Spocket Privacy Policy
Spocket, Inc. ("Spocket"/"we"/"us"/"our") is committed to protecting your privacy. We make the website located at www.spocket.co (" Website"), the Spocket application available on Shopify, WooCommerce and other providers (the "Spocket App"), available together with the Spocket services (“Services”). As you use our Services, we want you to be clear how we’re using information and the ways in which you can protect your privacy.
Our Privacy Policy explains:
● What information we collect and why we collect it.
● How we use that information and when we disclose it.
● How to access and update your personal information.
Your privacy matters to us so please take the time to familiarize yourself with our policies, and if you have any questions please contact us at support@spocket.co.
Important Information and Who we are
Purpose of this Privacy Policy
This Privacy Policy aims to inform you how Spocket collects and processes your personal information through your use of our Website, Mobile App, and Services. This includes information you may provide when: signing up for a demo of our Services, creating an account and profile with us, purchasing or using our Services, submitting status updates, searching for our Website or App, using our App, subscribing to our email alerts, contacting our customer service, participating in surveys, public forums, or chats, or responding to requests for suggestions or other content.
Children Under 16
Our Website, App, and Services are not intended for children under 16 years of age. No one under the age of 16 may provide any information through our platforms. We do not knowingly collect personal information from children under 16. If you are under 16, do not use or provide any personal information, including your name, address, telephone number, email address, or any screen name or username. If we discover that we have collected personal data from a child under 16 without verified parental consent, we will delete the information. If you believe this has occurred, please contact us.
Please Read This Privacy Policy Carefully
It’s important that you read this Privacy Policy together with any other privacy notice or fair processing notice we may provide on specific occasions. These documents work in conjunction to ensure you understand how and why we use your personal information. This policy is meant to supplement, not override, other notices.
Controller or Processor
Spocket is the data controller when we hold personal information as a result of your use of our Services. Spocket is a data processor when we hold personal information uploaded by customers through their use of our platform. In such cases, this Privacy Policy does not apply to that information.
Contact Details
If you have questions about this Privacy Policy or wish to exercise your legal rights, please contact us:
Spocket Inc.
Email: Support@spocket.co
Postal Address: 555 Burrard St, Vancouver, BC V7X 1L4
If you are located in the European Union, you have the right to lodge a complaint with your local supervisory authority. However, we’d appreciate the chance to resolve your concerns directly first — please reach out to us at the email above.
Changes to this Privacy Policy
Last updated: July 6, 2020
We reserve the right to change this Privacy Policy at any time. Updates will be posted on our Website and linked in the App. The revision date will always reflect the latest version. Please ensure the personal information we hold about you is accurate and up to date. Let us know of any changes during your relationship with us.
Third-Party Links
Our Website or App may include links to third-party websites, plug-ins, and applications. Clicking these links or enabling these features may allow third parties to collect or share your data. We do not control third-party sites and are not responsible for their privacy policies. We strongly recommend reading the privacy notice of every external site you visit.
The Information We Collect About You
Personal Data We Collect
Personal data (or personal information) refers to any information about an identifiable individual who can be directly or indirectly identified. This does not include data that cannot be linked to a specific person (anonymous data).
We may collect, use, store, and transfer various types of personal data, grouped as follows:
Identity Data – first name, last name, username, or similar identifier.
Contact Data – billing address, delivery address, email address, and telephone numbers.
Financial Data – payment card details.
Transaction Data – details about payments to and from you and information about services you’ve purchased from us.
Technical Data – IP address, mobile device unique ID, login data, browser type and version, time zone and location, browser plug-in types and versions, operating system and platform, and other technology on devices used to access our Website or App.
Profile Data – username and password, your purchases and orders, location, preferences, feedback, and survey responses.
Usage Data – how you use our Website, App, and services, including buttons clicked, pages visited, time spent, search queries, visit timestamps, products tracked, usage frequency, and other related activity.
Marketing and Communications Data – your preferences for receiving marketing from us and third parties, and your communication preferences.
Aggregated Data
We also collect, use, and share Aggregated Data—such as statistical or demographic data—for any purpose. While it may be derived from your personal data, Aggregated Data is not considered personal by law if it does not directly or indirectly reveal your identity.
Example: We might aggregate your Usage Data to understand what percentage of users use a specific feature. However, if Aggregated Data is linked to your personal data in a way that identifies you, we will treat it as personal data under this Privacy Policy.
Sensitive Data
We do not collect any Special Categories of Personal Data, such as:
- Racial or ethnic origin
- Religious or philosophical beliefs
- Sexual orientation or activity
- Political opinions
- Trade union membership
- Health information
- Genetic or biometric data
We also do not collect data related to criminal convictions or offences.
