Москва
Москва
Москва

Privacy Policy

How Chiezie handles your data


Introduction

In our mission to make commerce better for everyone, we collect and use information about you, our

  • merchants using Chiezie to power your business
  • customers who shop at a Chiezie-powered business
  • partners who develop apps for merchants to use, build stores on behalf of merchants, refer potential entrepreneurs to Chiezie, or otherwise help merchants operate or improve their Chiezie-powered business
  • visitors to Chiezie websites, or anyone contacting Chiezie support

This Privacy Policy will help you better understand how we collect, use, and share your personal information. If we change our privacy practices, we may update this privacy policy. If any changes are significant, we will let you know (for example, through the Chiezie admin or by email).

 

Our values

Trust is the foundation of the Chiezie platform and includes trusting us to do the right thing with your information. Three main values guide us as we develop our products and services. These values should help you better understand how we think about your information and privacy.

  • Your information belongs to you

We carefully analyze what types of information we need to provide our services, and we try to limit the information we collect to only what we really need. Where possible, we delete or anonymize this information when we no longer need it. When building and improving our products, our engineers work closely with our privacy and security teams to build with privacy in mind. In all of this work our guiding principle is that your information belongs to you, and we aim to only use your information to your benefit.

  • We protect your information from others

If a third party requests your personal information, we will refuse to share it unless you give us permission or we are legally required. When we are legally required to share your personal information, we will tell you in advance, unless we are legally forbidden.

  • We help merchants and partners meet their privacy obligations

Many of the merchants and partners using Chiezie do not have the benefit of a dedicated privacy team, and it is important to us to help them meet their privacy obligations. To do this, we try to build our products and services so they can easily be used in a privacy-friendly way.

 

Why we process your information

We generally process your information when we need to do so to fulfill a contractual obligation (for example, to process your payments to use the Chiezie platform), or where we or someone we work with needs to use your personal information for a reason related to their business (for example, to provide you with a service). Laws in the European Economic Area (“EEA”) and in the United Kingdom (“UK”) call these reasons “legitimate interests.” These “legitimate interests” include:

  • preventing risk and fraud
  • answering questions or providing other types of support
  • helping merchants find and use apps through our app store
  • providing and improving our products and services
  • providing reporting and analytics
  • testing out features or additional services
  • assisting with marketing, advertising, or other communications

We only process personal information for these “legitimate interests” after considering the potential risks to your privacy and balancing any risks with certain measures—for example, by providing clear transparency into our privacy practices, offering you control over your personal information where appropriate, limiting the information we keep, limiting what we do with your information, who we send your information to, how long we keep your information, or the technical measures we use to protect your information.

We may also process your personal information where you have provided your consent. In particular, where we cannot rely on an alternative legal basis for processing, where you direct us to transfer information to a third party, where we receive your data from a third party is sourced and it already comes with consent or where we are required by law to ask for your consent (including in the context of some of our sales and marketing activities). At any time, you have a right to withdraw your consent by changing your communication choices, opting out from our communications or by contacting us.

Depending on whether you are a merchant, customer, partner, user or visitor, please refer to our supplemental privacy policies, as relevant, to understand our purposes for processing, categories of recipients and legal basis for processing for each type of personal data.

 

Your rights over your information

We believe you should be able to access and control your personal information no matter where you live. Depending on how you use Chiezie, you may have the right to request access to, correct, amend, delete, port to another service provider, restrict, or object to certain uses of your personal information. We will not charge you more or provide you with a different level of service if you exercise any of these rights. Please note that a number of these rights apply only in certain circumstances, and all of these rights may be limited by law.

If you buy something from or otherwise provide your information to a Chiezie-powered store and wish to exercise these rights over information about your purchase or interaction, you need to directly contact the merchant you interacted with. We are a processor and process information on their behalf. We will of course help our merchants to fulfill these requests to the extent required by law, such as by giving them the tools to do so and by answering their questions.

