Start Free Trial
Start Free Trial

Privacy Notice

We care deeply about the privacy of our customers and partners. Therefore, we have invested a significant effort to study and implement controls and measures according to General Data Protection Regulation (GDPR) regulation which are described in this Privacy Notice.

We also process Personal Data in accordance with the spirit of the California Consumer Privacy Act of 2018 (CCPA) to achieve its primary goal of respecting consumers’ right to protect their personal data. Although we don’t even qualify as a company which has to comply with this regulation, stated requirements ring well with our own values, so we have implemented them.

This Privacy Notice describes the practices and purposes of personal data processing by ITissible (also “we”, “us”, “our”) acting as data controller in respect to App Users and / or representatives of App Users, Partners and / or representatives of Partners, Visitors and Candidates (each – “Data Subject”) as well as acting as data processor in respect to personal data of App User when providing Matrixify services. It also prescribes how Data Subject may exercise its rights.

Definitions

 

Term Explanation
ITissible ITissible, SIA – company incorporated under the laws of Latvia, with all its subcontractors. In GDPR terms – acting as data controller in respect to the processing of personal data of Data Subjects; acting as data processor in respect to the processing of personal data provided and owned by the App User when providing Matrixify  services.
Matrixify The Shopify app with its related websites and services, owned by ITissible.
The App The Matrixify app, called “Matrixify” on the Shopify AppStore.
Visitor A visitor of our web resources which may or may not be the app user.
App User A person who uses The App while it is installed on their Shopify store. In GDPR terms the App User is the Data Controller in respect to personal data it provides to Matrixify.
Partner Any service provider, subcontractor or affiliated partner or a 3rd party.
Candidates Persons/ applicants who are being considered for a job at ITissible or have expressed their interest in working at ITissible.
Data Subject Visitors, App Users and Partners or their representatives, Candidates.
Support Matrixify Support. Contact information can be found on the Contact Us page.
Shopify  E-commerce platform for online stores, available on: www.shopify.com 
Data Controller, Data Processor, Data Subject, Personal Data, Processing, Supervisory Authority and other terms not defined shall have the same meaning as in the GDPR.
The definitions of: Data Controller includes “Business”, Data Processor includes “Service Provider”, Data Subject includes “Consumer”, Personal Data includes “Personal Information”, in each case as defined under CCPA.

General Principles

  • We process only the data that is necessary for predetermined purposes such as to make The App function and be able to provide high-quality service.
  • The processing of personal data is carried out only if there is legitimate legal basis for it.
  • By respecting our client privacy, we do not track Visitors on an individual level without legitimate reasons to do so. Meaning – we keep only aggregated and anonymized visitor tracking on Google Analytics, and log of particular user actions inside The App for security reasons when the App User has identified itself by authenticating into The App through their Shopify Admin.
  • We don’t sell any personal data.
  • We don’t share any personal data to 3rd parties unless there is a legal basis for that, such as, if it is approved by the App User.
  • Where ITissible is acting as data controller, the Data Subjects have the right to know what specific personal data is processed about them and for what reason, which is also described in this document.
  • In situations stipulated by the applicable laws, the Data Subjects have certain rights in respect to their personal data processing, such as right to access information, right to rectification, right to object to the processing, right to be forgotten and others. Data Subjects may request the fulfilment of their rights by contacting the Support; however, please note that data subjects’ rights are not absolute, meaning, they can be fulfilled only in situations allowed by the applicable laws, such as the GDPR.

Data Subjects

We are processing or storing the personal data of the following parties:

  1. Web Page Visitors: visitors of the web pages and other resources related to Matrixify
  2. App Users: persons and Shopify stores that have installed The App, hosted on https://app.matrixify.app resource. Where the App User is a legal person, we are processing personal data of App User’s representatives.
  3. Partners: any 3rd parties like service providers or subcontractors. Where the Partner is a legal person, we are processing personal data of Patner’s representatives.
  4. Candidates: persons/ applicants who are being considered for a job at ITissible or have expressed their interest in working at ITissible.

