Support local communities in the UK
Convenience with a local conscience
Everything locally, nationally

ShopAppy GDPR Privacy Policy.

Privacy Notice (Vendors and Partners)

This policy relates to the privacy of your personal data at ShopAppy.

About ShopAppy.

Shopappy™ and ShopLocalOnline.org is an eCommerce site that enables local businesses to sell their products online to customers within any town in which they are located and to enable customers to click and collect the products they have purchased. With the Shopappy™ websites (including ShopLocalOnline.org you can:

  • Browse products that are at shops where you live or are visiting in the town you select
  • Purchase the products or save your shopping lists
  • Find out more about the products, shops or services around you and select ones that you like
  • Review products

We are the Data Controller.

As we set the rules and reasons for collecting personal data from you, we are classed as the Controller of your personal data. This means that we determine what happens to your data and it is our responsibility to ensure that your data is controlled effectively and is protected at all times. Should you have any questions about the processing of your personal data you can contact us directly by emailing [email protected]

Why we need your personal data and what we need to do with it.

Your personal data will be managed in accordance with the new Data Protection Regulation – (GDPR) under the following principles:

1. Lawfulness, Fairness and Transparency:

We will process your data in order to provide this website to you and to help us answer any questions that you pose. We will also use your personal data in connection with the performance of any contract entered into with ShopAppy.

2. Purpose Limitation:

Your data will only be collected for specified, explicit, contractual as well as legitimate purposes, and will be collected for:

  • Registering to the Shopappy™ website
  • Purchase histories
  • Advertisement of your business and products to the ShopAppy network
  • Local, business news
  • Updates on any promotional offers you may benefit from

If we have collected your information to fulfil a legal contract we will use it to communicate with you about transactional information and customer queries.

If we have collected your information for a specific purpose, we will not use it for anything else unless you have been informed and, where relevant, your permission obtained

3. Data Minimisation:

We will not ask for more information than we need for the purposes for which we are collecting it

4. Data Accuracy:

We will update our records when you inform us that your details have changed

5. Storage Limitation: We will only retain your personal data for the length of time needed to complete the initial request.

6. Integrity and Confidentiality:

  • We have implemented appropriate technical and operational measures to protect the integrity and confidentiality of your personal data.
  • Where consent has been obtained to process your data, you have the right to be forgotten and your personal data to be erased without undue delay. Where we require to hold your data (for contractual reasons), your data will be removed once the term of the contract has expired.

Policies and processes we have to protect your rights as the ‘Data Subject’

Under the GDPR you have a number of ‘rights’ which you can exercise at any time. Should you wish to do so, please contact the person named at the end of this Notice. These rights might include:

  • the right to access all of the data we process on you. This will be supplied to you within 1 month from the request being received.
  • the right for any inaccurate data we hold on you to be corrected. We will make your amendments without undue delay
  • where the contract has ended but consent has been obtained to process your data, you may have the right to be forgotten and your personal data erased without undue delay
  • the right to object/withdraw your consent
  • the right to restrict us from processing your personal data which can be reversed through consent from you the ‘data subject’
  • the right to have your personal data to be ported from ShopAppy to another controller
  • the right to object to automated decision making, whereby we may use your data for profiling purposes to make a decision.

Where we cannot comply with one of these rights, or we need additional time to comply, we will provide you with a full explanation within the timescales required by the Regulation.

Transferring personal data

Due to the nature of the business, we work with a variety of GDPR compliant businesses who act as our processors which store and process your personal data on our instructions.

Below is a list of our main categories of processors:

  • Website development and hosting companies
  • App development companies
  • Customer Relationship Management platforms
  • Email platforms
  • ShopAppy website registrations
  • Business partners
  • Sub-contractors
  • Delivery companies
  • Information Technology platforms
  • Secure servers
  • Secure payment platforms
  • Credit Reference Agencies
  • Search information providers

International Transfers

We only send your data outside the EEA where we have in place a legal agreement which complies with the Legislation and where you have given your express consent. In order to fulfil our contractual agreement with you, we use an invoicing platform called Xero to process all of our invoices and to ensure an improved experience for our customers we use services called MailChimp, Drip and Hubspot. MailChimp, Drip, Hubspot and Xero's servers are all based in the US which means the personal data of our vendors is transferred and stored within the US. The data ShopAppy exclusively handles never leaves the UK, and where our partners handle information, we have audited them to ensure their data protection policies are comprehensive and up to date. You can find out more information about how they safeguard your personal data by visiting their data security links: https://legal.hubspot.com/privacy-policyhttps://www.xero.com/uk/about/terms/privacy/, https://www.drip.com/privacy and https://mailchimp.com/legal/privacy/.The majority of our processors are UK based and GDPR audits have been conducted to make sure that they have routine processes in place to remain compliant.

Howe

Talking to us about your rights or this Notice

Should you wish to speak to us about the way we process your data, or wish to exercise your rights as listed above, please contact ShopAppy’s Data Protection Lead, Jackie Mulligan, [email protected]

However if you wish to direct your questions to the ICO, you can find their details at www.ICO.org.co.uk .