Privacy Policy

1. Introduction

Legal Entity Information:

Data Processor: Exact Solution Electronics
Legal Address: Stanisława Bodycha 87, 05-816 Reguły, Polska
Country of Incorporation: Poland
REGON: 366864056
NIP: 5252704499

This Privacy Policy describes how Exact Solution Electronics ("we", "our", or "us") collects, uses, and protects information when you use the PrestaShop Integration Shopify App (the "App"). By installing and using this App, you agree to the collection and use of information in accordance with this policy.

The App integrates your Shopify store with your PrestaShop store to synchronize orders, products, inventory data, and fulfillment information between the two systems.

Important: Data Controller vs Data Processor

Under GDPR, you (the merchant) act as the Data Controller for personal data of your customers. We (Exact Solution Electronics) act as a Data Processor, processing data on your behalf to provide the App's functionality. We process data only as instructed by you and in accordance with this Privacy Policy and applicable data protection laws.

2. Information We Collect

2.1 Shop and Merchant Information

Shop domain name and store information
Shopify API credentials and access tokens
Shop configuration settings and preferences
SKU matching rules and synchronization settings

2.2 Order Data

Order IDs, status, and dates
Order items, quantities, and pricing information
Order totals and payment information
Complete order data stored for synchronization purposes
Tracking numbers and shipment information

2.3 Customer Information

Customer names (first name and last name)
Email addresses
Phone numbers
Shipping and billing addresses
Company names (if applicable)

2.4 Product Data

Product SKUs and identifiers
Product titles, descriptions, and categories
Product prices and inventory quantities
Stock synchronization data
Product matching information between PrestaShop and Shopify
PrestaShop product IDs and references
Product variants, attributes, and specifications

2.5 User Account Information

User IDs and account information
User names and email addresses
Account owner status and permissions
User locale and language preferences

2.6 Subscription and Billing Data

Subscription status and plan tier
Billing dates and subscription periods
Usage statistics (order counts, product counts)
Note: Payment processing is handled by Shopify, not stored by us

2.7 Enterprise Request Information

Contact names and email addresses
Company names
Messages and inquiry content

3. How We Use Your Information & Lawful Basis for Processing

We use the collected information for the following purposes and lawful bases under GDPR:

                    Order Synchronization: To sync orders from PrestaShop to your Shopify store
                            
Lawful Basis: Performance of a contract (Article 6(1)(b) GDPR)
                        
Product Matching: To match and synchronize products between PrestaShop and Shopify
                            
Lawful Basis: Performance of a contract (Article 6(1)(b) GDPR)
                        
Inventory Management: To sync stock levels and inventory data between systems
                            
Lawful Basis: Performance of a contract (Article 6(1)(b) GDPR)
                        
Fulfillment Processing: To process and update order fulfillments and tracking information
                            
Lawful Basis: Performance of a contract (Article 6(1)(b) GDPR)
                        
Service Delivery: To provide and maintain the App's core functionality
                            
Lawful Basis: Performance of a contract (Article 6(1)(b) GDPR)
                        
Billing Management: To manage subscription plans and track usage limits
                            
Lawful Basis: Performance of a contract (Article 6(1)(b) GDPR)
                        
Customer Support: To respond to your inquiries and provide technical support
                            
Lawful Basis: Legitimate interest (Article 6(1)(f) GDPR)
                        
Email Notifications: To send you important updates and confirmations
                            
Lawful Basis: Legitimate interest (Article 6(1)(f) GDPR)
                        
Legal Compliance: To comply with legal obligations (e.g., accounting records)
                            
Lawful Basis: Legal obligation (Article 6(1)(c) GDPR)

4. Data Sharing and Sub-Processors

As a Data Processor, we engage the following sub-processors to provide the App's functionality. All sub-processors are bound by appropriate data processing agreements and security measures:

Sub-Processor	Purpose	Data Location
MongoDB	Data storage and database hosting	EU / US (varies by region)
Shopify	Platform & API services, subscription management	Global (with regional data centers)
PrestaShop API	Order, product, and inventory synchronization	EU / US (as per your PrestaShop hosting)
SMTP Email Provider	Email notifications and confirmations	EU / US (varies by provider)

We do not sell, rent, or trade your personal information to third parties. All sub-processors are carefully selected and bound by contractual obligations to maintain appropriate security measures and comply with applicable data protection laws.

5. Data Storage, Security, and Retention

5.1 Security Measures

We implement the following technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction (GDPR Article 32):

Encryption: Data is encrypted in transit (TLS/SSL) and at rest using industry-standard encryption algorithms
Access Control: Role-based access control (RBAC) ensures only authorized personnel can access data
Data Isolation: Merchant data is logically isolated to prevent unauthorized cross-merchant access
Audit Logging: All data access and modifications are logged for security monitoring
Regular Security Updates: Systems are regularly updated with security patches
Secure Infrastructure: Data is stored in MongoDB databases with industry-standard security measures
Backup and Recovery: Regular backups are performed with secure storage and recovery procedures

5.2 Data Retention Periods

We retain your data for the following specific periods:

                    Order and Transaction Data: Retained for up to 7 years from the date of transaction
                            to comply with accounting and legal obligations (tax, audit requirements)
Customer Personal Data: Retained for as long as the App is installed and active, or until you request deletion
Product and Inventory Data: Retained for as long as the App is installed and active
Subscription and Billing Records: Retained for up to 7 years for accounting and legal compliance
Logs and Audit Data: Retained for up to 1 year for security and troubleshooting purposes
Enterprise Request Information: Retained for up to 2 years for customer support purposes

                

5.3 Data Deletion Upon App Uninstallation

Automatic Data Deletion:

When you uninstall the App, we automatically delete all merchant data through our uninstall webhook handler (as required by Shopify's GDPR compliance requirements). All data is permanently deleted within 30 days of app uninstallation, except where retention is required by law (e.g., accounting records which may be retained for up to 7 years as specified above).

This deletion process is triggered automatically via Shopify's mandatory GDPR webhooks and includes:

All shop configuration data
All order and product synchronization data
All customer information stored by the App
All subscription and usage tracking data
All API credentials and access tokens

6. Your Rights and Choices

You have the following rights regarding your personal information:

Access: You can request access to the personal information we hold about you
Correction: You can request correction of inaccurate or incomplete information
Deletion: You can request deletion of your data by uninstalling the App
Data Portability: You can request a copy of your data in a portable format
Objection: You can object to certain processing of your data

To exercise these rights, please contact us using the contact information provided below.

7. Cookies and Tracking Technologies

The App uses session tokens and authentication mechanisms provided by Shopify to maintain your login session. These are standard security practices for Shopify apps and do not involve traditional cookies or tracking technologies.

8. Children's Privacy

Our App is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

10. International Data Transfers and Safeguards

Your information may be transferred to and stored in servers located outside the European Economic Area (EEA). We ensure that appropriate safeguards are in place to protect your data in accordance with GDPR Chapter V:

                    Standard Contractual Clauses (SCCs): We use European Commission-approved Standard Contractual Clauses
                            with all sub-processors located outside the EEA to ensure adequate protection of your data
Encryption: All data transfers are encrypted in transit using TLS/SSL protocols
Data Location Controls: Where possible, we prioritize data storage within the EU/EEA
Shopify Infrastructure: Shopify's global infrastructure includes regional data centers and complies
                            with applicable data protection laws, including GDPR
Sub-Processor Agreements: All sub-processors are contractually bound to maintain appropriate
                            security measures and comply with applicable data protection laws

                

By using the App, you acknowledge that data may be transferred to countries outside the EEA, and you consent to such transfers subject to the safeguards described above.