Privacy policy

Afosto aims to clarify how we gather, utilize, safeguard, and disseminate your personal data. This Privacy Policy serves as a guide for understanding your privacy options when you browse our website, utilize our mobile application, or access our services. It is not applicable to third-party websites or services over which Afosto has no control, including those belonging to other Afosto users.

This Privacy Policy is an integral component of the Afosto Terms of Service. Any capitalized terms used herein are defined either in this Definitions section or within our Terms of Service. Be advised that our services may differ depending on the geographical region.

We urge you to read this Privacy Policy attentively and acquaint yourself with our practices. For any queries concerning this Privacy Policy or our privacy procedures, feel free to reach out to us at support@afosto.com

1. Definitions

1.1 Account Information: Data detailing the access and features used within an Afosto account, inclusive of information about your store.
1.2 Browser Information: Information sent by the browser such as IP address, visited websites, network connection, device specs, and other elements, including cookies.
1.3 Contact Information: Basic personal and commercial identifiers like name, company, email, address, phone, and potentially social media accounts.
1.4 Device Information: Data related to the device you use to access Afosto services, like device ID, model, OS version, and region.
1.5 Payment Information: Credit card or other financial details.
1.6 Security Information: User IDs, passwords, security questions, and other authentication data.
1.7 Transaction Information: Data on transactions occurring on Afosto, including product, order, shipping, contact, and payment information.
1.8 Usage Information: Data collected when you use Afosto services, including functionalities, pages visited, and interaction metrics.
1.9 Automated Decision Making: Decisions made solely via automation, sans human input.
1.10 Controller: Entity deciding how Personal Data gets processed.
1.11 Processor: Entity conducting the actual processing of Personal Data.
1.12 Sensitive Personal Data: Data revealing details like race, political stance, religious beliefs, union membership, and other personal identifiers.
1.13 Shopper: Individual or entity engaging with an ecommerce store on Afosto.

2. Merchants

2.1 Merchant Policies

As a merchant using Afosto, it's your responsibility to clarify how both Afosto and other involved third parties handle personal data of your customers. Specifically, you must:

• 2.1.1 Publish a comprehensive privacy policy on your storefront that aligns with all relevant laws and regulations.
• 2.1.2 Adhere to applicable laws regarding personal data, and when mandated by such laws, inform and obtain explicit consent from customers for the processing of their personal data by Afosto and other third parties.
• 2.1.3 If you're gathering any Sensitive Personal Data, acquire informed and explicit consent. Provide an option for customers to withdraw this consent at any given time.

2.2 Information Collected

When you, as a merchant, interact with our website—be it registering for a trial, subscription, or engaging in transactions—Afosto collects data such as Account Information, Browser Information, and Payment Information, among others.

2.3 Information Usage

The collected information is used to offer our services, confirm identities, provide support, and comply with legal requirements. We may also disclose specific data to third parties that either refer merchants to us or are contracted by a merchant.

3. Partners

3.1 Information Collected

When you sign up as a partner or refer a merchant to us, we collect various types of data like Account Information, Contact Information, and Security Information.

3.2 Information Usage

This information enables us to offer services, confirm identities, render support, and adhere to legal regulations.

4. Visitors

4.1 Information Collected

When you navigate through our website or communicate with us either online or offline, we may gather applicable data such as Browser Information, Support Information, and Contact Information.

4.2 Information Usage

This information helps us offer our services, as well as improve and tailor both our communications and user interactions. It's also used for providing support when necessary. Additional usage is as consented by you.

5. Shoppers

5.1 Information Collected

When shoppers engage with a merchant's ecommerce setup via the Afosto platform, we may collect Browser and Transaction Information on behalf of the merchant.

5.2 Information Usage

We process this data to provide services to merchants, facilitate and process orders, and manage risk and fraud. While merchants control this information, any queries from shoppers regarding its usage should be directed to the merchant. Some data may also be used to refine and personalize our services.

6. Legal Basis for Processing (EEA Residents)

6.1 Lawful Basis

We typically collect Personal Data under the following conditions:

• (i) necessity for contract performance,
• (ii) processing is within our legitimate interests and not overridden by your rights, or
• (iii) we have obtained your explicit consent.

6.2 Notice

Should we require your Personal Data due to legal or contractual obligations, we'll specify this and inform you about the necessity and potential repercussions of not providing the data.