If you are a merchant, partner, Shop user, Chiezie employee, website visitor or other individual that Chiezie has a direct relationship with, please submit your data subject request through our site. Please note that if you send us a request relating to your personal information, we have to make sure that it is you before we can respond. In order to do so, we may use a third party to collect and verify identification documents. Further information about rights available to US residents can be found below under the header “United States Regional Privacy Notice”.

If you are not happy with our response to a request, you can contact us to resolve the issue. If you are located in the EEA or UK, you also have the right to lodge a complaint with your local data protection or privacy authority at any time.

Finally, because there is no common understanding about what a “Do Not Track” signal is supposed to mean, we don’t respond to those signals in any particular way.

 

How long do we retain your information

We will retain your personal data only for as long as necessary to fulfill the purposes for which we have collected it. To determine the appropriate retention period, we consider the amount, nature and sensitivity of your personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements. We will also retain and use your personal information to the extent necessary to comply with our legal obligations, resolve disputes and enforce our policies. If you stop using our services or if you delete your account with us, we will delete your information or store your information in an aggregated and anonymized format.

Depending on whether you are a merchant, customer, partner, user or visitor, please refer to our supplemental privacy policies, as relevant, for further details on the retention of your personal information.

 

How we protect your information

Our teams work tirelessly to protect your information, and to ensure the security and integrity of our platform. We also have independent auditors assess the security of our data storage and systems that process financial information. However, we all know that no method of transmission over the Internet, and method of electronic storage, can be 100% secure. This means we cannot guarantee the absolute security of your personal information.

 

How we use “cookies” and other tracking technologies

We use cookies and similar tracking technologies on our website and when providing our services. For more information about how we use these technologies, including a list of other companies that place cookies on our sites, a list of cookies that we place when we power a merchant’s store, and an explanation of how you can opt out of certain types of cookies, please see our Cookie Policy.   

 

United States Regional Privacy Notice

This United States Regional Privacy Notice (“US Notice”) supplements our Privacy Policy and all supplemental privacy policies on www.chiezie.com (together, the “Chiezie Privacy Policies”).

This US Notice is for individuals residing in certain US states and is designed to help you better understand how we collect, use, and disclose your personal information and, depending on how you use Chiezie and where you reside, how to exercise available rights under various applicable privacy laws in the US, specifically the California Consumer Privacy Act, the Colorado Privacy Act, the Connecticut Act Concerning Personal Data Privacy and Online Monitoring, the Utah Consumer Privacy Act, and the Virginia Consumer Data Protection Act (collectively, the “US Privacy Laws”).

 

What information we may collect and share about you

To provide our services to you, we must process information about you, including personal information.

We do not “sell” your personal information as that term is defined under US Privacy Laws.

Here is a summary of the categories of personal information we may have collected about you over the past 12 months and with whom we may have disclosed that information to, depending on how you use Chiezie.

Categories of personal information collected

Recipients of personal information
  • Identifiers, including name, email address, mailing address, phone number;
  • Personal information categories listed in the California Customer Records statute, including name, mailing and billing address, phone number, credit or debit card information;
  • Commercial information, including products you purchase, place in your shopping cart, favorite or review (if you are a customer) and information you provide us about you and your business (if you are a merchant);
  • Photos and videos, which may include face imagery, if you choose to provide them.
  • Internet or other electronic network activity information, including information regarding the device and browser you use, network connection, IP address, and how you browse through our apps and sites;
  • Geolocation data, including your mailing and billing address;
  • Inferences, or information derived from other personal information about you, which could include your preferences, interests, and other information used to personalize your experience;
  • Other information you provide; and
  • Sensitive personal information, which may include:
    • Government-issued identifiers, including social security, driver’s license, state identification card, or passport number;
    • Your account access credentials (such as account log-in, financial account, debit or credit card number in combination with any required security access code, password, or credentials allowing access to an account);
    • Your device’s precise location (if you are a Shop user, but only when you allow Shop to access this information);
    • Information you voluntarily disclose that may reveal certain characteristics about you such as your racial or ethnic origin or sexual orientation
    • The contents of email messages in the email inboxes that you connect to your Shop account, and information from email messages you transfer to the app to be included in your order history (if you use Shop).
  • Companies who help us provide you with our services, including cloud storage providers, payment processors, fulfillment partners, security vendors, email providers, marketplace and data analytics vendors;
  • Advertisers and marketing vendors;
  • Merchants whose shops you visit or make purchases from;
  • Partners who provide a range of services to merchants, such as by developing software or themes for use by merchants, serving as an affiliate that refers potential merchants to us, or helping merchants build or manage stores;
  • Law enforcement or other third parties in connection with legal requests, to comply with applicable law or to prevent harm.

