On May 25th, 2018 the General Data Protection Regulation (GDPR) took effect. The GDPR is the European Union’s new data privacy law which impacts how all companies (big and small) collect and handle personal data about their European customers.
We support the GDPR and will ensure all Boost Commerce apps and services comply with its provisions by May 25, 2018. Not only is the GDPR an important step in protecting the fundamental right of privacy for European citizens, it also raises the bar for data protection, security, and compliance in the industry.
The General Data Protection Regulation (GDPR) is a new European privacy law that goes into effect on May 25, 2018. The GDPR will replace the EU Data Protection Directive, also known as Directive 95/46/EC, and will apply a single data protection law throughout the EU.
Data protection laws govern the way that businesses collect, use, and share personal data about individuals. Among other things, they require businesses to process an individual’s personal data fairly and lawfully, allow individuals to exercise legal rights in respect of their personal data (for example, to access, correct or delete their personal data), and ensure appropriate security protections are put in place to protect the personal data they process.
We have taken steps to ensure that we will be compliant with the GDPR by May 25, 2018.
The GDPR applies to all entities and individuals based in the EU and to entities and individuals, whether or not based in the EU, that process the personal data of EU individuals. The GDPR defines personal data as any information relating to an identified or identifiable natural person. This is a broad definition and includes data that is obviously personal (such as an individual’s name or contact details) as well as data that can be used to identify an individual indirectly (such as an individual’s IP address).
We’ve been hard at work preparing for the GDPR for a while. So far, we have:
Read_Products
This includes products and collections. We need this permission to sync the product, collection data between your Shopify store and our app for filtering and searching features.
Read_Orders
This permission from Shopify includes full details of placed orders (*). We need this permission to support the Analytics feature of calculating Order Revenue from our app. In the Admin app. The merchant also has a setting to disable this feature as well as this permission.
(*) Customer personal information in orders is opted out during our webhook processing process. No store customers' personal data are stored in our app.
Read_Content
We need this permission to sync and index the content (pages, blogs) for searching feature.
Read_Themes, Write_Themes
This permission allows us to read store’s themes information for the auto theme setup process.
Read_Script_Tags, Write_Script_Tags
This permission allows us to insert a filter/search script to your theme for filtering and searching features.
Based on the definitions in Art. 4 GDPR, we consider the following collected data are personal data that the App interacts with:
Store’s Owner Information
We store this data to communicate with the store’s owner regarding Boost Commerce apps and services. Our app minimizes the personal data of store’s owner as we only store Email Address (encrypted in the database) and State/Country of the owner.
This information is kept as long as the store owner continues using the app. When the store owner uninstalls the app, the data is deleted.
We also have cookies set by Google Analytics, MixPanel and Hotjar in our app’s admin pages. These cookies help us to adjust and improve experiences with our app.
Order Hook Information
We do not store any personal information from order hooks in our application or other databases.
UUID of Frontend API
We place an anonymous unique identifier on the device or computer of individuals that accesses the storefront. This identifier helps us to analyze how our app influences customer experiences.
This UUID is not personal information as it cannot be reversed to identify any personal information if this data is breached or accessed by other third parties.
Application Logs
We keep application logs for system performance monitoring and security audits.
The application logs are kept permanently for security reasons.
We do not and will never share, disclose, sell, rent, or otherwise provide personal information to other third parties or companies (other than to specific Shopify merchants you are interacting with, or to third-party apps or service providers being used by the merchants you are interacting with) for the marketing of their own products or services.
Still, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful requests for information we receive, or to otherwise protect our rights.
What we went through together should give you an idea of GDPR and what have we done to prepare for GDPR.
As for Boost Commerce, we are ready with our updated terms and training even, to assist you with questions at any time. For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by sending the request to Boost Commerce at: