Last Updated - March 11, 2020
Shopalyst helps brands deliver a curated shopping experience to each shopper and guide, measure and influence shoppers in their digital path to purchase, via the Shopalyst website and domain name offered from time to time (collectively, the “Website”), the Shopalyst SDK/API (the “SDK/API”), and the Shopalyst mobile application offered from time to time, if any (the “Application” and together with the Website and the SDK/API, the “Shopalyst Service”). The Shopalyst Service is owned and operated by Shopalyst Inc., a Delaware corporation (“Shopalyst”, “we” or “us”).
2.Types and Uses of Collected Information. Shopalyst collects two types of information about you:
a.Personal Data. Personal Data is information that identifies a specific person. When you engage in certain activities via the Shopalyst Service, including but not limited to creating an account, sending feedback, or otherwise participating in the Shopalyst Service (collectively, “Identification Activities”), we may ask you to provide certain information about yourself. If you elect to engage in an Identification Activity, however, we may ask you to provide us with certain personal information about yourself, such as your name, address (including zip code), email address and/or telephone number. When you enroll in the Shopalyst Service, we may also ask you to provide us with additional information, such as credit card information. Depending on the Identification Activity, some of the information we ask you to provide may be identified as mandatory and some identified as voluntary. If you do not provide mandatory information for a particular Identification Activity, you will not be permitted to engage in that Identification Activity with the Shopalyst Service. Depending on the Identification Activity, we may not re-ask you for Personal Data if such is already stored with us.
We may receive information about you from our partner sites where you use the Shopalyst Service, or third parties. For example, if you access the Shopalyst Service through a third-party connection or log-in, for example, through Facebook Connect, by “following,” “liking,” adding the Company application, linking your account to the Shopalyst Service, etc., that third party may pass certain information about your use of its service to Company. This information could include, but is not limited to, the user ID associated with your account (for example, your Facebook UID), an access token necessary to access that service, any information that you have permitted the third party to share with us, and any information you have made public in connection with that service. If you allow us access to your friends list, your friends user IDs, and your connection to those friends, may be used and stored to make your experience more social, and to allow you to invite your friends to use the Shopalyst Service as well as provide you with updates if and when your friends join, if applicable. We encourage you to review and adjust your privacy settings on third-party websites and services before linking or connecting them to the Shopalyst Service. You may also unlink your third-party account from the Shopalyst Service by adjusting your settings on the applicable third-party service. If you unlink your third-party account, we will remove the information collected about you in connection with that service.
3.Sharing of Personal Data. We will not sell or share your Personal Data with other parties except as provided below:
a.Authorized Third Party Service Providers. We may provide products and services through third parties. These “Third Party Service Providers” perform functions on our or your behalf. You or We may share your Personal Data with such Third Party Service Providers to fulfill orders, analyze data (including IP Addresses), operate the Shopalyst Service, troubleshoot, and provide customer service. We may also provide Personal Data to individuals and companies with whom we have business relationships and may share your information with Third Party Service Providers to accomplish our administrative tasks. However, the use of your Personal Data by such parties is governed by the privacy policies of such parties and is not subject to our control.
5.Customer End User Data. Shopalyst will not review, share, distribute, or reference any such Customer End User Data except as provided in Shopalystâ€™s applicable agreement with Customer, or as may be required by law. Shopalyst acknowledges that Customer End Users have the right to access their personal information. If Personal Data pertaining to a Customer End User has been submitted to us by a Customer and a Customer End User wishes to exercise any rights it may have to access, correct, amend, or delete such data, Customer End User should inquire with the Customer directly. Because Shopalyst personnel have limited ability to access data our Customers may submit to the Shopalyst Service, if a Customer End User wishes to make a request directly to Shopalyst, please provide the name of the Customer who submitted your data to the Shopalyst Service. We will refer your request to such Customer and will support them as needed in responding to your request.
6.Data Controller and Data Processor; Data Protection Officer. We process personal data both as a Processor and as a Controller, each as defined in the EU Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 (the “Directive”) and the General Data Protection Regulation (“GDPR”). The Customer which Customer End Users provided Personal Data to, with the assistance of the Shopalyst Service, will be the Controller for Customer End User Data. We will be the Processor of Customer End User Data. For Customer Personal Data, we will be the Controller.