If You Fail to Provide Personal Data
In cases where we need to collect personal information by law or under a contract with you, and you fail to provide it when requested, we may be unable to fulfill the contract (e.g., providing services). If this occurs, we will notify you at the time and explain any consequences, including possible cancellation of services.
How Personal Information is Collected
We use a variety of methods to collect data from and about individuals, including:
1. Direct interactions by you
You may provide us with Identity, Contact, and Financial Data by filling in forms, linking your Shopify account, or communicating with us via post, phone, email, or other means. This includes personal data you provide or allow us to access when you:
- Sign up for a demo of our services
- Create an account and profile with us
- Purchase one of our services
- Subscribe to our email alerts
- Complete one of our online forms to receive reports or case studies
- Download or otherwise access our e-books, magazines, or videos
- Contact our customer service team
- Request marketing communications
- Provide feedback
2. Automated technologies or interactions
As you interact with our Website or App, we may automatically collect Technical Data about your device, browsing behavior, and usage patterns. We collect this personal data using cookies, server logs, and similar technologies.
Additionally, we may receive Technical and Usage Data if you visit other websites that use our cookies.
3. Third parties or publicly available sources
We may receive personal data about you from third parties and public sources, such as:
- Technical Data from:
- Analytics providers (e.g., Google Analytics) based outside the EU
- Search information providers (e.g., Google) based inside or outside the EU
- Contact, Financial, and Transaction Data from:
- Technical, payment, and delivery service providers (e.g., Stripe) based outside the EU
- Identity and Contact Data from:
- Our partners, data brokers, or aggregators based inside or outside the EU
- Publicly available sources such as LinkedIn, Instagram, and other social media platforms based outside the EU
How We Use Your Personal Information
Purpose of This Privacy Policy
We will only use your personal information when the law allows us to. Most commonly, this will be in the following circumstances:
- When we need to perform the contract we are about to enter into or have entered into with you
- When it is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests
- When we need to comply with a legal or regulatory obligation
Legal Bases for Processing Your Personal Information
The types of lawful basis we may rely on to process your personal data include:
- Legitimate Interest: Our interest in operating and improving our business, delivering services, and ensuring security. We always assess potential impact on your rights before doing so
- Performance of Contract: When data is needed to fulfill a contract with you or to take steps before entering into a contract
- Legal or Regulatory Obligation: When processing is necessary for compliance with legal requirements
- Consent: You have explicitly agreed. This is mainly for third-party marketing. You may withdraw consent at any time
Purposes for Which We Use Your Personal Information
Here are the main purposes and legal bases for using your personal information:
- To register you as a new customer
- Legal basis: Performance of a contract
- To allow you to use our services
- Legal basis: Performance of a contract
- To process and deliver your order (manage payments, fees, collect owed money)
- Legal basis: Performance of a contract and our legitimate interests (e.g. recovering debts)
- To manage our relationship with you (notify about changes, request feedback)
- Legal basis: Performance of a contract, legal obligation, and our legitimate interests (e.g. keeping records up to date)
- To enable participation in surveys, competitions, or promotions
- Legal basis: Performance of a contract and our legitimate interests (e.g. to improve services)
- To administer and protect our business and platforms (troubleshooting, support, fraud prevention)
- Legal basis: Legitimate interests (e.g. IT security, business operation) and legal obligations
- To improve our websites, services, and customer experiences through data analytics
- Legal basis: Legitimate interests (e.g. defining audience types, improving performance)
- To make suggestions and recommendations about services that may interest you
- Legal basis: Legitimate interests (e.g. business growth) or consent
Marketing
We provide choices regarding how your personal data is used in marketing and advertising.
- Promotional Offers: We may use your data to assess your needs and send offers if you’ve shown interest, purchased services, or engaged with us, unless you’ve opted out
- Third-Party Marketing: We will get your express opt-in consent before sharing your information with other companies for marketing purposes
- Opting Out: You can opt out of marketing messages from us or third parties at any time by contacting us. This does not apply to service-related communications
Cookies (Website Only)
You can set your browser to refuse or alert you to cookies. Disabling cookies may affect site performance
Change of Purpose
We will only use your data for the reason it was collected, unless another reason is compatible. If we need to use your data for a different purpose, we will notify you and explain the legal basis
In some cases, we may process your data without your consent if required or permitted by law
If you have questions, please contact Support@spocket.co
Disclosures of Your Personal Information by Us Outside of the Service
We may need to share your personal information with the parties set out below, for the purposes outlined in paragraph 4 above.
