal Information collected: name,
billing address, shipping address, payment information (including credit
card numbers [INSERT ANY OTHER PAYMENT TYPES ACCEPTED]), email
address, and phone number.
-
Purpose of collection: to provide products or services
to you to fulfill our contract, to process your payment information, arrange
for shipping, and provide you with invoices and/or order confirmations,
communicate with you, screen our orders for potential risk or fraud, and
when in line with the preferences you have shared with us, provide you with
information or advertising relating to our products or services.
-
Source of collection: collected from you.
-
Disclosure for a business purpose: shared with our
processor Shopify [ADD ANY OTHER VENDORS WITH WHOM YOU SHARE THIS INFORMATION. FOR EXAMPLE,
SALES CHANNELS, PAYMENT GATEWAYS, SHIPPING AND FULFILLMENT APPS].
Customer support information
-
Examples of Personal Information collected: [MODIFICATIONS TO THE INFORMATION LISTED ABOVE OR ADDITIONAL INFORMATION
AS NEEDED]
-
Purpose of collection: to provide customer support.
-
Source of collection: collected from you.
-
Disclosure for a business purpose: [ADD ANY VENDORS USED TO PROVIDE CUSTOMER SUPPORT]
Email subscriber and profile information
-
Examples of Personal Information collected: email
address, various non-Personal Information voluntarily provided by you when
subscribing to our opt-in email list or creating a profile for your
pet. You may opt out of your email subscription and pet profile at any
time.
-
Purpose of collection: to provide you with information
and advertising of interest to you, to communicate with you more
effectively, to assist us in effectively managing any purchases you make
from us, to effectively manage any account you have with us, and for general
marketing and demographic analysis.
-
Source of collection: Collected automatically when you
subscribe to our email list, create a pet profile concerning your pet, or
otherwise register with the site.
-
Disclosure for a business purpose: shared with our
processor/controller, Good Boy Studios, Inc.; shared with various
third-party processor marketing agencies and advertisers.
[INSERT ANY OTHER INFORMATION YOU COLLECT: OFFLINE DATA, PURCHASED
MARKETING DATA/LISTS]
[INSERT FOLLOWING SECTION IF AGE RESTRICTION IS REQUIRED]
Minors
The Site is not intended for individuals under the age of [INSERT AGE]. We do not intentionally collect Personal Information from
children. If you are the parent or guardian and believe your child has
provided us with Personal Information, please contact us at the address below
to request deletion.
Sharing Personal Information
We share your Personal Information with service providers to help us provide
our services and fulfill our contracts with you, as described above. For
example:
-
We use Shopify to power our online store. You can read more about how
Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
-
We may share your Personal Information to comply with applicable laws and
regulations, to respond to a subpoena, search warrant or other lawful
request for information we receive, or to otherwise protect our rights.
-
We may share various non-Personal Information with third party data
processors for analytics purposes.
-
We may share various non-Personal Information (pet profile information) that
is voluntarily provided by you with our processor/controller, Good Boy
Studios, Inc. that is then shared with various third-party data analysis
processors.
-
Our processor/controller, Good Boy Studios, Inc., may also associate various
non-Personal Information (pet profile information) that is voluntarily
provide by you with the web cookie received by your device when you
voluntarily subscribe to our email list, create a pet profile concerning
your pet, or otherwise register with the site, and share that information
with third party processor agencies and advertisers to provide you with
targeted advertisements on third party websites you may visit.
- [INSERT INFORMATION ABOUT OTHER SERVICE PROVIDERS]
[INCLUDE FOLLOWING SECTION IF USING REMARKETING OR TARGETED
ADVERTISING]
Behavioural Advertising
As described above, we use your Personal Information (solely or in combination
with non-Personal Information) to provide you with targeted advertisements or
marketing communications we believe may be of interest to you. For
example:
-
[INSERT IF APPLICABLE] We use Google Analytics to help us
understand how our customers use the Site. You can read more about how
Google uses your Personal Information here: https://policies.google.com/privacy?hl=en. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
-
[INSERT IF YOU USE A THIRD-PARTY MARKETING APP THAT COLLECTS INFORMATION
ABOUT BUYER ACTIVITY ON YOUR SITE] We share information about your use of the Site, your purchases, and
your interaction with our ads on other websites with our advertising
partners. We collect and share some of this information directly with
our advertising partners, and in some cases through the use of cookies or
other similar technologies (which you may consent to, depending on your
location).
-
We share various non-Personal Information (pet profile information) that is
voluntary provided by you when subscribing to our email list, creating a pet
profile, or otherwise registering with the Site with our
processor/controller, Good Boy Studios, Inc., which may be associated with
either the email address voluntarily provided by you and/or the web cookie
received by your device, and then shared with various third-party processor
marketing agencies and advertisers to provide you with target advertising on
third-party websites you may visit.