 

Why we collect and share your Personal Information

We use and share your personal information for the purposes set out in the Chiezie Privacy Policies. For categories of sensitive personal information that we collect, we only use or disclose such information either with your specific consent when required, or as otherwise permitted by law.

 

Sources of Personal Information

To make commerce better for everyone at Chiezie, we collect and use personal information provided by:

  • You: We collect the information you provide when you use our platform, including when you sign up for Chiezie as a merchant, visit a Chiezie-powered store, fill in order information, visit one of Chiezie’s websites or contact Chiezie support.
  • We collect account and payment information you provide to us (including information about your business if you are a merchant), Chiezie stores or items you save to favorites, purchases you make, reviews you post, and how you otherwise interact or communicate with stores or other users.
  • We also collect information about how you browse through our apps and sites, including search terms you may enter.

 

How long we keep your information

Because we need your personal information to provide Chiezie services, we generally keep your personal information, including sensitive personal information, while you use Chiezie products or services or until you tell us to delete your information. We may also keep personal information to comply with legal obligations or protect our or other’s interests.

If you are a merchant operating a Chiezie-powered store, and you close the store, stop paying your subscription fees, or we terminate your account, we retain store information for two years before we begin the deletion process.

When you visit or make a purchase from a merchant’s Chiezie-powered store, we act as a service provider or processor for the merchant, and the merchant, not Chiezie, decides how long your information is retained.

 

Your rights over your information

Depending on where you live, how you use Chiezie, and subject to certain exceptions, you may have some or all of the following rights:

  • Right to Know: The right to request that we disclose to you the personal information we collect, use, or disclose about you, and information about our data practices.
  • Right to Request Correction: The right to request that we correct inaccurate personal information that we maintain about you.
  • Right to Request Deletion: The right to request that we delete personal information that we have collected about you.

To exercise your rights, including the “right to know” and “right to delete,” please submit a request through our online portal.

If you have visited or made a purchase from a merchant’s Chiezie-powered store, please contact the specific merchant directly. If you make a request to us, we will forward your request to the relevant merchant.

Please note that to protect your information and the integrity of our products and services, we may need to verify your identity before processing your request. In some cases, we may need to collect additional information to verify your identity, such as your email address or a government issued ID.

Under US Privacy Laws, you may also designate an authorized agent to make these requests on your behalf. If you use an authorized agent to submit a request, we may need to collect additional information, such as a government issued ID, to verify your identity before processing your request to protect your information.

For information on the CCPA requests we have received, please see here. In certain states, you may have the right to appeal our decision regarding a request related to these rights. If you wish to appeal a decision, please contact Chiezie Support.

We will not discriminate against you for exercising any of these rights.

 

How you can reach us

If you would like to ask about or have concerns about how we process your personal information, please contact Chiezie Support. If you want to make a request relating to your personal information, please contact us using the methods set out in the section immediately above.

 

 

Chiezie Data Processing Addendum

This Chiezie Data Processing Addendum (“Addendum”) amends the Chiezie Terms of Service and any other terms that incorporate by reference this Addendum (together, the “Agreement”) by and between you and Chiezie.           

