2. Information from merchants
What information do we collect from merchants and why?
- We collect your name, email address, store admin URL, and phone number.
- We use this information to provide you with our Service; for example, to confirm your identity, contact you, provide you with advertising and marketing, and invoice you. We also use this information to make sure that we comply with legal requirements.
- We collect data about the Proveway websites that you visit. We also collect data about how and when you access your account and the Proveway platform, including information about the device and browser you use, your IP address, and information about how you browse through the Proveway interface.
- We use this information to give you access to and improve our Services; for example, to make our platform’s interface easier to use. We also use this information to personalize the Services for you. Finally, we may use this information to provide you with advertising or marketing.
- We collect personal information about your customers that is shared by you via Shopify’s API. In order to deliver the Service and match your payment account (PayPal & Stripe) transactions with your Shopify orders, you provide us with access to your orders. The access is granted when you install the app and give us permission to access your orders. We use this information only to provide you with our Service.
When do we collect this information?
- We collect personal information when you install the App when you access our Service or otherwise provide us with the information.
- We also partner with third parties who provide us information about merchants or prospective merchants, for example, to help us screen out merchants associated with the fraud.
Do we share your information with third parties?
- We may also share your information in the following circumstances:
- to help us conduct marketing and/or advertising campaigns.
- to conform to legal requirements, or to respond to lawful court orders, subpoenas, warrants, or other requests by public authorities (including to meet national security or law enforcement requirements).
- Personal information may also be shared with a company that acquires our business, whether through merger, acquisition, bankruptcy, dissolution, reorganization, or other similar transaction or proceeding. If this happens, we will post a notice on our home page.
Proveway is responsible for all onward transfers of personal information to third parties. For instance, Similar to many SaaS providers, we use a top-tier, third-party data hosting provider (Digital Ocean & Amazon Web Services) with servers located in the U.S., to host our online and mobile services. For more information about Amazon & Digital Ocean Webservices approach to compliance with the GDPR, https://aws.amazon.com/compliance/gdpr-center & https://www.digitalocean.com/legal/gdpr.
3. Information from customers
- We collect our merchants’ customers’ order’s Transaction ID, Tracking Number, Courier Name, and billing address.
- Proveway “WE” do not collect or store merchants’ customer names, email, or card details.
- We only use this information to provide our merchants with the Service. For our merchants’ customers, we process your information solely as a data processor on behalf of our merchants. We don’t store that information in any way. When an operator connects to a merchant’s PayPal & Stripe account to submit tracking information for a specific order, the personal data of the customer which is required to identify the transaction is accessed via Shopify’s API and made available to the operator. Once the transaction is identified and
- Proveway never shares your customers’ information with third parties
4. Information from Proveway website visitors and support users
What information do we collect and why?
- As you visit or browse the Proveway websites, we collect information about the device and browser you use, your network connection, your IP address, and information about the cookies installed on your device. We also collect personal information submitted by you via any messaging feature available from any of our websites (“Messaging Feature”).
- We may also receive personal information when you contact us via any of our websites.
- From chat support users, we collect your name, email address, information about the device and browser you use chat transcript, and other personal information you provide us during our chat.
5. Information from cookies and similar tracking technologies
What is a cookie? A cookie is a small amount of data, which may include a unique identifier. Cookies are sent to your browser from a website and stored on your device. We assign a different cookie to each device that accesses our website.
- Opting out: You can opt-out of targeted ads served via specific third party vendors by visiting the Digital Advertising Alliance’s Opt-Out page.
- Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.
The purpose of a cookie is to identify you electronically, store your preferences for viewing our webpages, allow “remarketing” relevant to your interests based on your visits to our site, and show you relevant ads on our website and across the Internet.
Through first-party and third-party cookies, third parties may collect information about you while you are visiting Proveway -hosted webpages and other websites. They may use this data to show you advertisements on Proveway -hosted webpages and across the Internet based on your prior visits to these sites. We do not collect this information or control the content of the advertisements that you will see.
6. For how long do we retain your personal information?
- In general, we keep your personal information throughout your relationship with us. This means we will keep your information as long as you maintain the App installed.
- Once you terminate your relationship with us, we generally will continue to store archived copies of your personal information for legitimate business purposes and to comply with the law, except when we receive a valid erasure request, or, if you are a merchant, you terminate your account and your personal information is purged pursuant to our standard purge process.
