Policy version: 12 February 2023
The Buunto applications and related functionalities (Buunto Apps) made available to merchants on Shopify.com (Shopify) and our website available at https://www.buunto.com/ (our website) (together the Buunto Platform) is provided by Buunto Limited (‘we’, ‘our’ or ‘us’).
We are the controller of personal data of merchants obtained via the Buunto Platform, meaning we are the organisation legally responsible for deciding how and for what purposes it is used. When we receive personal data via the Buunto Apps in relation to the end-customers of merchants, then we are the processor of that information and will only process such data in accordance with the merchants’ instructions as a processor on their behalf. Any queries about your personal data you have as an end-customer of a Shopify merchant using the Buunto Apps should be redirected to the relevant merchant.
We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR). We are also subject to the EU General Data Protection Regulation (EU GDPR) in relation to goods and services we offer to individuals and our wider operations in the European Economic Area (EEA).
Given the nature of the Buunto Apps, we do not expect to collect the personal data of anyone under 13 years old. If you are aware that any personal data of anyone under 13 years old has been shared with our website please let us know so that we can delete that data.
If you are an end-customer of a merchant on Shopify which uses Buunto Apps, such merchants may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to those third party merchants and for their use of Buunto Apps, please consult their privacy policies as appropriate.
The personal data we collect about you depends on the particular activities carried out through the Buunto Platform.
If you are a merchant or are operating on behalf of a Shopify merchant:
We will collect and use the following personal data about you:
If you are an end-customer of a Shopify merchant making use of the Buunto Apps:
We will collect and use the following personal data about you which we process on behalf of the Shopify merchant to provide the services requested under the Buunto App, in our capacity as processor:
You must provide this personal data to use the Buunto Platform (or Buunto Apps as applicable) and the services and functionalities on it unless we tell you that you have a choice.
Sometimes you can choose if you want to give us your personal data and let us use it. Where that is the case we will tell you and give you the choice before you give the personal data to us. We will also tell you whether declining to share that personal data will have any effect on your use of the Buunto Platform (or Buunto Apps as applicable).
We collect and use this personal data for the purposes described in the section ‘How and why we use your personal data’ below.
We collect personal data from you:
Under data protection law, we can only use your personal data if we have a proper reason, eg:
A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own. You can obtain details of this assessment by contacting us (see ‘How to contact us’ below).
Certain personal data is treated as a special category under the UK GDPR and EU GDPR, to which additional protections apply under data protection law. Examples of such data include:
We do not process such special category data. Where we process such special category personal data, we will also ensure we are permitted to do so under data protection laws and will update this policy accordingly.
See ‘Who we share your personal data with’ for further information on the steps we will take to protect your personal data where we need to share it with others.
If you are a Shopify merchant or are acting on a merchant’s behalf, where you have provided your consent we will use your personal data to send you updates (by email, text message, telephone or post) about our products and services including exclusive offers, promotions or new products and services.
We will always ask you for your consent before doing sending you marketing communications, except where you have explicitly opted-in to receiving email marketing from us in the past or except where you were given the option to opt-out of email marketing when you initially signed up for your account with us and you did not do so.
You have the right to opt out of receiving marketing communications at any time by:
We may ask you to confirm or update your marketing preferences if you ask us to provide further products and services in the future, or if there are changes in the law, regulation, or the structure of our business.
We will always treat your personal data with the utmost respect and never sell or share with other organisations outside Buunto for marketing purposes.
For more information on your right to object at any time to your personal data being used for marketing purposes, see ‘Your rights’ below.
We routinely share personal data with:
We only allow those organisations to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on them to ensure they can only use your personal data to provide services to us and to you.
We or the third parties mentioned above occasionally also share personal data with:
If you would like more information about who we share our data with and why, please contact us (see ‘How to contact us’ below).
We will not keep your personal data for longer than we need it for the purpose for which it is used. For example, to manage your subscription and licence to the Buunto App if you are a merchant or to provide you with the services requested if you are an end-customer. If you are an end-customer of a Shopify merchant, we will only retain data for as long as the merchant (acting as controller) says we may.