The data itself which is being processed by The App as requested by App Users (e.g. Shopify Customers data or Orders data), cannot be considered as Data Subjects because ITissible doesn’t control the contents of that data and does not decide on the means of processing said data. This is strictly under the control of the App Users themselves who are considered as data controllers in this context.

Processed and Stored Data by each Data Subject and Resource

We process or store the following data about each of the Data Subject, for each resource:

Subject: Web Page Visitor

Resource: “Matrixify” App page on Shopify App Store

Stored / Processed Data Purpose Service Provider Legal Basis
Analytics tracking To analyze the traffic sources for usage statistics in an aggregated and anonymized way. Google Analytics Anonymised data processing does not require legal basis

Resource: https://matrixify.app web page

Stored / Processed Data Purpose Service Provider Legal Basis
Analytics tracking To analyze the traffic sources for informative usage statistics, including IP address geolocation data, browser, visited pages, and other data Google Analytics can track – in an aggregated and anonymized way. Google Analytics Anonymised data processing does not require legal basis
Contact data To subscribe to Matrixify newsletter MailChimp Consent

Resource: “Matrixify” App

Stored / Processed Data Purpose Service Provider Legal Basis
Analytics tracking To analyze the app usage and app loading speed to improve user experience. Google Analytics Anonymised data processing does not require legal basis
Analytics tracking
To improve app speed and quality. Sentry Anonymised data processing does not require legal basis

Resource: Support Channels

Stored / Processed Data Purpose Service Provider Legal Basis
Contact data and communication history To recognize an existing customer and continue a support conversation based on earlier history and context. Zendesk Legitimate interests to ensure seamless customer experience and to ensure communication with customers related to the service
Contact data and communication history To recognize an existing customer and continue a support conversation based on earlier history and context. Slack
Contact data and communication history To recognize an existing customer and continue a support conversation based on earlier history and context. Google Workspace

Subject: App User

Resource: Matrixify App

Stored / Processed Data Purpose Service Provider Legal Basis
Analytics tracking To analyze the aggregated usage statistics of The App – in an aggregated and anonymized way. Google Analytics Anonymised data processing does not require legal basis
Contact information To send periodic e-mails with news updates to e-mails who opted in for that. MailChimp Consent
Contact information and store information Shopify provides the statistics about the stores who installed The App and their payment history. Shopify Partner Account Legitimate interest to receive information about the use of our services.

Processing of payment data is necessary for the compliance with law.

Alerts about important events Notify about system monitoring events, installs, uninstalls, or any other significant events that might require immediate action or would allow improving service quality. Slack Legitimate interest to ensure security of service or improve service quality
Imported & exported data files Imported and exported data files are stored on Amazon AWS, US regions.

The app users need historical uploaded, imported, import results, and exported files for the purpose to review the history and use any of the historical files to analyze their actions or restore previously exported files – as a backup restore procedure.

Matrixify employees may look at the imported or exported file when solving an issue for the App User – when the App User raises an issue by contacting Support or proactively when our monitoring system issues an alert that App User has repeated problems with the specific import or export.

Amazon Web Services Based on data processing agreement (Art. 28 of the GDPR) concluded with the App User.
App User e-mails, settings, import/export job history To show to the App User their own import and export job history. E-mails – to be able to send the e-mail notifications, which are configured in the Settings inside The App. Amazon Web Services Legitimate interest to provide status of requested services to the customer
E-mail correspondence To exchange e-mail messages. Google Gmail for Business Legitimate interest to ensure communication with customer
Technical data as IP addresses  To ensure security of the App and to detect and address technical issues. N/A Legitimate interest to protect the integrity and security of the App

Subject: Partner

Stored / Processed Data Purpose Service Provider Legal Basis
E-mail correspondence To exchange e-mail messages. Google Gmail for Business Legitimate interest to carry out agreement concluded with the Partner and to ensure communication with the Partner. Where the Partner is a natural person (data subject), the legal basis for personal data processing is to conclude and carry out the agreement concluded with the Data Subject.
Contact information, names and positions of representatives Be able to contact the partner and recognize them when received contact from them. Google Drive
Payment transactions Send and receive payments to and from Partners. PayPal
Accounting Do financial accounting according to Latvia legislation and accounting standards. AAT Finance Processing required by law