 

1.  Definitions

  1. European Data Protection Laws” means European Union Regulation 2016/679 (the “General Data Protection Regulation”), the UK Data Protection Act 2018 (“DPA”), the UK General Data Protection Regulation as defined by the DPA as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (together with the DPA, the “UK GDPR”), and any relevant law, statute, regulation, rule or other binding instrument which implements the above or otherwise relates to data protection, privacy, data security or the processing of Personal Data in any European member state or the United Kingdom, in each case as applicable and in force, and as amended, consolidated, re-enacted or replaced from time to time.
  2. Personal Data” shall be interpreted in accordance with European Data Protection Laws and US Data Protection Laws, as applicable, and relating to an identifiable or identified individual who visits or engages in transactions through your store (a “Customer”), which Chiezie Processes as a Service Provider (as defined under such laws) in the course of providing you, as a Data Controller or Business (as defined under such laws), with the Services. The term “Personal Data” shall also include “Personal Information” as defined under US Data Protection Laws. Notwithstanding the foregoing sentence, Personal Data does not include information that Chiezie processes in the context of services that it provides directly to a consumer.
  3. US Data Protection Laws” means the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA”), the Virginia Consumer Data Protection Act (“VCDPA”), the Colorado Privacy Act (“CPA”), the Utah Consumer Privacy Act (“UCPA”) the Connecticut Act Concerning Personal Data Privacy and Online Monitoring (“CTDPA”), and other similar comprehensive state privacy laws that place obligations on a Business or Controller in relation to Personal Data (as defined under such laws), and any relevant regulation, rule or other binding instrument which implements such laws, in each case as applicable and in force, and as amended, consolidated, re-enacted or replaced from time to time.
  4. US Consumer” means an individual that is a “consumer” as defined under US Data Protection Laws.
  5. All other capitalized terms in this Addendum shall have the same definition as in the Agreement.

 

2. Details of Processing

  1. The parties agree that Appendix 1 of this Addendum describes the subject matter and details of the processing of Personal Data. Chiezie may aggregate, anonymize or deidentify Personal Data and process such data for the purposes set out in Appendix 1 or as otherwise permitted by applicable law. To the extent Chiezie receives from you Personal Data that has been Deidentified (as defined in section 5.1 of this Addendum), Chiezie will maintain and use the data only in a Deidentified fashion.

 

3. European Union and United Kingdom

  1. This section applies only to the extent that Chiezie’s Processing of Personal Data is subject to European Data Protection Laws. In this section, “Data Processor”, “Data Controller”, “Data Subject”, “Processing”, “Sub processor”, and “Supervisory Authority” shall be interpreted in accordance with the European Data Protection Laws.
  2. You acknowledge that Chiezie acts as an independent Data Controller with regards to personal data that it collects from consumers in connection with its consumer-facing applications and services.
  3. Where a Data Subject is located in the European Economic Area or the United Kingdom, that Data Subject’s Personal Data will be Processed by Chiezie’s affiliate. As part of providing the Services, this Personal Data may be transferred to other regions, including to the United States. Such transfers will be completed in compliance with relevant Data Protection Legislation.
  4. When Chiezie Processes Personal Data in the course of providing the Services, Chiezie will:
    • Process the Personal Data as a Data Processor and/or Service Provider, only for the purpose of providing the Services in accordance with documented instructions from you (provided that such instructions are commensurate with the functionalities of the Services), and as may subsequently be agreed to by you. If Chiezie is required by law to Process the Personal Data for any other purpose, Chiezie will provide you with prior notice of this requirement, unless Chiezie is prohibited by law from providing such notice;
    • notify you if, in Chiezie’s opinion, your instruction for the Processing of Personal Data infringes applicable European Data Protection Laws;
    • notify you promptly, to the extent permitted by law, upon receiving an inquiry or complaint from a Supervisory Authority relating to Chiezie’s Processing of the Personal Data;
    • implement reasonable technical and organizational measures enabling you to execute requests relating to your Customer’s Personal Data that you are obligated to fulfill;
    • implement and maintain appropriate technical and organizational measures to protect the Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, damage, theft, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorized or unlawful processing, accidental loss, destruction, damage or theft of Personal Data and appropriate to the nature of the Personal Data which is to be protected;
    • upon request, provide reasonable information to help you complete your data protection impact assessments and prior consultations with regulatory authorities;
    • provide you, upon request, with up-to-date attestations, reports or extracts thereof where available from a source charged with auditing Chiezie’s data protection practices (e.g. external auditors, internal audit, data protection auditors), or suitable certifications, to enable you to assess compliance with the terms of this Addendum;
    • notify you without undue delay upon becoming aware of and confirming any accidental, unauthorized, or unlawful processing of, disclosure of, or access to the Personal Data;
    • ensure that its personnel who access the Personal Data are subject to confidentiality obligations; and
    • upon termination of the Agreement, Chiezie will promptly initiate its purge process to delete or anonymize the Personal Data. You may also request, within 60 days of termination, that Chiezie return such Personal Data.
  5. In the course of providing the Services, you acknowledge and hereby grant Chiezie general written authorisation to use Subprocessors, listed online at: Chiezie's subprocessors(“Subprocessor List”), to Process the Personal Data. Chiezie’s use of any specific Subprocessor to process the Personal Data must be in compliance with European Data Protection Laws and must be governed by a contract between Chiezie and Subprocessor that requires comparable protections to this Data Processing Addendum. If Chiezie appoints a new subprocessor or intends to make changes concerning the addition or replacement of subprocessors, such changes will be made to our Subprocessor List. You will have seven (7) days from the date of the update of our Subprocessor List to object to the change. If you object to the appointment of a Subprocessor you may terminate this agreement in accordance with the Agreement and your Chiezie Plus Agreement, if applicable.
  6. You warrant that you have complied and continue to comply with European Data Protection Laws, in particular, you have obtained any necessary consents or given any necessary notices and otherwise have a legitimate ground to disclose data to Chiezie and enable the processing of Personal Data by Chiezie as set out in this Agreement.