The EEA, UK and other countries outside the EEA and the UK have differing data protection laws, some of which may provide lower levels of protection of privacy.
It is sometimes necessary for us to transfer your personal data to countries outside the UK and EEA. In those cases we will comply with applicable UK and EEA laws designed to ensure the privacy of your personal data.
Under data protection laws, we can only transfer your personal data to a country outside the UK/EEA where:
If you would like further information about data transferred outside the UK/EEA, please contact us (see ‘How to contact us’ below).
For example, we may monitor how many times you visit the Buunto Platform, or use the Buunto Apps, which pages you go to, traffic data, location data and the originating domain name of your internet service provider. This information helps us to build a profile of our users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually.
For further information on cookies generally, including how to control and manage them, visit the guidance on cookies published by the UK Information Commissioner’s Office, www.aboutcookies.org or www.allaboutcookies.org.
We will ask for your consent to place cookies or other similar technologies on your device, except where they are essential for us to provide you with a service that you have requested (eg to enable you to log into the Buunto Apps.
We rely on a limited number of pre-approved external providers to present you with certain functionalities on our apps. These externally provided functionalities may involve the placement of so-called third-party cookies onto your browser.
The following table provides the names of the third-party providers whose services we rely on for certain functionalities on our portal and who may place functional third-party cookies on your browser in the process of making these functionalities available to you:
Furthermore, where we act as joint-controllers alongside the third-party providers we work with, in relation to any personal data which may be collected by way of such third-party cookies and in connection to Buunto: this means that in the event of a non-compliant processing operation, the law allows you to exercise your rights in respect of and against either ourselves or the third-party provider at issue (Article 26 EU and UK GDPR). The provider of third-party cookies is the sole controller for any subsequent operation involving the processing of personal data carried out by the third-party provider after their transmission to the latter as part of the authentication functionality. We are only controller of data that is collected for log in purposes to allow you to connect to Buunto, and our liability it also limited to that extent of processing.
If you do not want to accept any cookies, you may be able to change your browser settings so that cookies (including those that are essential to the services requested) are not accepted. If you do this, please be aware that you may lose some of the functionality of our website.
For further information about cookies and how to disable them please go to the guidance on cookies published by the UK Information Commissioner’s Office, www.aboutcookies.org or www.allaboutcookies.org.
You generally have the following rights, which you can usually exercise free of charge. If you are an end-customer of a Shopify merchant then please address your request to the merchant in the first instance. In all other cases, where we are the controller of your data, then please read more below:
Access to a copy of your personal data
The right to be provided with a copy of your personal data
Correction (also known as rectification)
The right to require us to correct any mistakes in your personal data
Erasure (also known as the right to be forgotten)
The right to require us to delete your personal data—in certain situations
Restriction of use
The right to require us to restrict the use of your personal data in certain circumstances, e.g. if you contest the accuracy of the data
The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
The right to object:
Not to be subject to decisions without human involvement
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you
We do not make any such decisions based on data collected by our website
The right to withdraw consents
If you have provided us with a consent to use your personal data you have a right to withdraw that consent easily at any time
Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn
For further information on each of those rights, including the circumstances in which they do and do not apply, please contact us (see ‘How to contact us’ below). You may also find it helpful to refer to the guidance from the UK’s Information Commissioner on your rights under the UK GDPR.
If you would like to exercise any of those rights, please see below: ‘How to contact us’. When contacting us please:
We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine need to access it.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
If you want detailed information from Get Safe Online on how to protect your personal data and other information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
Please contact us if you have any queries or concerns about our use of your personal data (see below ‘How to contact us’). We hope we will be able to resolve any issues you may have.
You also have the right to lodge a complaint with:
The UK’s Information Commissioner may be contacted using the details at https://ico.org.uk/make-a-complaint or by telephone: 0303 123 1113.
For a list of EEA data protection supervisory authorities and their contact details see here.
Our contact details are shown below:
Suite 5, 5th Floor,
5 Greenwich View Place,
London, E14 9NN