1.1 Account Information: Data detailing the access and features used within an Afosto account, inclusive of information about your store.
1.2 Browser Information: Information sent by the browser such as IP address, visited websites, network connection, device specs, and other elements, including cookies.
1.3 Contact Information: Basic personal and commercial identifiers like name, company, email, address, phone, and potentially social media accounts.
1.4 Device Information: Data related to the device you use to access Afosto services, like device ID, model, OS version, and region.
1.5 Payment Information: Credit card or other financial details.
1.6 Security Information: User IDs, passwords, security questions, and other authentication data.
1.7 Transaction Information: Data on transactions occurring on Afosto, including product, order, shipping, contact, and payment information.
1.8 Usage Information: Data collected when you use Afosto services, including functionalities, pages visited, and interaction metrics.
1.9 Automated Decision Making: Decisions made solely via automation, sans human input.
1.10 Controller: Entity deciding how Personal Data gets processed.
1.11 Processor: Entity conducting the actual processing of Personal Data.
1.12 Sensitive Personal Data: Data revealing details like race, political stance, religious beliefs, union membership, and other personal identifiers.
1.13 Shopper: Individual or entity engaging with an ecommerce store on Afosto.
2.1 Merchant Policies
As a merchant using Afosto, it's your responsibility to clarify how both Afosto and other involved third parties handle personal data of your customers. Specifically, you must:
- 2.1.2 Adhere to applicable laws regarding personal data, and when mandated by such laws, inform and obtain explicit consent from customers for the processing of their personal data by Afosto and other third parties.
- 2.1.3 If you're gathering any Sensitive Personal Data, acquire informed and explicit consent. Provide an option for customers to withdraw this consent at any given time.
2.2 Information Collected
When you, as a merchant, interact with our website—be it registering for a trial, subscription, or engaging in transactions—Afosto collects data such as Account Information, Browser Information, and Payment Information, among others.
2.3 Information Usage
The collected information is used to offer our services, confirm identities, provide support, and comply with legal requirements. We may also disclose specific data to third parties that either refer merchants to us or are contracted by a merchant.
3.1 Information Collected
When you sign up as a partner or refer a merchant to us, we collect various types of data like Account Information, Contact Information, and Security Information.
3.2 Information Usage
This information enables us to offer services, confirm identities, render support, and adhere to legal regulations.
4.1 Information Collected
When you navigate through our website or communicate with us either online or offline, we may gather applicable data such as Browser Information, Support Information, and Contact Information.
4.2 Information Usage
This information helps us offer our services, as well as improve and tailor both our communications and user interactions. It's also used for providing support when necessary. Additional usage is as consented by you.
5.1 Information Collected
When shoppers engage with a merchant's ecommerce setup via the Afosto platform, we may collect Browser and Transaction Information on behalf of the merchant.
5.2 Information Usage
We process this data to provide services to merchants, facilitate and process orders, and manage risk and fraud. While merchants control this information, any queries from shoppers regarding its usage should be directed to the merchant. Some data may also be used to refine and personalize our services.
6. Legal Basis for Processing (EEA Residents)
6.1 Lawful Basis
We typically collect Personal Data under the following conditions:
- (i) necessity for contract performance,
- (ii) processing is within our legitimate interests and not overridden by your rights, or
- (iii) we have obtained your explicit consent.
Should we require your Personal Data due to legal or contractual obligations, we'll specify this and inform you about the necessity and potential repercussions of not providing the data.
6.3 Legitimate Interest
If we process your data based on legitimate interests, those will be clarified to you. Examples include responding to inquiries, improving our platform, or detecting/preventing illegal activities.
For any questions or additional information regarding the legal basis for data collection, you can contact us using the provided contact details.
We may reach out to existing and potential Merchants, Partners, and visitors through various channels like email and LinkedIn for promotional activities. You can opt-out at any time.
Certain mandatory communications such as account notifications are sent to active users. Opting out from these is not an option if you maintain an active storefront.
8. Information Sharing
We collaborate with third parties and service providers to deliver our services. Sometimes it’s essential to share Merchant, Partner, or Shopper data with these entities. This is either consent-based or under specific circumstances.
Data may be disclosed to adhere to laws or respond to lawful requests from law enforcement agencies.
Data may be shared to safeguard Merchants, Partners, Shoppers, or visitors and maintain our service's security.
We share data within our corporate affiliates and subsidiaries for purposes aligned with this policy.
8.5 Service Providers
We use third-party providers for specific services, and data may be shared with them.
8.6 SDKs and APIs
We integrate third-party libraries for enhancing user experience and monitoring application performance.
8.7 Payment Processing
Payment data is shared with financial entities for transaction processing and fraud prevention.
With Merchant consent, we share necessary data with app partners.
8.9 Mergers and Sales
Data may be disclosed as part of corporate transactions like mergers or asset sales.
9. Automated Decision-Making
We use Automated Decision-Making to screen for risk and fraud. You can object to this profiling or dispute decisions by contacting us. Applicable laws govern review and rectification procedures.
Cookies and tracking technologies are used for recognizing users, remembering preferences, and personalizing experiences.
Both session-based and persistent cookies are utilized. Session cookies expire when you close the browser; persistent cookies stay until manually removed.
- Essential: Necessary for website functionality.
- Functional: Enable advanced features like videos and live chat.
- Analytics: Collect statistical data to improve the site.
