Who we are
APPSOLVE (“Company”), having its registered headquarters at 14 Bogdan Voda Str., Bucharest 010936, Romania, processes personal data in compliance with the applicable legal regulations on the protection of natural persons with regard to the processing of personal data.
We may process personal data in relation to:
- merchants using Shopify and their representatives, customers, and users
- other partners and (potential) clients
- visitors to Appsolve websites and pages or anyone contacting us
General information on processing personal data
Personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Controller means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processor means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
Recipient means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not.
The main data/categories of data processed by the Company
The main data/categories of data processed by the Company depend, as the case may be, on the purposes associated with the processing, and include data such as:
- identity data (such as name, surname)
- contact details (such as email address, mobile telephone number, instant messaging accounts)
- data related to you being a representative of an entity / legal person that enters/has a legal relation (such as position held, place of work, signature)
- data obtained when accessing the Company’s pages/site (such as the online identifier of the persons accessing one or more of the Company’s site or pages, identifier processed for the purposes mentioned in the Cookies Policy related to that page/site)
- data obtained when accessing the Company’s products, services, and/or online platforms; we may process the data, content, other user/mobile account information, and other information you provide when you use our products, services, and/or online platforms and/or information which is provided about you by social networking platforms and other engagement channels providers according to your settings preferences within such engagement channels (such as your username, hometown, age range, likes, other data you set in you profile to be public or to be provided to others by that channel provider).
Information from merchants
What information do we collect from merchants and why?
- We collect your name, email address, and phone number.
- We use this information to provide you with our Service; for example, to confirm your identity, contact you, provide you with advertising and marketing, and invoice you. We also use this information to make sure that we comply with legal requirements.
- We collect data about the APPSOLVE websites that you visit. We also collect data about how and when you access your account and the APPSOLVE platform, including information about the device and browser you use, your IP address, and information about how you browse through the APPSOLVE interface.
- We use this information to give you access to and improve our Services; for example, to make our platform's interface easier to use. We also use this information to personalize the Services for you. Finally, we may use this information to provide you with advertising or marketing.
- We collect personal information about your customers that are shared by you via Shopify's API. In order to deliver the Service, you provide us with access to your orders. The access is granted when you install the app and give us permission to access your orders. We use this information only to provide you with our Service.
Information from customers
- We collect our merchants' customers' ID, name, email, phone number, shipping and billing address.
- We only use this information to provide our merchants with the Service. For our merchants' customers, we process your information solely as a data processor on behalf of our merchants.
- APPSOLVE never shares your customers' information with third parties
Information from APPSOLVE website visitors and support users
What information do we collect and why?
- As you visit or browse the APPSOLVE websites, we collect information about the device and browser you use, your network connection, your IP address, and information about the cookies installed on your device. We also collect personal information submitted by you via any messaging feature available from any of our websites (“Messaging Feature”).
- We may also receive personal information when you contact us via any of our websites.
- From chat support users, we collect your name, email address, information about the device and browser you use chat transcript, and other personal information you provide us during our chat.
Information from cookies and similar tracking technologies
What is a cookie? A cookie is a small amount of data, which may include a unique identifier. Cookies are sent to your browser from a website and stored on your device. We assign a different cookie to each device that accesses our website.
Data is processed for the purposes mentioned in the Cookies Policy related to that page/site.
Sources from which we collect personal data and, if the case may be, publicly available sources
We generally collect personal data directly from you when you are in a legal relationship with our Company or you are the representative of an organization that is in legal relationship with the Company.
In other cases, we may process personal data collected from other sources such as Merchants, suppliers or partners, publicly available sources, Shopify, and other channels/platforms providers, according to your settings preferences within such channels/platforms.
Types of data processing
Purposes for which personal data are processed
The Company processes personal data for multiple purposes. The methods of processing, the legal basis for processing, retention periods, and other such aspects may be different, depending on each purpose.
We process personal data mainly for the following purposes:
- Carrying out the activity of the Company, providing products and providing services related in particular to the main scope of work of the Company, respectively Vitals Services
- Managing our relationships with customers, suppliers, and professionals in various fields of activity, correspondence, offers, negotiations, contracts, and account management.
- Improving the activity and services of the Company in relation to our customers and partners
- We process personal data in order to fulfill our contractual obligations and commitments
- Managing the risks related to our activity, meaning that we take security measures to protect personal data, measures that involve the detection, investigation, and resolution of security threats.
