Date of Last Revision: November 30, 2020
Ecwid, Inc. (“Ecwid”) with its principal place of business at 687 South Coast Highway 101, Suite 239, Encinitas, California 92024 USA knows that you care how information about you is used and shared, and we appreciate your trust that we will do so carefully and sensibly.
Account Information means data about how and when an Ecwid account is created, accessed and used, including Store Information.
Automated Decision Making means a decision made solely by automated means without human involvement.
Browser Information means browser provided information, including the IP address, the website visited, network connection, device information, and other data, including Cookies.
Contact Information means basic personal and business information, such as first and last name, company name, postal address, phone number, email address and social media account information.
Controller means an entity that determines the purposes and means of the Processing of Personal Data.
Cookie a small file which resides on a computer hard drive containing an anonymous unique identifier accessible by the website that placed it there.
Device Information means information about a device, such as device ID number, model, and manufacturer, version of your operating system and geographical region, collected from device accessing the Services.
Merchant means a person or entity which uses or has used the Services.
Partner means a separate entity which participates in our channel partner or reseller program or other
Payment Information means and includes credit card, automated clearing house (ACH) or other payment information.
Personal Data or Personal Information means information that (i) relates to an identified or identifiable natural person, or (ii) identifies, relates to, or could reasonably be linked with you or your household.
Processing means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, including, but not limited to, collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Processor means the entity which processes Personal Data on behalf of the Controller.
Security Information means user ID, password and password hints, and other security information used for authentication and account access
Services means Ecwid’s websites, services, apps, or other user interfaces
Store Information means information about a store, its products, and its architecture.
Support Information includes information about your hardware and software, authentication data, chat session contents, error reports, performance data, and other communication or technical information and may, with express permission, include remote access to facilitate troubleshooting.
Transaction Information means the data related to transactions that occur on the Services, including product, order, shipping information, Contact Information, and Payment Information.
Usage Information means information collected when you interact with the Services, including functionalities accessed, pages visited, and other interaction data.
User means an entity or person that interacts with a Merchant through the Services.
2. Information We Collect and Duration.
2.1 Information Collected from Merchants. When a Merchant interacts or uses the Services, we collect and control information such as Account Information, Browser Information, Contact Information, Device Information, Payment Information, Support Information, Device Information, Security Information, Transaction Information, Usage Information and set a Cookie.
2.2 Information Collected from Users. When Users interact with a Merchant’s ecommerce offering through the Services, we collect and process Browser Information and Transaction Information of the User on behalf of the Merchant.
2.3 Information Collected from Partners. When a Partner signs up for a partner account or refers a Merchant to us, we collect and control information such as Account information, Browser Information, Contact Information, Payment Information, Support Information, and Usage Information.
2.4 Information Collected from Visitors. When visitors browse our website or use the Services, or engage in communications with us online or offline, we collect and control, as applicable, Browser Information, Support Information, Contact Information, and Usage Information submitted or communicated to us.
2.5 Duration. We will delete your personal data when it is no longer necessary or relevant for the fulfillment of the purpose for which it was collected, or when you revoke a given consent, if the processing has been based on such consent, or in case you exercise your rights to oppose the processing or to delete your data; notwithstanding that a longer retention period may be established to pursue our legitimate business interests, comply with our legal obligations, resolve disputes and enforce applicable agreements.
3. How We Use Your Information.
3.1 Use of Merchant Information. We use this information as a Controller to provide Merchants with the Services, confirm identities, provide support such as debugging, troubleshooting, automated decision making such as the detection of fraudulent account creation when signing up for the Services, for advertising and marketing, invoicing, to resolve incidents related to the use of the Services, to improve and personalize the Services, such as push notifications regarding your store activities, and to comply with legal requirements. We may disclose certain information, including Account Information, Contact Information, Support Information and Transaction Information, to Partners subject to confidentiality obligations that refer Merchants to us or are engaged by a Merchant to provide services, apps or products relating to the Merchant’s store(s) or use of the Services, or to confirm identities and improve and personalize our interactions and services. We may use this information in other cases where the Merchant has given express consent or when we are legally obliged to do so.