- Targeting and Advertising: Used for personalized content.
Cookies can be disabled through device or browser settings, affecting site usability.
For more on managing cookies, visit:
11. Third-Party App Stores
12. Safeguarding and Retaining Your Data
12.1 Data Security Measures
Afosto implements various administrative, technical, and physical safeguards to reasonably protect your Personal Data from unauthorized access, unintended disclosure, alteration, or misuse. This includes measures like access controls, encryption technologies, and firewalls.
12.2 Your Role
While we focus on the security of our platforms, it's your responsibility to keep your password and account details confidential. Afosto is not liable for the security of information shared with third parties through authorized account connections.
12.3 Data Retention
We retain your Personal Data for as long as it serves the purpose for which it was collected, including for service provision, communications, billing, and legal compliance. We may also hold information for additional purposes where you have explicitly consented or where there is a legitimate business interest.
13. Global Data Transfers and Safeguards
13.1 International Transfers
Afosto offers services globally, which may require the transfer of Personal Data beyond the borders of the country where initially collected. These transfers might go to countries with different, possibly less stringent, privacy laws. To mitigate risks, we apply lawful data transfer mechanisms, and require third parties to offer comparable data protection.
13.2 Legal Frameworks for Transfer
For data transfers outside of the EU/EEA, we rely on Standard Contractual Clauses, as authorized by the EU Commission's Implementing Decision (EU) 2021/914 of 4 June 2021, as a safeguard for adequate data protection.
13.3 Remedial Actions
If we discover that Personal Data is inadequately protected or processed beyond your consent, we will implement corrective measures to ensure data security.
14. Compliance with Data Privacy Frameworks
14.1 Regulatory Compliance
Afosto adheres to the EU-U.S. and Swiss-U.S. Data Privacy Frameworks as outlined by the U.S. Department of Commerce for data transfers from the European Union, United Kingdom, and Switzerland to the United States.
14.2 Legal and Regulatory Obligations
In accordance with these frameworks, Afosto may disclose Personal Data in compliance with legal requirements, including national security or law enforcement demands.
14.3 Internal Monitoring and Accountability
14.4 Additional Contact Information
For more information on initiating a Data Privacy Framework complaint for third-party dispute resolution, refer to Section 16. Unresolved complaints may, under specific conditions, lead to binding arbitration before a Data Privacy Framework panel.
15. Rights of Data Subjects
15.1 General Overview
In compliance with relevant regulations, you have several rights concerning your Personal Data. Afosto respects your privacy and provides you with options to access, amend, delete, transfer, or limit the use of your Personal Data. Where we collect data with your explicit consent, you have the option to withdraw this consent without affecting any prior lawful processing. If you believe your rights have been violated, you may lodge a complaint with a regulatory body, subject to applicable laws.
15.2 Merchants, Partners, and Visitors
If you're a Merchant or Partner, you can manage most of your Personal Data directly within your account. For Visitors or others who cannot modify their Personal Data in their account, please reach out to us for assistance.
Afosto acts as a Processor for Merchants. If you're a Shopper, please contact the Merchant for any queries about your Personal Data since they act as the Controller. If needed, we can relay your deletion or access requests to the Merchants.
15.4 Specific Laws
Multiple jurisdictions have specific privacy laws providing residents with rights that are congruent with our data protection principles. Such laws include, but aren't limited to, GDPR, LGPD, CCPA, and others. Depending on jurisdiction, these laws may grant you rights to:
- Access your information
- Rectify inaccuracies
- Delete your data
- Opt-out of data selling or sharing for advertising
- Control sensitive data usage
- Receive data practice notifications
- Limit certain processing types
- Not to be discriminated against for exercising privacy rights
15.5 How to Exercise Your Rights
To exercise these rights, follow the relevant provisions or submit a deletion request.
For the protection of your Personal Data, we employ appropriate verification techniques. If using an authorized agent, written permission may be required.
16. Contact Information, Enforcement, and Dispute Resolution
16.1 Contact Information
- Email: [email protected]
- Mailing Address:
Afosto SaaS B.V.
Kieler Bocht 15 C
9723 JA Groningen
16.2 Enforcement and Recourse
If Afosto does not respond adequately or fails to address your concerns, you may have the right to lodge complaints with relevant regulatory authorities, including but not limited to the Dutch Data Protection Authority in the Netherlands or your local supervisory authority within the EEA.
16.3 Data Privacy Framework Dispute Resolution
Afosto abides by data privacy frameworks and commits to refer unresolved complaints concerning our handling of personal data to [Your Chosen Dispute Resolution Body], an alternative dispute resolution provider. If you don't receive a timely acknowledgment or satisfactory resolution to your data-related complaint, please visit [Your Chosen Dispute Resolution Body Website] for more information or to file a complaint. These services are provided at no cost to you.
17. Policy Regarding Minors
17.1 Children and Age Restrictions
Generally, Afosto's services and website are not designed for minors or those who have not reached the age of legal majority under applicable law. We do not intentionally gather Personal Data from minors as outlined by the U.S. Children's Online Privacy Protection Act (COPPA) or similar regulations.
17.2 Parental Concerns
If you are a parent or guardian and suspect that we have collected information from your child unlawfully, please initiate a data subject request under Section 15 or contact us at support at afosto.com. We will take steps to delete the data as mandated by relevant laws.
18. Policy Updates
18.1 Periodic Revisions
18.2 Notification and Consent