NexusMedia OÜ (hereinafter - “we”, “us”, “NexusMedia”) is the Estonian company which provides different Shopify Apps to Users of shopify.com through a Software as a Service (SaaS) model.
Also our site does not sell your personal information to third parties. A “sale” of Personal Information under the CCPA is defined broadly to include the “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means” the Personal Information of a Consumer to another business or third party “for monetary or other valuable consideration.” If we decide to sell our website or App(s) (our business), we will inform you about this, so you can forbid us to transfer your personal data together with our business. If so, we will delete your data from the databases prior to a business transfer.
For the purposes of this policy, we define the term “Customer” as a person which have concluded the installation of any of NexusMedia Apps through shopify.com, the term “Customer’s Client” as any individual who interacts directly with Customer without interacting directly with us and the term “Visitor” as an individual who visits our website (https://nexusmedia-ua.com) and fills our contact form.
We adhere to the following principles in order to protect your privacy:
● principle of purposefulness - we process personal data fairly and in a transparent manner only for the achievement of determined and lawful objectives, and they shall not be processed in a manner not conforming to the objectives of data processing;
● principle of minimalism - we collect personal data only to the extent necessary for the achievement of determined purposes and do not keep personal data if it is no longer needed;
● principle of restricted use - we use personal data for other purposes only with the consent of the data subject or with the permission of a competent authority;
● principle of data quality - we update personal data shall be up-to-date, complete and necessary for the achievement of the purpose of data processing;
● principle of security - security measures shall be applied in order to protect personal data from unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures;
● principle of individual participation - the persons shall be notified of data collected concerning him or her, the persons shall be granted access to the data concerning him or her and the persons have the right to demand the correction of inaccurate or misleading data.
1. Data We Collect
1.1. Websites Visitors1.1.1. We may collect, record and analyze information of Visitors of our website. Cookies and widget are used by us and our partners (such as McAfee Secure, Intercom, Shopify, Comodo certification authority). We also use Google Analytics, MixPanel and Facebook Pixel for the purpose of analytics. Information collected by this way is stored no longer than 1 year.
1.1.2. We collect data through visits to the website including count of Visitors and visits, length of time spent on the website, pages clicked on or from where Visitors have come.
1.1.4. We collect name and e-mail address only in a case when Visitor wants to contact us and fills our contact form.
1.1.5. We use the collected data only to communicate with Visitors. If You do not want us to collect your data, please do not use our contact form and do not give your consent for it.
1.1.6. While processing Personal Data of our Visitors, we rely on your consent to the processing of your Personal Data for the purpose to communicate with you. When we share such information with our contractors (which may be located outside of the European Economic Area) in order to provide a requested answer or solution promptly and correctly, we also rely on your consent. We use such data in ways you would reasonably expect and which have a minimal privacy impact. You can withdraw your consents at any time by sending us one more email with your withdrawal and your Personal Data will be deleted in 72 hours.
1.1.7. Please be aware while visiting our site. Visitors can follow links to other sites that are beyond our sphere of influence. We are not responsible for the content or privacy policies of these other sites.
1.2.1. In order to provide services to our Customers we collect its personally identifiable information.
1.2.2. After concluded the installation of any of NexusMedia Apps at Shopify App store, Shopify provides us with information such as name, company name, email address, address and other relevant data. This information is used by us to identify the Customers and provide them with services, mailings, notification, support and marketing actions, and to meet other contractual obligations.
1.2.3. Data Usage from Google Account (OSync: Export Orders to Sheets app)
We request access to specific types of data for defined purposes:
- Email and Profile Information, OpenID: We access your primary Google Account email address and profile information (including any personal info you've made publicly available). This data is used solely for the purpose of identifying you as a client and to display which Google account is currently connected to our app within the admin panel user interface. It helps us ensure a seamless and personalized experience for you.
- Google Drive API Access: We request permission to access and manipulate specific Google Drive files through the ".../auth/drive.file" scope. This permission is crucial for our app to function as intended – it allows us to create and manage a Google Sheets document in your Google Drive. This document is used to store and organize details of your shop orders as per the app's settings. Be assured, our access is limited to only those files that are used within our app, and we do not have the capability to view, edit, or delete any other files in your Google Drive.