Subject: Candidate

Stored / Processed Data Purpose Service Provider Legal Basis
Name, surname, contact information Be able to contact the Candidate Legitimate interest to evaluate the provided information, organize the interview process and provide evidence that substantiates the legal course of the recruitment process.
E-mail correspondence To exchange e-mail messages. Google Gmail for Business
Work experience, education, other CV information, test results, etc. To evaluate Candidate’s suitability for the open employment position

 

Sharing Data With 3rd Parties

We may share Data Subjects’ personal data with persons who are authorized by us and to our cooperation partners, which help us to ensure our services and may also act as our data processors, such as IT service providers (including, but not limited to e-mail service providers, website maintenance services, Artificial Intelligence service providers, server providers or maintainers, etc), marketing service providers, payments service providers and others.

Additionally, we may share Data Subjects’ personal data in following situations:

  1. After receiving a substantiated request in accordance with procedures of applicable law, we may share Data Subjects’ personal data to persons authorized by law (e.g., investigation authorities).
  2. When necessary to protect our legal interests (e.g., when a person is infringing our interests) we may share the personal data with courts, bailiffs or other relevant state institutions.
  3. If necessary, to our partners such as auditors, lawyers and other specialists or consultants, financial institutions, insurers; also, on a need to know basis, personal data may be shared with our shareholders, financiers and potential buyers of our business or part of it.
  4. To payment service providers to the extent necessary to make or receive payments.
  5. To other ITissible group companies for administrative purposes.

We employ Artificial Intelligence (AI) tools to provide support services when App User, Visitor or any other person contacts our support team through Matrixify Support Channels. The AI is trained and designed to assist and enhance user experiences by generating and providing rapid responses to questions related to our services. For its purposes (incl. for training purposes), the AI collects, processes and analyses content sent through the Support Channels. We are employing the best practices to anonymize any Personal Identifiable Information (PII) and not sharing that data to AI service providers. Where the processing of personal data takes place, it is based on our legitimate interests to ensure seamless customer experience by providing automated and rapid replies to support questions, to ensure swift communication with customers related to the service, and to improve further support services.
If App User, Visitor or any other person do not wish for the AI tool to process its support inquiry, we can be contacted through alternative channel – by sending e-mail to [email protected], which will be processed by human Support Agent and the chain to prepare the response will not involve passing any data to AI Service Provider in any step. However, the responses may take longer as they will be handled by the Matrixify team which is of a limited capacity.

We will not share Data Subjects’ personal data with third parties if there will not be a legitimate purpose and legal basis for that.

In certain situations when we are cooperating with third parties (e.g., by using financial service providers) in addition to this Privacy Notice, the privacy policies of respective third parties may also be applicable to Data Subjects’ personal data processing. We are encouraging Data Subjects to familiarize with respective privacy policies. However, we do not take any liability for their content.

Data Access Boundaries

The data of one App User or the Shopify store is not shared with another App User or the Shopify store.

The App functions within the boundaries of one store where it is installed.

The App of one store can import the data from the other Shopify store when the App User deliberately uses the exported data file from one store and imports it into the other. The App access to the Shopify store data is always initiated, configured or scheduled by the App User.

Retention of Data

The personal data of Data Subjects will be retained only for as long as necessary for the purposes set out in this Privacy Notice unless there is a requirement to continue processing of personal data for a longer period of time in accordance with applicable laws, for example for accounting purposes. Personal data shall also be retained for the period of applicable statute of limitation for the protection of our legal interests against potential claims.

App User’s and Partners data related to the provided or received services may be retained for up to 10 years from the end of the year in which the service has been received / provided for our accounting purposes or longer if required for the protection against potential claims.