- [INSERT OTHER ADVERTISING SERVICES USED]
For more information about how targeted advertising works, you can visit the
Network Advertising Initiative’s (“NAI”) educational page at
http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by:
- Deleting the pet profile you voluntarily created on our Site.
-
Opting out of the email subscription you voluntarily signed up for by
clicking the “opt out” button on any email received by you from us or
otherwise deleting the pet profile you voluntarily created on our Site.
[INCLUDE OPT-OUT LINKS FROM WHICHEVER SERVICES BEING USED. COMMON LINKS
INCLUDE:
Additionally, you can opt out of some of these services by visiting the
Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
Using Personal Information
We use your Personal Information to provide our services to you, which
include: offering products for sale, processing payments, shipping and
fulfillment of your order, and keeping you up to date on new products,
services, and offers. We also use limited Personal Information to provide
you with information and advertising that may of interest to you as described
more fully above.
[INCLUDE THE FOLLOWING SECTION IF YOUR STORE IS LOCATED IN OR IF YOU HAVE
CUSTOMERS IN EUROPE]
Lawful basis
Pursuant to the General Data Protection Regulation (“GDPR”), if you are a
resident of the European Economic Area (“EEA”), we process your personal
information under the following lawful bases:
[INCLUDE ALL THAT APPLY TO YOUR BUSINESS]
- Your consent;
- The performance of the contract between you and the Site;
- Compliance with our legal obligations;
- To protect your vital interests;
- To perform a task carried out in the public interest;
-
For our legitimate interests, which do not override your fundamental
rights and freedoms.
Retention
When you place an order through the Site, we will retain your Personal
Information for our records unless and until you ask us to erase this
information. For more information on your right of erasure, please see the
‘Your rights’ section below. When you voluntarily opt in and subscribe
to our email list, or otherwise voluntarily register with the Site, we
retain your Personal Information for our records and various third-party
controllers and/or processors, including Good Boy Studios, Inc., as
described above, unless and until you ask us to erase this
information. For more information to your right of erasure, please see
‘Your rights’ section, below.
Automatic decision-making
If you are a resident of the EEA, you have the right to object to
processing based solely on automated decision-making (which includes
profiling), when that decision-making has a legal effect on you or otherwise
significantly affects you.
We [DO/DO NOT] engage in fully automated decision-making that has a legal
or otherwise significant effect using customer data.
Our processor Shopify uses limited automated decision-making to prevent
fraud that does not have a legal or otherwise significant effect on you.
Services that include elements of automated decision-making include:
-
Temporary denylist of IP addresses associated with repeated failed
transactions. This denylist persists for a small number of hours.
-
Temporary denylist of credit cards associated with denylisted IP
addresses. This denylist persists for a small number of days.
[INCLUDE THE FOLLOWING SECTION ONLY IF YOU SELL PERSONAL INFORMATION, AS
DEFINED BY THE CALIFORNIA CONSUMER PRIVACY ACT]
Selling Personal Information
Our Site sells Personal Information, as defined by the California Consumer
Privacy Act of 2018 (“CCPA”).
[INSERT:
- CATEGORIES OF INFORMATION SOLD;
- INSTRUCTIONS ON HOW TO OPT-OUT OF SALE;
-
WHETHER YOUR BUSINESS SELLS INFORMATION OF MINORS (UNDER 16) AND WHETHER
YOU OBTAIN AFFIRMATIVE AUTHORIZATION;
-
IF YOU PROVIDE A FINANCIAL INCENTIVE TO NOT SELL INFORMATION, PROVIDE
INFORMATION ABOUT WHAT THAT INCENTIVE IS.]
Your rights
[INCLUDE FOLLOWING SECTION IF YOUR STORE IS LOCATED IN OR IF YOU HAVE
CUSTOMERS IN EUROPE]
GDPR
If you are a resident of the EEA, you have the right to access the Personal
Information we hold about you, to port it to a new service, and to ask that
your Personal Information be corrected, updated, or erased. If you
would like to exercise these rights, please contact us through the contact
information below [OR INSERT ALTERNATIVE INSTRUCTIONS FOR SENDING ACCESS,
ERASURE, CORRECTION, AND PORTABILITY REQUESTS].
Your Personal Information will be initially processed in Ireland and then
will be transferred outside of Europe for storage and further processing,
including to Canada and the United States. For more information on how data
transfers comply with the GDPR, see Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.
Information voluntarily provided by you when opting in to our email list or
otherwise registering with the Site, including any Personal Information
associated therewith, will be processed in the United States and stored in
the United States unless and until you ask us to erase this information.