Third Party Categories:
- Service Providers: These are companies that provide IT and system administration services.
- Social Networking Sites: If you have linked your account to a social media profile, we may share your data with these sites.
- Professional Advisers: Lawyers, bankers, auditors, and insurers based in Canada and the United States who provide consultancy, banking, legal, insurance, and accounting services.
- Regulators and Government Authorities: These may include authorities in Canada, the United States, and the EEA who require reporting of processing activities in certain circumstances.
- Business Transfers: Third parties to whom we may sell, transfer, or merge parts of our business or assets. If this happens, the new owners may use your personal information in the same way as described in this Privacy Policy.
We require all third parties to respect the security of your personal information and handle it according to the law. We do not allow third-party service providers to use your personal information for their own purposes and only permit them to process it for specified purposes in accordance with our instructions.
International Transfers
We share your personal information within our company and with third-party service providers, such as Amazon Web Services and other providers. This may involve transferring your information internationally. For example, if you are based in the European Union, your data may be transferred outside the European Economic Area (EEA).
Many of our external third-party service providers are also based outside the EEA. As a result, their processing of your personal information may involve a transfer of data outside the EEA.
If you are based in the European Union, whenever we transfer your personal information out of the EEA, we ensure that appropriate safeguards are in place to protect your data and ensure a similar level of protection.
Please contact us if you would like more information about the specific mechanisms we use when transferring your personal data outside the EEA.
Data Security
We have implemented appropriate security measures to prevent your personal information from being accidentally lost, used, accessed in an unauthorized way, altered, or disclosed. In addition, we restrict access to your personal information to those employees, agents, contractors, and other third parties who have a business need to know. These individuals will only process your personal information according to our instructions and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected personal data breaches. If a breach occurs, we will notify you and any applicable regulator if we are legally required to do so.
Data Retention
How long will you use my personal information for?
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your personal information, and whether those purposes can be achieved through other means, as well as the applicable legal requirements.
By law, we are required to keep basic information about our customers (including Contact, Identity, Financial, and Transaction Data) for six years after they cease being customers, for tax and other legally required purposes.
In some circumstances, you can ask us to delete your information. See the “Request erasure” section below for more information.
In certain cases, we may anonymize your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Your Legal Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal information. These rights may include:
- Request access to your personal information (also known as a “data subject access request”), allowing you to receive a copy of the personal information we hold about you and verify that we are lawfully processing it.
- Request correction of the personal information we hold about you, allowing you to correct any incomplete or inaccurate data. We may need to verify the accuracy of the new data you provide.
- Request erasure of your personal information, allowing you to ask us to delete or remove personal information where there is no valid reason for us to continue processing it. This right also applies where you have objected to processing, where we have processed the information unlawfully, or where we are required to erase it to comply with law. Note: we may not always be able to comply with erasure requests for legal reasons, which we will notify you about if applicable.
- Object to processing of your personal information where we rely on legitimate interests (ours or a third party’s) and your situation gives you reason to object as it affects your fundamental rights and freedoms. You also have the right to object to processing for direct marketing purposes. In some cases, we may show compelling legitimate grounds to continue processing despite your objection.
- Request restriction of processing of your personal information. You can ask us to suspend processing in these scenarios:
- You want us to verify the data’s accuracy.
- The processing is unlawful but you do not want us to erase the data.
- You need us to retain the data even if we no longer require it, for legal claims.
- You have objected to our use of your data but we need to verify if we have legitimate overriding grounds.
- Request transfer of your personal information to you or to a third party in a structured, commonly used, machine-readable format. This applies only to automated data where you gave consent or used the data for a contract.
- Withdraw consent at any time if we are relying on your consent to process your personal information. This will not affect processing carried out before the withdrawal. It may mean we cannot provide certain services; we will inform you if this is the case.
If you wish to exercise any of these rights, please contact us using the contact details provided.
No Fee Usually Required
You will not need to pay a fee to access your personal information or exercise your rights. However, we may charge a reasonable fee or refuse to comply if your request is unfounded, repetitive, or excessive.
What We May Need From You
We may ask for specific information to confirm your identity and your right to access the personal information. This is to ensure it is not disclosed to anyone without authorization. We may also contact you for additional information to help us respond faster.
Time Limit to Respond
We aim to respond to all legitimate requests within one month. If the request is complex or you’ve made multiple requests, it may take longer. We will inform you and keep you updated in such cases.
Effective Date: July 6th, 2020