- We will continue to store anonymous or anonymized information, such as website visits, without identifiers, in order to improve our Services.
7. What we don’t do with your personal information
- We do not and will never share, disclose, sell, rent, or otherwise provide personal information to other companies for the marketing of their own products or services.
- If you are a merchant using Proveway Service, we do not use the personal information we collect from you or your customers to independently contact or market to your customers.
8. How do we keep your personal information secure?
- We follow industry standards on information security management to safeguard sensitive information, like any personal information entrusted to us. Our information security systems apply to people, processes and information technology systems on a risk management basis.
- We treat your customers’ personal info as your most valuable asset – and for this reason their data is not stored at any time by us. It’s just collected, used for providing the Service and forever erased.
- No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee the absolute security of your personal information.
9. Residents of the European Economic Area (“EEA”)
Proveway works with merchants and users around the world, including in the EEA. As part of our service, we may transfer your personal information to other regions, including to Canada and the United States. In order to ensure that your information is protected when transferred out of the EEA, Proveway relies on companies certified under the EU-U.S. Privacy Shield (described in more detail below).
If you are located in the EEA, you have certain rights under European law with respect to your personal data, including the right to request access to, correct, amend, delete, port to another service provider, or object to certain uses of your personal data. If you are a merchant, a partner, a visitor of Proveway websites, or a user of Proveway support services and wish to exercise these rights, please reach out to us using the contact information below. If you are a customer of a merchant who uses the Proveway platform and wishes to exercise these rights, please contact the merchants you interacted with directly — we serve as a processor on their behalf, and can only forward your request to them to allow them to respond.
Additionally, if you are located in the EEA, we note that we are generally processing your information in order to fulfill contracts we might have with you, or otherwise to pursue our legitimate business interests listed above, unless we are required by law to obtain your consent for a particular processing operation. In particular, we process your personal data to pursue the following legitimate interests:
- To provide merchants and others with our Service;
- To provide communications, marketing, and advertising;
- To provide troubleshooting, support services, or to answer questions;
- To test out features or additional services; and
- To improve our Service, App, and websites.
When we process personal information to pursue these legitimate interests, we do so where we believe the nature of the processing, the information being processed, and the technical and organizational measures employed to protect that information can help mitigate the risks to the data subject.
10. How do we protect your personal information across borders?
While Proveway operates through mainly from US office at Deleware, Wilmington. we provide services to individuals, and our technology processes data from users around the world. Accordingly, Proveway may transmit your personal information outside of the country, state, or province in which you are located.
If you are located in the EEA or in Switzerland and believe that your personal information has been used in a manner that is not consistent with the relevant privacy policies listed above, please contact us using the information below.
11. Control over and access to your personal information
Proveway understands that you have rights over your personal information, and takes reasonable steps to allow you to access, correct, amend, delete, port, or limit the use of your personal information.
If you are unable to change your personal information within your account settings, or if you are concerned about data collected as you visit Proveway websites or use our support services, please contact us to make the required changes.
If you are a merchant’s customer and wish to exercise these rights, please contact the merchants you interacted with directly — we serve as a processor on their behalf, and can only forward your request to them to allow them to respond. It’s important to remember that if you delete or limit the use of your personal information, the Service may not function properly.
Security Incident Response Policy
This policy outlines the procedures for responding to a security incident affecting the Proveway PayPal Sync app.
- “Security incident” refers to any event that potentially compromises the confidentiality, integrity, or availability of the app or its users’ data. Examples include unauthorized access, data breaches, and system failures.
- “Incident response team” refers to the group of individuals responsible for coordinating and executing the incident response process.
- Identify the incident: The incident response team should identify and confirm the security incident as soon as possible. This may involve gathering information from various sources, such as system logs and user reports.
- Contain the incident: The team should take steps to stop the incident from spreading or causing further damage. This may include disconnecting affected systems, isolating compromised accounts, or implementing security controls.
- Evaluate the impact: The team should assess the impact of the incident on the app and its users, including the potential loss of data or disruption of service.
- Communicate with affected parties: The team should notify relevant parties, such as affected users and regulatory authorities, about the incident as appropriate.
- Investigate the root cause: The team should investigate the root cause of the incident and determine steps to prevent similar incidents from occurring in the future.
- Review and update policies: The team should review and update relevant policies and procedures based on the lessons learned from the incident.
- In the event of a security incident, please contact the incident response team at [email protected] .
Get In Touch