With the General Data Protection Regulations (GDPR) in effect as of May 25, 2018, it is crucial for any developer who works with European merchants, or works with merchants who have European customers, to disclose all data collection and usage through a privacy policy. GDPR clarifies and imposes new obligations on any party that collects, stores, or processes personal data of individuals located in Europe.
We have discussed elsewhere about GDPR generally, and how it affects Shopify and our merchants. But GDPR also probably affects most of the developers who are developing Shopify apps.
We want to make sure you are setting yourself up for GDPR compliance by carefully considering what (if any) personal data your app requires, subscribing to the mandatory GDPR webhooks, and creating a privacy policy if required.
Please note that GDPR is extremely complicated (the law is almost 90 pages long), and will apply differently to different apps. If you have any concerns, then we strongly recommend talking with a lawyer about how GDPR specifically applies to you.
This document is not intended to provide you with legal advice. It is intended to provide you with information about changes that Shopify is making in the Shopify App Store to help merchants prepare for GDPR, and to help you start to think about your data practices in the way that GDPR requires.
Anchor link to section titled "App privacy policies"
To help with GDPR compliance, or to gain merchant trust through clarifying exactly how merchant and buyer data is being used, you must provide a privacy policy and link to it from your Shopify App Store listing. These requirements are the same for both listed and unlisted apps.
One of the things that GDPR requires is for businesses including app businesses) to provide their customers/users with very specific information about how your app/product collects and uses personal information. You should explain your data practices however you think will be most effective, and we also provided an App Privacy Policy Template to get you started.
In particular, we recommend that you include:
If you have any concerns about how best to describe your app’s data practices beyond what’s listed above, then we recommend consulting with a lawyer about your specific needs.
Anchor link to section titled "Data rights of individuals"
In several jurisdictions, individuals have certain right to how their data is collected, stored, and used. To make sure your app is operating in an ethical and legal matter, it is crucial to consider the following:
If you think that any of these restrictions apply to your app, or if you have concerns about how GDPR affects how you currently process and store personal data, then we suggest you consult with a lawyer.
Anchor link to section titled "GDPR for marketing apps"
If your app provides marketing or advertising related services, then you will need to consider how GDPR applies to you. GDPR imposes a new set of requirements regarding how companies use data for marketing or advertising purposes. How it applies to you will depend on exactly how your app uses data, but you will need to consider the following:
Summit Web Consultants
Copyright © 2022 Summit Web Consultants - All Rights Reserved.
Powered by GoDaddy
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.