 

4. US Consumers

  1. This section applies only to the extent that, for purposes of the US Data Protection Laws, you are a Business or Controller and in the course of providing the Services, Chiezie processes Personal Data about US Consumers that is subject to US Data Protection Laws. In this section, “Business”, “Business Purpose”, “Commercial Purpose”, “Controller”, “Deidentified”, “Processor”, “Sell”, “Sale”, “Service Provider” shall have the meanings ascribed to them in US Data Protection Laws, and “Share” shall have the meaning ascribed to it in the CCPA, are incorporated herein by reference.
  2. With respect to such Personal Data, and to the extent required by applicable US Data Protection Laws, Chiezie will:
    • process Personal Data as a Service Provider and/or Processor on your behalf to provide the Services or as otherwise permitted by US Data Protection Laws;
    • not retain, use or disclose Personal Data outside its direct business relationship with you or for any purpose other than to provide the Services, including retaining, using or disclosing such Personal Data for a Commercial Purpose other than performing the Business Purposes described in the Agreement, or as otherwise permitted by US Data Protection Laws;
    • not Sell or Share such Personal Data;
    • not combine Personal Data collected in connection with performing the Services with Personal Data received from another source or collected from its own interactions with the individual, except to perform the Services, with consent or direction, or as otherwise permitted by US Data Protection Laws;
    • in connection with processing the Personal Data, comply with provisions of the US Data Protection Laws applicable to Service Providers or Processors, including providing the same level of privacy protection required of Businesses or Controllers by the US Data Protection Laws, and notify you if it determines it can no longer meet these obligations. You may, upon receiving such a notice, take reasonable and appropriate steps to stop and remediate any unauthorized use of Personal Data by Chiezie;
    • only engage subcontractors to process Personal Data on its behalf pursuant to a written contract that requires comparable protections to this Data Processing Addendum. In the course of providing the Services, you acknowledge and hereby grant Chiezie general written authorization to use subcontractors, listed online at: Chiezie's subprocessors(“Subprocessor List”), to Process the Personal Data. Chiezie’s use of any specific Subprocessor to process the Personal Data must be in compliance with US Data Protection Laws and must be governed by a contract between Chiezie and Subcontractor that requires comparable protections to this Data Processing Addendum. If Chiezie appoints a new subcontractor or intends to make changes concerning the addition or replacement of subcontractors, such changes will be made to our Subprocessor List. You will have seven (7) days from the date of the update of our Subprocessor List to object to the change. In the event we do not receive a response from you, the change will be deemed to be accepted. If you object to the appointment of a subcontractor you may terminate this agreement in accordance with the Agreement and your Chiezie Plus Agreement, if applicable.
    • take reasonable and appropriate steps, upon reasonable written notice from you and subject to the confidentiality obligations set out in the Agreement, to assist you with confirming that Chiezie’s use of Personal Data is consistent with your obligations under US Data Protection Laws;
    • Upon request, provide a report of a reasonable assessment of Chiezie’s policies and technical and organizational measures in support of its obligations under applicable US Data Protection Laws using an appropriate and accepted control standard or framework and assessment procedure for such assessments; and
    • upon termination of the Agreement, Chiezie will promptly initiate its purge process to delete or Deidentify the Personal Data.You may also request, within 60 days of termination, that Chiezie return such Personal Data.
  3. You represent and warrant that you:
    • have obtained any necessary consents, rights and authorizations and given any necessary notices to individuals regarding your disclosure of Personal Data to Chiezie to enable Chiezie’s processing of Personal Data to provide the Services, as required by applicable law;
    • will not share with Chiezie any Personal Data of any individual subject to the US Data Protection Laws who has exercised an opt-out that you have committed to honoring;
    • will not share with Chiezie sensitive data of any US Consumer who has not consented to the processing of their sensitive data;
    • inform Chiezie of any rights requests individuals make to you pursuant to US Data Protection Laws that Chiezie must comply with and provide the information necessary for Chiezie to comply with the requests; and
    • be solely liable for your compliance with such laws.
  4. You and Chiezie agree that the existence of this Addendum does not constitute an admission that sharing of Personal Data constitutes a Sale or a Share.