[INCLUDE FOLLOWING SECTION IF YOUR BUSINESS IS SUBJECT TO THE CALIFORNIA
CONSUMER PRIVACY ACT]
CCPA
If you are a resident of California, you have the right to access the
Personal Information we hold about you (also known as the ‘Right to Know’),
to port it to a new service, and to ask that your Personal Information be
corrected, updated, or erased. If you would like to exercise these
rights, please contact us through the contact information below [OR INSERT
ALTERNATIVE INSTRUCTIONS FOR SENDING ACCESS, ERASURE, CORRECTION, AND
PORTABILITY REQUESTS].
If you would like to designate an authorized agent to submit these requests
on your behalf, please contact us at the address below.
Cookies
A cookie is a small amount of information that’s downloaded to your
computer or device when you visit our Site. We use a number of
different cookies, including functional, performance, advertising, and
social media or content cookies. Cookies make your browsing experience
better by allowing the website to remember your actions and preferences
(such as login and region selection). This means you don’t have to
re-enter this information each time you return to the site or browse from
one page to another. Cookies also provide information on how people use
the website, for instance whether it’s their first time visiting or if they
are a frequent visitor.
We use the following cookies to optimize your experience on our Site and to
provide our services.
Cookies Necessary for the Functioning of the Store
-
_ab: Used in connection with access to admin.
-
_secure_session_id: Used in connection with navigation through a
storefront.
-
cart: Used in connection with shopping cart.
-
cart_sig: Used in connection with checkout.
-
cart_ts: Used in connection with checkout.
-
checkout_token: Used in connection with checkout.
-
secret: Used in connection with checkout.
-
secure_customer_sig: Used in connection with customer login.
-
storefront_digest: Used in connection with customer login.
-
_shopify_u: Used to facilitate updating customer account
information.
Cookies for
Reporting and Analytics
-
_tracking_consent: Tracking preferences.
-
_landing_page: Track landing pages
-
_orig_referrer: Track landing pages
-
_s: Shopify analytics.
-
_shopify_fs: Shopify analytics.
-
_shopify_s: Shopify analytics.
-
_shopify_sa_p: Shopify analytics relating to marketing &
referrals.
-
_shopify_sa_t: Shopify analytics relating to marketing &
referrals.
-
_shopify_y: Shopify analytics.
-
_y: Shopify analytics.
-
_petparade_shopify_token: Good Boy Studios analytics relating to
marketing.
-
_petparade_shopify_complete: Good Boy Studios analytics relating to
marketing.
[INSERT OTHER COOKIES OR TRACKING TECHNOLOGIES THAT YOU USE]
The length of time that a cookie remains on your computer or mobile device
depends on whether it is a “persistent” or “session” cookie. Session
cookies last until you stop browsing and persistent cookies last until they
expire or are deleted. Most of the cookies we use are persistent and
will expire between 30 minutes and two years from the date they are
downloaded to your device.
You can control and manage cookies in various ways. Please keep in
mind that removing or blocking cookies can negatively impact your user
experience and parts of our website may no longer be fully accessible.
Most browsers automatically accept cookies, but you can choose whether or
not to accept cookies through your browser controls, often found in your
browser’s “Tools” or “Preferences” menu. For more information on how to
modify your browser settings or how to block, manage or filter cookies can
be found in your browser’s help file or through such sites as www.allaboutcookies.org.
Additionally, please note that blocking cookies may not completely prevent
how we share information with third parties such as our advertising
partners. To exercise your rights or opt-out of certain uses of your
information by these parties, please follow the instructions in the
“Behavioural Advertising” section above.
Do Not Track
Please note that because there is no consistent industry understanding of
how to respond to “Do Not Track” signals, we do not alter our data
collection and usage practices when we detect such a signal from your
browser.
Changes
We may update this Privacy Policy from time to time in order to reflect,
for example, changes to our practices or for other operational, legal, or
regulatory reasons.
Contact
For more information about our privacy practices, if you have questions, or
if you would like to make a complaint, please contact us by e-mail at [email
address] or by mail using the details provided below:
[INSERT YOUR BUSINESS ADDRESS]
For more information about our email subscription privacy practices, or if
you have questions regarding our email subscription privacy practices, or if
you would like to make a complaint regarding our email subscription privacy
practices, please contact [YOUR STORE NAME]., by e-mail at [email address]
or by mail using the details provided below:
[INSERT YOUR BUSINESS ADDRESS]
Last updated: [DATE]
If you are not satisfied with our response to your complaint, you have the
right to lodge your complaint with the relevant data protection
authority. You can contact your local data protection authority, or our
supervisory authority here: [ADD CONTACT INFORMATION OR WEBSITE FOR THE DATA
PROTECTION AUTHORITY IN YOUR JURISDICTION. FOR EXAMPLE: https://ico.org.uk/make-a-complaint/]