- In accordance with applicable law, we use the contact details to directly or indirectly provide information that we believe is of interest to you
- In case of visiting our sites or our pages on social networks, it is possible to process some information for the purposes mentioned in the Cookies Policy
- Compliance with legal and/or regulatory requirements, such as those of a fiscal nature or those requested by special normative acts that regulate our object of activity or, as the case may be, archiving
- Economic-financial-administrative management
- Exercising or defending our legal rights in court
Legal basis on which data processing is based
The legal bases of the processing take into account the provisions of the applicable normative acts regarding the processing of personal data and the provisions of the applicable legislation in the Company’s field of activity.
The processing is based on at least one of the following conditions of the legality of the processing:
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which the Company as controller is subject;
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party,
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes, only when mandatory under the law;
- for the management of our relations with potential customers and clients or our partners, including,
- for managing the risks related to our activity
- managing the notifications/complaints in connection with our services
- to improve our products and/or services,
- to ascertain the exercise or defense of our rights in court
How long do we keep personal data
We retain the personal data we process only for as long as is necessary for the purpose for which it was collected (including in accordance with applicable law or regulations), such as:
- During the execution of the contract / legal relation for the personal data necessary for its conclusion/ for its execution,
- During the period provided by law in situations where there are normative acts applicable in this regard (e.g. in the case of mandatory accounting records and supporting documents underlying the financial records)
- During the management period of the relationship with potential clients/clients/beneficiaries of our services/partners of the Company and their representatives, respectively until the exercise of opt-out for the data used for the purpose of transmitting commercial communications containing information and offers regarding services and/or products,
- Until the withdrawal of consent for the processing of personal data based exclusively on consent
- For the archiving period mentioned by law or by the applicable policies of the Company, as the case may be, for the data contained in the documents for which the law or the Company provided for the archiving
- In any other case and/or in the absence of specific legal, regulatory or contractual requirements, our reference period for keeping personal data is at least 3 years from the date of termination of relations / last contact between the Company and the data subject
Any data may be retained by the Company, except from the foregoing provisions where applicable, until the expiry of the limitation period, in respect of situations in which the Company would have a legitimate interest in retaining certain personal data in connection with potential litigation that may arise between the parties.
In any case, except for the situations provided by the applicable legislation, we delete your data at the time you request such deletion. The applicable exceptional situations will be communicated to the data subject through the response submitted by our company in connection with the request to delete the data.
Your rights and how to exercise them
Our company is responsible for facilitating the exercise of your rights mentioned below.
Any of these rights may be exercised by sending an e-mail to us, or you can submit/send it to our headquarters address.
For the protection of your data, in order to prevent the abuse of malicious people who would follow the access to your data, if we receive a request from you regarding the exercise of the below-mentioned rights, we may ask you for additional information to verify your identity before acting on your request.
If you submit an application in electronic format for the exercise of your rights, the information will be provided by our company also in electronic format where possible.
We will try to respond promptly to any request from you and, in any case, within the time limits expressly mentioned by the applicable legal provisions (usually 30 days from the registration of the request). In certain situations, expressly provided by the applicable legislation, we may charge an access request which will take into account the administrative costs necessary to fulfill the request.
In the event that, as a result of the application of legal provisions, our company cannot comply, in whole or in part, with a request received from you as a data subject, then the applicable exceptional situations will be communicated to you by means of the reply submitted by our company in connection with the request in question.
The right to access your personal data
You have the right to access your data we process as controller, respectively to obtain from the Company a confirmation whether it processes personal data concerning you and, if so, the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data have been or are to be disclosed, in particular recipients from third countries or international organizations;
- where possible, the period for which personal data are expected to be processed or, if this is not possible, the criteria used to establish the retention period;
- the existence of the right to request the rectification or deletion of personal data or the restriction of the processing of personal data or the right to oppose the processing;
- the right to lodge a complaint with a supervisory authority;
- if personal data are not collected from you, any available information on their source;
- the existence of an automated decision-making process including profiling, as well as, at least in those cases, relevant information on the logic used and on the importance and expected consequences of such processing for the data subject.
If you fall under the protection of GDPR and your personal data are transferred to a third country or an international organization, you have the right to be informed of the appropriate safeguards.
The right to rectification of data
You have the right to obtain from the Company, without undue delay, the rectification of inaccurate personal data concerning you. Taking into account the purposes for which the data were processed, you have the right to obtain the completion of personal data that are incomplete, including by providing an additional statement. When possible or necessary we will make corrections (as appropriate) based on updated information and inform you about this if necessary.