3.2 Use of User Information. We use this information as a Processor to provide the Services to Merchants, support and process orders, and to comply with legal requirements like managing risk and fraud. The Merchant is the Controller of this information and Users who have questions about our use of this information should contact the Merchant. We may also use certain information as a Controller to improve and personalize the Services when we have the legal basis to do so and to comply with a legal requirement like manage risk and fraud.
3.3 Use of Partner Information. We use this information as a Controller to provide Partners with the Services, confirm identities, provide support, for advertising and marketing, invoicing, to resolve incidents related to the use of the Services, to improve and personalize the Services, and to comply with legal requirements. We may use this information in other cases where the Partner has given express consent.
3.4 Use of Visitor Information. We use this information as a Controller to provide the Services, and improve and personalize communications, interactions with the Services, to provide support, if needed, and to comply with legal requirements. We may use this information in other cases where the visitor has given express consent.
3.5 Promotional. We may send promotional communications to existing Merchants and Partners and to prospective customers who give consent by email, phone, and other channels. For example, we may notify a Merchant when a subscription is ending. You can
4. How We Share Your Information.
4.1 Information Sharing. The Services are possible because of a variety of third parties and service providers. Sometimes it is necessary to share Merchant, Partner, User or visitor Personal Data with them to support the Services. We may access, transfer, disclose, and/or retain that Personal Data with consent or in the following circumstances.
4.2 Compliance. If we have a good faith belief that doing so is necessary to comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies.
4.3 Protection. If we have a good faith belief that doing so is necessary to: (i) protect Merchants, Partners, Users, or visitors; for example, to prevent spam or attempts to defraud us or users of the Services, or in response to threats of safety of any person; (ii) protect the rights or property of Ecwid, including enforcing the terms governing the use of the Services; or (iii) operate and maintain the security of the Services, including to prevent or stop an attack on our computer systems or networks.
4.4 Affiliates. We share Personal Data among
4.5 Service Providers. Ecwid may use from time to time a limited number of
4.6 Payment Processing. We share payment data with banks and other entities that process payment transactions or provide other financial services, and for fraud prevention and credit risk reduction.
4.7 Apps. Upon receiving a Merchant’s consent to install an application, we will share the Merchant’s Contact Information and other information requested by the app with the app Partner.
4.8 Merger; Sale. We may also disclose Personal Data as part of a sale of assets or if we merge with or are acquired by another company.
5.1 Usage. Ecwid and its
5.2 Persistence. We use both
5.3 Types of Cookies include: essential cookies which are necessary for our website to work as intended; functional cookies which enable enhanced functionality, like videos and live chat, without these cookies, certain functions may become unavailable; analytic cookies which provide statistical information on site usage which allow us to improve our website over time; targeting and advertising cookies which are used to create profiles or personalize content to enhance your experience.
5.4 Control. It is possible to disable cookies through your device or browser settings, but doing so may affect your ability to use our website. For instance, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit our website. The method for disabling cookies may vary by device and browser, but can usually be found in preferences or security settings.
5.5 Other Resources. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit allaboutcookies.org, or aboutcookies.org.
6. Information Protection.
6.1. We maintain administrative, technical, and physical security measures designed to provide reasonable protection for Personal Data against unauthorized access, disclosure, alteration, loss, and misuse. The ways we do this include (i) using Secure Sockets Layer (SSL) software, which encrypts information you input during transmission; (ii) following Payment Card Industry Data Security Standard (PCI DSS) when handling credit card data; (iii) maintaining physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of Personal Data. Unfortunately, no method of Internet use, data transmission, or electronic storage is completely secure, so we cannot guarantee the absolute security of Personal Data.
6.2 While we are dedicated to securing the Services, you are responsible for securing and maintaining the privacy of your passwords and account information. We are not responsible for protecting Personal Data shared with a
7. Accountability and Safeguards for Onward Transfer.
7.2 Remedial Measures. If we learn Personal Data is not protected according to our contract, or is being processed beyond your consent, we will take reasonable steps to protect your information and/or cease its illegitimate processing.