Customer support data may be retained for up to 5 years or until required for the protection against potential claims.

All imported and exported data history files processed by the App as requested by App Users are deleted automatically within the one month from the moment the App is uninstalled or from the moment the App User requests the deletion of respective data. The respective data is stored for one month in order for the ITissible to be able to exercise a defense against possible legal claims on the functionality of the App. Where the claim is raised, the necessary data will be stored and processed until the claim is resolved.

The personal data of Candidates may be retained for up to six months after the respective selection for vacancy has been concluded. In case Candidate has provided its consent to store and process Candidate’s personal data for any future vacancies, we may process personal data for up to 2 years.

Where Data Subject has provided its consent for personal data processing or has requested the fulfilment of data subject’s rights, such request and related information (incl. the provided answers) may be retained for up to 5 years.

Data Security

Matrixify implements and is continuously improving reasonable measures to protect data that is processed or stored.

Communication between the Matrixify App, Shopify API, Matrixify Website and Visitors are encrypted using SSL certificates.

The App infrastructure is protected with strong and unique passwords, where possible – using the Public Key Infrastructure solutions.

Access to employee workstations is protected with strong passwords or in some cases with fingerprint readers.

Destroyed data is not recoverable.

In an incident when a data breach has happened despite the efforts to prevent that, ITissible will inform all affected Data Subjects about the fact of such an incident and about the content of what particular data was compromised, if such breach is likely to result in high risk to the rights and freedoms to the data subject. Information will be sent no later than 72 hours after the data breach has been detected.

Personal Data Transfer Outside EU/EEA

Some of our cooperation partners are located outside the European Economic Area, thus Data Subjects’ personal data may also be processed outside the European Economic Area member states (in third countries). 

The transfer of personal data to third countries will be subject to appropriate safeguards (such as standard data protection clauses adopted by the European Commission, Business Corporate Rules or adequacy decisions adopted by the European Commission). For more information about the applied safeguards and where to obtain copies of them (if any) please see below or contact our Support.

Service Providers: Subprocessors and Subcontractors

List of all the Service Providers, Subprocessors, and Subcontractors and applicable safeguards where personal data may be transferred to a third country (outside European Economic Area). 

Listed Service names are used above in this document to refer to entries in this table.

 

Service Company Name Country Applicable safeguards for transfers to 3rd countries
Google Analytics Google LLC US Data Processing Addendum.

Standard Contractual Clauses.

Google Drive Google LLC US Data Processing Addendum.

Standard Contractual Clauses.

Google Gmail for Business Google LLC US Data Processing Addendum.

Standard Contractual Clauses.

Google Cloud Google LLC US Data Processing Addendum.

Standard Contractual Clauses.

Zendesk Zendesk, Inc US Data Processing Addendum with Standard Contractual Clauses.
Slack Slack Technologies, Inc. US Data Processing Addendum.

Standard Contractual Clauses.

OpenAI OpenAI LLC US Data Processing Addendum with Standard Contractual Clauses.
MailChimp The Rocket Science Group LLC d/b/a MailChimp US Data Processing Addendum with Standard Contractual Clauses.
Shopify Partner Account Shopify, Inc. CA Privacy Policy.

European Commission’s Adequacy decision.

Amazon Web Services Amazon.com, Inc. US Data Processing Addendum with Standard Contractual Clauses.
Foqal Agent Foqal, Inc. US Data Processing Addendum with Standard Contractual Clauses.
PayPal Paypal Europe Services Ltd. IE N/A
Accounting SIA “AAT Finance” LV N/A
IT Consulting SIA “TechFlint” LV N/A
IT Consulting SIA “Tannenbaum” LV N/A

When ITissible is processing personal data acting as data processor in the context of providing the Matrixify service to the App User, the ITissible is using following service providers who will be acting as personal data subprocessors in relation to the App User: Amazon Web Services. For the use of respective subprocessors, the App User has provided his general consent within the Data Processing Addendum.

Please know that for the provision of Matrixify service the ITissible will receive personal data from and / or provide personal data to the Shopify platform.