6.3 Legitimate Interest

If we process your data based on legitimate interests, those will be clarified to you. Examples include responding to inquiries, improving our platform, or detecting/preventing illegal activities.

6.4 Questions

For any questions or additional information regarding the legal basis for data collection, you can contact us using the provided contact details.

7. Communications

7.1 Promotional

We may reach out to existing and potential Merchants, Partners, and visitors through various channels like email and LinkedIn for promotional activities. You can opt-out at any time.

7.2 Account

Certain mandatory communications such as account notifications are sent to active users. Opting out from these is not an option if you maintain an active storefront.

8. Information Sharing

8.1 General

We collaborate with third parties and service providers to deliver our services. Sometimes it’s essential to share Merchant, Partner, or Shopper data with these entities. This is either consent-based or under specific circumstances.

8.2 Compliance

Data may be disclosed to adhere to laws or respond to lawful requests from law enforcement agencies.

8.3 Protection

Data may be shared to safeguard Merchants, Partners, Shoppers, or visitors and maintain our service's security.

8.4 Affiliates

We share data within our corporate affiliates and subsidiaries for purposes aligned with this policy.

8.5 Service Providers

We use third-party providers for specific services, and data may be shared with them.

8.6 SDKs and APIs

We integrate third-party libraries for enhancing user experience and monitoring application performance.

8.7 Payment Processing

Payment data is shared with financial entities for transaction processing and fraud prevention.

8.8 Apps

With Merchant consent, we share necessary data with app partners.

8.9 Mergers and Sales

Data may be disclosed as part of corporate transactions like mergers or asset sales.

9. Automated Decision-Making

We use Automated Decision-Making to screen for risk and fraud. You can object to this profiling or dispute decisions by contacting us. Applicable laws govern review and rectification procedures.

10. Cookies

10.1 Usage

Cookies and tracking technologies are used for recognizing users, remembering preferences, and personalizing experiences.

10.2 Persistence

Both session-based and persistent cookies are utilized. Session cookies expire when you close the browser; persistent cookies stay until manually removed.

10.3 Types

• Essential: Necessary for website functionality.
• Functional: Enable advanced features like videos and live chat.
• Analytics: Collect statistical data to improve the site.
• Targeting and Advertising: Used for personalized content.

10.4 Control

Cookies can be disabled through device or browser settings, affecting site usability.

10.5 Resources

For more on managing cookies, visit:

• Google Chrome
• Apple Safari
• Mozilla Firefox
• Microsoft Internet Explorer
• All About Cookies
• About Cookies

11. Third-Party App Stores
If you use external app marketplaces like the Apple App Store or Google Play to download our services, these platforms may collect and share certain data with us. For more information, consult the Privacy Policy of the respective application stores.

12. Safeguarding and Retaining Your Data
12.1 Data Security Measures
Afosto implements various administrative, technical, and physical safeguards to reasonably protect your Personal Data from unauthorized access, unintended disclosure, alteration, or misuse. This includes measures like access controls, encryption technologies, and firewalls.

12.2 Your Role
While we focus on the security of our platforms, it's your responsibility to keep your password and account details confidential. Afosto is not liable for the security of information shared with third parties through authorized account connections.

12.3 Data Retention
We retain your Personal Data for as long as it serves the purpose for which it was collected, including for service provision, communications, billing, and legal compliance. We may also hold information for additional purposes where you have explicitly consented or where there is a legitimate business interest.

13. Global Data Transfers and Safeguards
13.1 International Transfers
Afosto offers services globally, which may require the transfer of Personal Data beyond the borders of the country where initially collected. These transfers might go to countries with different, possibly less stringent, privacy laws. To mitigate risks, we apply lawful data transfer mechanisms, and require third parties to offer comparable data protection.

13.2 Legal Frameworks for Transfer
For data transfers outside of the EU/EEA, we rely on Standard Contractual Clauses, as authorized by the EU Commission's Implementing Decision (EU) 2021/914 of 4 June 2021, as a safeguard for adequate data protection.

13.3 Remedial Actions
If we discover that Personal Data is inadequately protected or processed beyond your consent, we will implement corrective measures to ensure data security.

14. Compliance with Data Privacy Frameworks
14.1 Regulatory Compliance
Afosto adheres to the EU-U.S. and Swiss-U.S. Data Privacy Frameworks as outlined by the U.S. Department of Commerce for data transfers from the European Union, United Kingdom, and Switzerland to the United States.