7.3 Privacy Shield. We provide services around the world. To provide the Services, it may be necessary to transmit Personal Data outside of the country, state, or province where the data was received. While the
7.4 Standard Contractual Clauses. For
8. Legal Basis for Processing (EU visitors only).
8.1 Lawful Basis. We collect Personal Data from you only where (i) necessary for a specific purpose such as to perform a contract with you, (ii) the processing is in our legitimate interests and not overridden by your rights, or (iii) we have your consent. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
8.2 Notice. If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not, as well as of the possible consequences if you do not provide your personal information.
8.3 Legitimate Interest. If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are. For instance, we may rely on our legitimate interests when responding to your queries, improving and personalizing the Services or undertaking marketing (when we can do so in accordance to our legitimate interest) or for the purposes of detecting or preventing illegal activities (e.g. checking your identity, fraud prevention).
8.4 Questions. If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided below.
9. Your Choices.
9.1 Generally. You can exercise rights over your Personal Data against the Controller. We provide reasonable steps to allow you to access, rectify, erase, port, or restrict the use of your Personal Data. You have the right to object to the use of your Personal Data at any time, subject to applicable law. When collection is based on your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal by applicable law. If applicable by national law, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data relating infringes your rights.
9.2 Merchants, Partners, and Visitors. Merchants and Partners can update many types of collected Personal Data directly within their accounts. Please contact us if you are a visitor or otherwise unable to access or otherwise change your Personal Data within your account.
9.3 Users. We serve as a Processor for Merchants. Users may wish to contact Merchants directly regarding their Personal Data. We can forward User requests for access or deletion to Merchants, but we are unable to delete Merchant data. Requests for deletion of Personal Data may adversely affect our ability to serve you.
10. Contact Information; Enforcement; Recourse. If you would like to ask about, make a request relating to, or complain about how we process your Personal Data, you can contact as follows:
Ecwid, Inc.Attention: Privacy
687 S. Coast Highway 101, Suite 239Encinitas, California 92024 USA
11. Children/ U.S. Children’s Privacy. The Services are not directed to users below the age of 18 years, or equivalent minimum age in the relevant jurisdiction. If you are younger than 18, you cannot register with and use this websites or online services. Ecwid does not knowingly collect the Personal Data of children under the age of 13 in the U.S. and 16 in the EU. If you are a parent or guardian and believe Ecwid collected information about a child, please contact Ecwid as described in this Privacy Statement. Ecwid will take steps to delete the information as soon as possible.
12. California Consumer Privacy Act (CCPA)
12.1 Generally. The California Consumer Privacy Act (“CCPA”) requires us to provide California residents with some additional information about the categories of personal information we collect and share, where we get that personal information, and how and why we use it.
12.2 Categories of Information Collected. The CCPA requires us to provide a list of the categories of personal information we collect, as that term is defined in the law. In the last 12 months, we collected the following categories of personal information from California residents, depending on the Services used: (a) identifiers (like your name, contact information, and device and online identifiers); (b) commercial information (your billing information and purchase history, for example); (c) internet or other electronic network activity information (such as your usage of the Services;(d) geolocation data (such as your location based on your IP address); (e) financial information, such as Payment Information; and (f) other Personal Information, such as Support Information.
12.3 Your CCPA Rights. If you are a California resident, you have additional rights under the CCPA, subject to any exemptions provided by the law, including the right to: (a) request to know the categories of personal information we collect, the categories of business or commercial purpose for collecting and using it, the categories of sources from which the information came, the categories of third parties we share it with, and the specific pieces of information we collect about you; (b) request deletion of personal information we collect or maintain; (c) opt out of any sale of personal information; and (d) not receive discriminatory treatment for exercising your rights under the CCPA. If you wish to do any of the foregoing please contact Ecwid as provided above.
12.4 No Sales. We have not sold any personal information of consumers, as those terms are defined under the California Consumer Privacy Act.