The right to delete data
You have the right to obtain from the Company the deletion of personal data concerning you, without undue delay, except for certain cases provided by the law, if one of the following reasons applies:
- personal data are no longer necessary for the purposes for which they were collected or processed;
- you withdraw your consent on the basis of which the processing takes place insofar as the processing is based exclusively on the consent and there is no other legal basis for the processing;
- you object to the processing carried out for the purpose of public interest or for the purpose of the legitimate interests pursued by the Company or a third party and there are no legitimate reasons to prevail over your interests / fundamental rights and freedoms regarding the processing
- personal data have been processed illegally;
- personal data must be deleted in order to comply with a legal obligation incumbent on the Company under the law governing it and/or its activity;
- other situations provided by the applicable legislation insofar as they are applicable
The right to restrict processing
You have the right to obtain a restriction on processing in the following cases:
- you contest the accuracy of the data, for a period that allows the Company to verify the accuracy of the data;
- the processing is illegal, and you object to the deletion of personal data, requesting in return the restriction of their use;
- the company no longer needs the personal data for the purpose of processing, but you request them for the ascertainment, exercise or defense of a right in court; or
- you have objected to the processing in processing for the purpose of the legitimate interests pursued by the Company or by a third party, for the period during which it is verified whether the legitimate rights of the controller prevail over those of the data subject.
The right to data portability
You have the right to receive your personal data which you have provided to the Company, in a structured, commonly used format that can be read automatically and when transmitted to another controller, without obstacles on the part of the Company, if (i) the processing is based on consent or contract and (ii) processing is carried out by automatic means.
In case of exercising the right to portability of personal data, they may be transmitted directly from the Company to another controller expressly indicated by you, where this is technically feasible.
The right to opposition
When the processing is carried out for the purpose of the legitimate interests pursued by the Company or by a third party. At any time you have the right to object, for reasons related to your particular situation, to the processing carried out for the purpose of public interest or for the purpose of the legitimate interests pursued by the Company or a third party, including the creation of profiles. In this case, the Company will no longer process your personal data, unless it demonstrates that it has legitimate and compelling reasons justifying the processing and prevailing over your interests, rights, and freedoms or that the purpose is to establish, exercise, or defend a right in court.
The right to object to processing for direct marketing purposes
When the processing has direct marketing as scope, you have the right to object at any time to the processing of personal data concerning you for this purpose, including the creation of profiles, insofar as it is related to that direct marketing. We inform you that the Company may send you offers, information, and other types of communications in the light of situations such as following your participation in an event organized by the Company as a main organizer or as a partner, the fact that you have agreed to receive commercial communications from us.
If you object to the processing for direct marketing purposes, personal data will no longer be processed for this purpose.
The right to withdraw consent
If the processing is based on your consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent before its withdrawal. The assumption of withdrawal of consent is not applicable in cases where the basis for processing is not consent.
The right to submit a complaint
If you want to complain about the use of your personal data, please send an e-mail /letter with the details of your complaint to us. We will analyze and respond within the legal deadlines to any complaint we receive. You also have the right to file a complaint with the competent data protection supervisory authority.
Recipients or categories of recipients of personal data
The company may transmit/grant access / disclose personal data mainly to the following categories of entities:
- public authorities and entities (such as tax authorities, etc.)
- service providers (like Cloud providers)
Especially for data subjects who fall under the protection of GDPR, the Company’s cloud hosting provider, Amazon Web Services (AWS), has a POP in the United States, and transfers are made to entities outside the European Union. If you fall under the protection of GDPR and the Company transfers your personal data to a third country or to an international organization, we will ensure that it is adequately protected, ie that we transmit the data in a country that provides an adequate level of protection as assessed by the competent entities or, if the country is considered not to have laws equivalent to GDPR data protection standards, we will ask the third party to conclude a legally binding contract/agreement/instrument that reflects the latter standards or provides other appropriate guarantees in this sense.
Consequences of refusal of the provision of personal data
If personal data is collected directly from you, we inform you that, as a rule, you are not obliged to provide your personal information to the Company, unless their provision constitutes a legal or contractual obligation or an obligation /is necessary for concluding a legal relationship/contract. Thus, to the extent that you opt to enter into a legal relationship with the Company or otherwise benefit from our services/product, the provision of personal data is a necessity from the perspective of legal requirements and/or the legal relationship with us, because this information is necessary to honor the obligations undertaken by the Company in relation to you or to provide services and/or products to you. So, in these situations, depending on the data you refuse to provide, it is possible that:
- our company is unable to conclude the contract or to continue the contractual relationship with you
- it may be impossible to partially / fully fulfill our obligations and to provide our services
If you consider that the information contained herein is ambiguous or contains ambiguities, you can request clarifications in this regard from us.
Our contact information for data protection purposes
Email: [email protected]
Address: Bogdan Voda 14, Bucharest 010936, Romania
Date of Last Revision: January 23, 2023