14.2 Legal and Regulatory Obligations
In accordance with these frameworks, Afosto may disclose Personal Data in compliance with legal requirements, including national security or law enforcement demands.

14.3 Internal Monitoring and Accountability
We regularly review this Privacy Policy and our compliance with Data Privacy Frameworks, and will rectify any issues that are identified. All Afosto employees with access to Personal Data must adhere to this policy, with non-compliance resulting in disciplinary action.

14.4 Additional Contact Information
For more information on initiating a Data Privacy Framework complaint for third-party dispute resolution, refer to Section 16. Unresolved complaints may, under specific conditions, lead to binding arbitration before a Data Privacy Framework panel.

15. Rights of Data Subjects

15.1 General Overview

In compliance with relevant regulations, you have several rights concerning your Personal Data. Afosto respects your privacy and provides you with options to access, amend, delete, transfer, or limit the use of your Personal Data. Where we collect data with your explicit consent, you have the option to withdraw this consent without affecting any prior lawful processing. If you believe your rights have been violated, you may lodge a complaint with a regulatory body, subject to applicable laws.

15.2 Merchants, Partners, and Visitors

If you're a Merchant or Partner, you can manage most of your Personal Data directly within your account. For Visitors or others who cannot modify their Personal Data in their account, please reach out to us for assistance.

15.3 Shoppers

Afosto acts as a Processor for Merchants. If you're a Shopper, please contact the Merchant for any queries about your Personal Data since they act as the Controller. If needed, we can relay your deletion or access requests to the Merchants.

15.4 Specific Laws

Multiple jurisdictions have specific privacy laws providing residents with rights that are congruent with our data protection principles. Such laws include, but aren't limited to, GDPR, LGPD, CCPA, and others. Depending on jurisdiction, these laws may grant you rights to:

• Access your information
• Rectify inaccuracies
• Delete your data
• Opt-out of data selling or sharing for advertising
• Control sensitive data usage
• Receive data practice notifications
• Limit certain processing types
• Not to be discriminated against for exercising privacy rights

15.5 How to Exercise Your Rights

To exercise these rights, follow the relevant provisions or submit a deletion request.

15.6 Authentication

For the protection of your Personal Data, we employ appropriate verification techniques. If using an authorized agent, written permission may be required.

16. Contact Information, Enforcement, and Dispute Resolution

16.1 Contact Information

Afosto is committed to resolving complaints about our collection or use of your Personal Data, in line with applicable laws. For inquiries or complaints related to our Privacy Policy or practices, contact Afosto at:

• Email: support@afosto.com
• Mailing Address:
  Afosto SaaS B.V.
  Kieler Bocht 15 C
  9723 JA Groningen

16.2 Enforcement and Recourse

If Afosto does not respond adequately or fails to address your concerns, you may have the right to lodge complaints with relevant regulatory authorities, including but not limited to the Dutch Data Protection Authority in the Netherlands or your local supervisory authority within the EEA.

16.3 Data Privacy Framework Dispute Resolution

Afosto abides by data privacy frameworks and commits to refer unresolved complaints concerning our handling of personal data to [Your Chosen Dispute Resolution Body], an alternative dispute resolution provider. If you don't receive a timely acknowledgment or satisfactory resolution to your data-related complaint, please visit [Your Chosen Dispute Resolution Body Website] for more information or to file a complaint. These services are provided at no cost to you.

17. Policy Regarding Minors

17.1 Children and Age Restrictions

Generally, Afosto's services and website are not designed for minors or those who have not reached the age of legal majority under applicable law. We do not intentionally gather Personal Data from minors as outlined by the U.S. Children's Online Privacy Protection Act (COPPA) or similar regulations.

17.2 Parental Concerns

If you are a parent or guardian and suspect that we have collected information from your child unlawfully, please initiate a data subject request under Section 15 or contact us at support at afosto.com. We will take steps to delete the data as mandated by relevant laws.

18. Policy Updates

18.1 Periodic Revisions

Afosto may periodically revise this Privacy Policy to reflect legal, technical, or business changes.

18.2 Notification and Consent

Whenever we make substantial changes to our Privacy Policy, we will take suitable steps to notify you. For significant modifications, we will seek your consent if this is mandated by applicable data protection laws. The "Date of Last Revision" at the top of this Privacy Policy will indicate the most recent update.