 


5. General

  1. In the event of any conflict or inconsistency between the provisions of the Agreement and this Addendum, the provisions of this Addendum shall prevail, unless such provisions contradict a requirement under applicable law, in which case such requirement shall prevail. For avoidance of doubt and to the extent allowed by applicable law, any and all liability under this Addendum, including limitations thereof, will be governed by the relevant provisions of the Agreement. You acknowledge and agree that Chiezie may amend this Addendum from time to time by posting the relevant amended and restated Addendum on Chiezie’s website, available at Chiezie Data Processing Addendumand such amendments to the Addendum are effective as of the date of posting. Your continued use of the Services after the amended Addendum is posted to Chiezie’s website constitutes your agreement to, and acceptance of, the amended Addendum. If you do not agree to any changes to the Addendum, do not continue to use the Service.
  2. Save as specifically modified and amended in this Addendum, all of the terms, provisions and requirements contained in the Agreement shall remain in full force and effect and govern this Addendum. If any provision of the Addendum is held illegal or unenforceable in a judicial proceeding, such provision shall be severed and shall be inoperative, and the remainder of this Addendum shall remain operative and binding on the parties.
  3. The terms of this Addendum shall be governed by and interpreted in accordance with the laws of the State of Maryland, USA applicable therein, without regard to principles of conflicts of laws. The parties irrevocably and unconditionally submit to the exclusive jurisdiction of the courts of the State of Maryland, USA with respect to any dispute or claim arising out of or in connection with this Addendum.

 

Appendix 1: Details of Processing

Nature and purpose of processing: To provide and improve the Services under the Chiezie Terms of Service and any other terms that this Addendum is incorporated into, provide any related support to Customer, as otherwise permitted under European Data Protection Laws or US Data Protection Laws, as applicable, or as initiated by you from time to time.

Subject Matter, Types of Personal Data and Categories of Data Subjects: Personal Data relating to Customers.

Duration of processing: The term of this Addendum plus the period from the end of the term until deletion of all Customer Personal Data by Chiezie in accordance with its obligations under this Addendum.

 

 

Last updated: April 25, 2023