Privacy Policy for Recommendy

Effective Date: 24.11.2024

Last Updated: 24.11.2024

Thank you for choosing Recommendy. Protecting your personal data is important to us. This Privacy Policy explains how we collect, use, and protect your information in compliance with the General Data Protection Regulation (GDPR). By using Recommendy, you agree to this Privacy Policy.

If you have any questions, please contact us at tassilo@recommendy.org.

1. Information We Collect

• Data Provided by Shopify

  When you install Recommendy, Shopify provides us with the following information about your store:

  • Store name and URL
  • Email address
  • Customer, product, and order data (used for referral tracking and loyalty program functionality)
• Data You Provide Directly

  We may collect additional data if you interact with us, such as:

  • Name and email address (e.g., when contacting support)
  • Feedback or information provided in inquiries
• Data About Your Customers

  To provide referral and loyalty functionality, we may process:

  • Customer name and email address
  • Referral and reward activity
  • Purchase history for calculating referral rewards
• Analytics and Device Information

  To improve our app, we collect anonymized or aggregated data, such as:

  • App usage patterns
  • Technical data about devices or browsers accessing Recommendy

2. Purpose and Legal Basis for Processing

We process your personal data based on the following lawful grounds:

• Performance of a Contract: To provide our services, such as referral tracking, loyalty rewards, and app functionality. To communicate with you about updates, technical issues, or support inquiries.
• Legitimate Interests: To improve Recommendy’s performance and add features based on app usage patterns. To prevent fraud and secure our services.
• Legal Obligations: To comply with applicable laws and regulatory requirements.
• Consent: For any optional marketing emails or non-essential communications, where you have explicitly opted in. You may withdraw consent at any time.

3. Your Rights Under GDPR

As an individual within the European Economic Area (EEA), you have the following rights regarding your personal data:

• Right to Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You can request that we correct any inaccurate or incomplete personal data.
• Right to Erasure (Right to Be Forgotten): You can request that we delete your personal data. However, certain data may be retained for legal or operational reasons.
• Right to Restriction: You can request that we limit the processing of your personal data under specific circumstances.
• Right to Data Portability: You can request your data in a structured, commonly used, and machine-readable format to transfer it to another service provider.
• Right to Object: You can object to our processing of your personal data based on legitimate interests or direct marketing.
• Right to Withdraw Consent: If you have provided consent for certain processing activities, you may withdraw it at any time without affecting the lawfulness of processing based on consent before withdrawal.

To exercise any of these rights, please contact us at tassilo@recommendy.org. We will respond to your request within 30 days, as required by GDPR.

4. Data Sharing and Transfers

We only share personal data under the following conditions:

• With Shopify: To integrate and enable our services, we share data with Shopify. Please review Shopify’s privacy policy for details: Shopify Privacy Policy.
• With Service Providers: We work with trusted third-party providers for purposes such as cloud storage, hosting, and app performance analytics. All third parties comply with GDPR requirements and only process data on our behalf.
• Legal Compliance: We may disclose data if required to comply with legal obligations, regulatory requirements, or to protect our rights.
• International Transfers: If personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses, to protect your data.

5. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this Privacy Policy or as required by law. Once no longer needed, data is securely deleted or anonymized.

• Merchant Data: Data is retained for the duration of your subscription to Recommendy and is deleted within 30 days of app uninstallation.
• Customer Data: Customer data processed for referral and loyalty programs is retained only as long as required for the program's operation or by applicable law.

6. Data Security

We implement industry-standard technical and organizational measures to protect your data from unauthorized access, loss, or misuse. While we strive to secure your data, no system can be entirely secure. If you suspect a data breach, contact us immediately at tassilo@recommendy.org.

7. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our services or legal requirements. Any updates will be posted on this page with the revised effective date. We encourage you to review this policy regularly.

8. Contact Us

If you have questions, concerns, or wish to exercise your rights under GDPR, please contact us:

Recommendy GmbH
Email: tassilo@recommendy.org