E-mail and Mass Mailing

By installing The App or contacting ITissible team, the Data Subject will receive the following e-mails from ITissible:

  1. Replies to Data Subject’s e-mail messages.
  2. Proactive personal e-mails to Data Subject when the feature or fix which was requested by the Data Subject, is implemented – with the goal to inform privately that this feature is ready and the promise made by ITissible was delivered.

Automated and mass mailing is sent to Data Subjects only according to the following opt-in or opt-out principle:

  1. Opt-out (assume consent to receive by default – based on legitimate interest to inform App Users about the status of requested jobs, thus ensuring the security): Automated e-mail messages about the events within The App, like started, failed or finished jobs.
    App Users can change those settings in The AppSettings” section, or unsubscribe by clicking on the “Unsubscribe” link in any of the received e-mails, or by asking Support.
  2. Opt-in (don’t assume consent by default): Periodic e-mail of the overall Matrixify newest features and general updates. That e-mail is sent not more frequently than once per month.
    Subscribers can unsubscribe from those e-mails by pressing the “Unsubscribe” link in any of the received e-mails.

 

Subject Rights

In accordance with the GDPR, Data Subjects have certain rights in respect to their personal data processing. In situations stipulated by the GDPR, Data Subjects have the following rights:

Right To Access

When building the Matrixify, the architecture is designed with self-service as one of the main values. That means that most of the Data Subject’s data is accessible in a self-service way by the Data Subject themselves. If there is still a part of data that the Data Subject needs access to, and which is not accessible by the self-service, the Data Subject can request this data from the Support.

Right to Erasure

Every Data Subject has the right to remove their data from any of the ITissible controlled resources, as far as it is allowed by legal or accounting limitations. Any personal data can be removed by sending a request to the Support. Data will be removed as far as acceptable by the legal, accounting and security requirements.

All imported and exported data history files are deleted automatically when The App is uninstalled.

Right to rectification

Every Data Subject has the right to correct any inaccurate personal data concerning him. Data Subject can correct his personal data in the App or by contacting Support.

Right to restriction of processing

Every Data Subject has the right to require us to stop the processing of its personal data other than for the purposes of the storage. However, please know that we may continue to process Data Subject’s personal data where there is legitimate purpose for us to do so.

Right to data portability

In situations provided by the applicable law, the Data Subject has a right to request that its personal data is provided in a structured, commonly used and machine-readable format. Data Subject also has a right to request that we transfer that personal data to the other party, where it is feasible.

Right to object

Where personal data is processed based on our legitimate interests, Data Subject has a right to object to its personal data processing.  At any time, Data Subject may object to the processing of its personal data for direct marketing purposes.

Where the Data Subject’s personal data is processed based on the Data Subject’s consent the Data Subject may withdraw its consent. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

 

If not otherwise indicated in this Privacy Notice, to request the fulfilment of data subject’s rights, please contact us via Support. Please note that for the fulfilment of data subject’s rights, we may be required to process additional personal data and may request Data Subject’s identification. For persons, whose personal data are processed by the App User through the App, please contact the App User for the fulfilment of your data subject’s rights.

In situations when Data Subject is not satisfied with our data processing activities, Data Subject always have a right to submit a complaint to Latvian Data State Inspectorate (e-mail: [email protected]; website: www.dvi.gov.lv) or Data Subject’s national data protection authority (contact details of national data protection authorities may be found in the following website: https://edpb.europa.eu/about-edpb/board/members_en). 

Jurisdiction and Contact Information

Matrixify is the product of ITissible, SIA which is the limited liability company registered in Latvia with registration number 50103772541.

Any dispute arising from this Privacy Notice shall be subject to the exclusive jurisdiction of the competent courts of Latvia. The governing law is the legislation of Latvia.

Changes

ITissible retains the right to change and update this document occasionally, and review it at least once per year. If you continue using The App, then you also agree to comply with all the further versions of this document.

Effective: May 25, 2018

Last update: September 20, 2023