Shopalyst has a Data Protection Officer (as defined in the Directive and GDPR) who is responsible for matters relating to privacy and data protection. Our Data Protection Officer can be reached as follows:
Attn: Data Protection
Officer 38350 FREMONT BLVD, SUITE 203
FREMONT, CA 94536 USA
For Customers and Customer End Users located in the European Data Region in the European Economic Area (EEA), all processing of Personal Data is performed in accordance with privacy rights and regulations following the Directive, and the implementations of the Directive in local legislation. From May 25th, 2018, the processing will take place in accordance with the GDPR. All data collected by Shopalyst through the Shopalyst Service will be stored exclusively in secure hosting facilities provided by Amazon Web Services.
7.Sharing of Non-Personal Data. We may disclose or share Non-Personal Data with Third Party Service Providers and the general public. For example, we may share aggregated demographic information (which does not include any Personal Data) or use Third Party Service Providers to track and analyze Non-Personal Data usage and volume statistical information from our users to administer the Shopalyst Service. We may also publish this aggregated information for promotional purposes. Such data is collected on our behalf, and is owned and used by us.
We may use Third Party Service Providers to serve ads when you participate in the Shopalyst Service. These companies may use Non-Personal Data about your visits and use of the Shopalyst Service, and visits to other websites or locations in order to provide, through the use of network tags, advertisements about goods and services that may be of interest to you.
If you are enrolled in the Shopalyst Service, you may change any of your Personal Data by logging into your account and accessing the “User Profile Page” section of http://www.shortlyst.com/. We encourage you to promptly update your Personal Data if it changes, as out-of-date Personal Data may negatively affect the quality of your Shopalyst Service experience.
9.Choices on Collection/Use of Information. You can always choose not to provide certain information, although a certain level of information is required to engage and participate in the Shopalyst Service. You cannot opt-out of Administrative Emails. “Administrative Emails” relate to your activity on the Shopalyst Service, and include but are not limited to emails regarding your account, requests or inquiries, and purchases of products and services. If you do not want to receive promotional emails from us, you may elect to opt-out of receiving promotional emails at any time after registering by e-mailing us at Privacy@shopalyst.com or by hitting the “unsubscribe” button at the bottom of any of our e-mails.
10.Security of Information. We offer you multi-factor verification when you access your Personal Data, you can access your Personal Data via the Shopalyst Service with your password and username. This password is encrypted. We advise against sharing your password with anyone. If you access your account via a third-party site or service, you may have additional or different sign-in protections via that third-party site or service. You need to prevent unauthorized access to your account and Personal Data by selecting and protecting your password and/or other sign-in mechanism appropriately and limiting access to your computer, browser, or mobile device by signing off after you have finished accessing your account. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time. In the event that we believe that the security of your information may have been compromised, we may seek to notify you of that development. In addition, your Personal Data resides on a secure server that only selected personnel and contractors have access to. We may encrypt certain sensitive information using Secure Socket Layer (SSL) technology to ensure that your Personal Data is safe as it is transmitted to us. However, no data transmission can be guaranteed to be 100% secure. As a result, while we employ commercially reasonable security measures to protect data and seek to partner with companies that do the same, we cannot guarantee the security of any information transmitted to or from or via the Shopalyst Service, and we are not responsible for the actions of any third parties that may receive any such information. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and where appropriate, notify users whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.
We restrict access to Personal Data to our employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
13.Notice of Privacy Rights to California Residents. California law requires that we provide you with a summary of your privacy rights under the California Online Privacy Protection Act (“COPPA”) and the California Business and Professions Code. As required by COPPA, we will provide you with the categories of Personally Identifiable Information that we collect through the Shopalyst Service and the categories of third party persons or entities with whom such Personally Identifiable Information may be shared for direct marketing purposes at your request. California law requires us to inform you, at your request, (1) the categories of Personally Identifiable Information we collect and what third parties we share that information with; (2) the names and addresses of those third parties; and (3) examples of the products marketed by those companies. COPPA further requires us to allow you to control who you do not want us to share that information with. To obtain this information, please send a request by email or physical mail to the address found below. When contacting us, please indicate your name, address, email address, and what Personally Identifiable Information you do not want us to share with our marketing partners. The request should be sent to the attention of our legal department, and labeled “California Customer Choice Notice.” Please allow 30 days for a response. Also, please note that there is no charge for controlling the sharing of your Personally Identifiable Information or requesting this notice.
14.Children. The Shopalyst Service is not intended for children under 13 years of age. No one under age 13 may provide any information to or on the Shopalyst Service. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on the Shopalyst Service or through any of its features or downloadable material, register on the Shopalyst Service, make any purchases through the Shopalyst Service, use any of features of this Shopalyst Service, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at firstname.lastname@example.org.