Last updated: July 25th, 2021
Welcome to Loox, a web application that provides an online reviews and marketing solution (the “Application”) for merchants who use the Shopify platform to operate and enhance their e-commerce websites (the “Merchants”). The Application is owned and operated by Loox Online Ltd. (“we”, “us”, “our”).
Information we obtain from Shopify. The Application is available only to Merchants who own a Shopify store. When you install the Application through the Shopify app store, we automatically gain access to the following information from your Shopify account: your full name, address, e-mail address and cell phone number. We also obtain details of your Shopify store.
Customers Information. While using the Application, we gain access to the following information of your Shopify store customers: full name, address, email address, purchase amount, purchase date, and the item purchased.
Review Information. If your customer chooses to submit a review on your store, we will collect any information your customer chooses to provide within such review, including: photos, videos, rating, review text, comments to the review and responses to other questions that you may present in the submission form.
Meta Data. When you use the Application, we collect information about your computer or mobile device, your operating system and your browser. We also collect Meta Data of your customers.
Analytics. When you use the Application, we collect information about your use of the Application. For example, we may record the frequency and scope of your use, action taken while using the Application and the interactions you make with the Application.
We also collect Analytic information about your customers’ use of the Application and your store.
We process the Information we obtain from Shopify to identify you and to operate the Application and provide you with its features and functionality.
The legal basis under EU law for processing your Information, is the performance of our Terms of Service contract with you and our legitimate interest in the operation of the Application.
We process your Information we obtain from Shopify to send you updates and other communications related to the Application.
The legal basis under EU law for processing your information is our legitimate interest in promoting our business by updating users of new features of the Application and other information pertaining to the Application.
If you indicate your explicit consent, we will use your Information to send you marketing communications about our services, including updates about new services that we believe may be suitable to you.
You may 'opt-out' of using your information for marketing communications by sending an email to: firstname.lastname@example.org, or as otherwise provided in our marketing communications. By doing so, we will only delete or stop processing the information which is required to contact you for marketing communications, while the rest of the Information which is necessary to provide you with the Service will continue to be processed and used.
The legal basis under EU law for processing your information for marketing communication purposes is your explicit consent.
We process Meta Data for security and monitoring purposes.
The legal basis under EU law for processing Meta data is our legitimate interests in monitoring and securing our Service.
We process your Analytics Information to understand how users interact with the Application so that we can personalize, develop and improve it.
The legal basis under EU law for processing your Analytics Information is our legitimate interest in understanding how the Application is used in order to develop and improve it.
We do not sell your personal information to third parties.
We will not share your information with third parties, except in the events listed below or when you provide us your explicit and informed consent.
We will share your personal information with service providers, who assist us with the internal operations of the Application. These companies are authorized to use your personal information only as necessary to provide their services to us and not for their own purposes. The service providers we use are listed here.
If you violate any applicable law, your information will be shared with competent authorities and with third parties (such as legal counsels and advisors), for the purpose of handling the violation.
The legal basis under EU law for such processing is our legitimate interest in enforcing our legal rights.
If we are required to disclose your information by a judicial, governmental or regulatory authority.
The legal basis under EU law for this processing is our compliance with the legal obligations we are subject to.
If the operation of the Company is organized within a different framework, or through another legal structure or entity (such as due to a merger or acquisition), provided that those entities agree to be bound by the provisions of this Notice, with reasonably necessary changes taken into consideration.
The legal basis under EU law for this processing is our legitimate interests in business continuity following a structural change.
We retain your personal data as long as the Application is installed in your Shopify store. Thereafter, we will continue to retain your personal information as necessary to comply with our legal obligations, resolve disputes, establish and defend legal claims.
We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information. However, these measures do not provide absolute security. Therefore, although efforts are made to secure your personal information, it is not guaranteed, and you cannot expect, that the Service will be immune from information security risks.
The Application, by its nature as an online service, may store and process Information in various locations throughout the globe, including through cloud services.
Transfer of Information outside the EU. Information we collect from you will be processed in Israel, which is recognized by the European Commission as having adequate protection for personal data.
When we transfer your information from within the EU to the United States or other countries, which are not recognized by the European commission as having adequate protection for personal data, we will endeavor to do so while using adequate safeguards determined by the European commission, such as the privacy shield framework for the United States.
If you are an individual in the EU, you have the following rights:
Right to Access your personal data that we process and receive a copy of it.
Right to Rectify inaccurate personal data we have concerning you and to have incomplete personal data completed.
Right to Data Portability, that is, to receive the personal data that you provided to us, in a structured, commonly used and machine-readable format. You have the right to transmit this data to another service provider. Where technically feasible, you have the right that your personal data be transmitted directly from us to the service provider you designate.
If the legal basis for processing your personal information is your consent, you may Withdraw Your Consent at any time. If you do that, we will still process certain information on legal basis other than consent, as described in this Notice. Withdrawing your consent will not affect the lawfulness of data processing we carried out based on your consent before such withdrawal.
Right to Object, based on your particular situation, to using your personal data on the basis of our legitimate interest. However, we may override the objection if we demonstrate compelling legitimate grounds, or for the establishment, exercise of defense of legal claims. You may also object at any time to the use of your personal data for direct marketing purposes.
Right to Restrict processing your personal data (except for storing it) if you contest the accuracy of your personal data, for a period enabling us to verify its accuracy; if you believe that the processing is unlawful and you oppose the erasure of the personal data and requests instead to restrict its use; if we no longer need the personal data for the purposes outlined in this Policy, but you require them to establish, exercise or defense relating to legal claims, or if you object to processing, pending the verification whether our legitimate grounds for processing override yours.
Right to be Forgotten. Under certain circumstances, such as when you withdraw your consent, you have the right to ask us to erase your personal data. However, we may still process your personal data if it is necessary to comply with a legal obligation we are subject to under laws in EU Member States or for the establishment, exercise or defense of legal claims.
If you wish to exercise any of these rights, contact us at email@example.com.
We reserve the right to ask for reasonable evidence to verify your identity before we provide you with information. Where we are not able to provide you with information that you have asked for, we will explain the reason for this.
Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If you are in the EU, you can lodge a complaint to the supervisory authority, in particular in the Member State of your residence, place of work or of an alleged infringement of the GDPR. For a list of supervisory authorities in the EU, click here.
The Application is not intended for minors under the age of 18. We do not knowingly or intentionally collect information from minors under the age of 18.
From time to time, we may change this Policy, in which case we will notify you of the updated Policy by email. The latest version of the Policy will always be accessible on the Application.
Loox Online Ltd. is the data controller of your personal data we collect and process through the Application.
Loox Online Ltd. Is the data processor of your Customers Information we collect and process through the Application.
You can contact us at firstname.lastname@example.org
If you have any questions or requests concerning your personal data or about our privacy practices and policies, you may contact us, at: email@example.com
We value your privacy and your rights as a data subject and have therefore appointed Prighter as our privacy representative and your point of contact.
Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit: https://prighter.com/q/19769498