1.2.4. If you no longer wish to receive promotional emails, you may opt out of them by replying to one of such emails or send us an email with a request.
1.2.5. We are processing your Personal Data in order to fulfill contracts we might have with you for purposes to provide our services to you (including support, communication, marketing etc.). When we share such information with our contractors (which may be located outside of the European Economic Area) in order to provide high quality support services in emergency cases, we rely on your consent and your request to do so. Processing of Personal Data for marketing purpose is also relied on consent obtained from you. We use such data in ways you would reasonably expect and which have a minimal privacy impact.
1.2.6. You can withdraw your consents at any time by sending the email with your withdrawal and your Personal Data will be deleted in 48 hours.
1.3. Customer’s Clients
1.3.1. Customers may collect, store and process Personal Data of their own Clients via NexusMedia Apps on their websites. We have no direct relationship to the individuals whose Personal Data is processed in this case. Each Customer is responsible for providing a notice to its Clients and third persons concerning the purpose for which Customer collects their Personal Data and how this Personal Data is processed.
1.3.2. We may be a processor with respect to such Personal Data and act on behalf of Customer only in a case when Customer uses our certain Apps including EasyAuth, EasyOrder, Comments Plus. In this case we could process such Personal Data as email address (via EasyAuth App, Comments Plus App), name (Comments Plus App).
1.3.3. We may also process another sorts of Personal Data such phone number and billing information that you provide to our Customer in a form provided by EasyOrder. When a Customer's Client decides to use its personal account in social networks to register an account on Customer’s website via EasyAuth, we also process information (a social network authenticator) obtained from social networks for creation of the account on the Customer’s website.
1.3.4. We do not collect information from children under 13 years (“minors”). And we do not collect sensitive data. If we learn that we have Personal Data of a child under age 13, we will remove it. If you believe we have Personal Data about a child under the age of 13, please notify us. Moreover, We respect applicable legislation and understand how important it is to be transparent in providing Services. Please, be aware that our Service does not use targeted advertising using any kind of sensitive data or the data of minors according to the requirements of the Digital Services Act.
1.3.5. While processing Personal Data of our Customer’s Clients, we rely on our contract between us and our Client to the processing of Personal Data for purposes to provide our services to our Customer. We act for the benefit of our Customer as this processing is necessary for proper functioning of our App integrated in our Customer’s websites.
1.3.6. When we share such information with our contractors (which may be located outside of the European Economic Area) in order to provide high quality support services in emergency cases, we rely on Customer’s consent and Customer’s request to do so.
2. Сompliance with General Data Protection Regulation (GDPR), Estonian legislation and California Consumer Privacy Act (CCPA) and Brazil's General Data Protection Law (Lgpd (Lei Geral De Proteção De Dados))
2.1. For Visitors, Customers and Customer’s Clients located in the European Economic Area (EEA) privacy rights are granted and all processing of Personal Data is performed in accordance with regulations and rules following the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, known as the General Data Protection Regulation (GDPR), and the national legislation of the Republic of Estonia.
2.2. For Visitors, Customers and Customer’s Clients located in California all processing of Personal Data is performed in accordance with regulations and rules following the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. (“CCPA”)
2.3. For Visitors, Customers and Customer’s Clients located in Brazilia, all processing of Personal Data is performed in accordance with regulations and rules following the Lei Geral de Proteção de Dados (“LGPD”).
2.4. We process Personal Data both as a Processor and as a Controller, as defined in the GDPR:
● NexusMedia with whom you as a Customer has entered into an agreement when installing the Apps will be the Controller for Customer data as outlined above in “Customer” section.
● Also NexusMedia will be the Controller for Visitor data, as outlined above in “Visitor” section.
2.5. For Customer’s Client data, as outlined in the “Customer’s Client” section, the Customer will be the Controller in accordance with Directive and GDPR, and NexusMedia will be the Processor.
2.6. The processing and transfer of personal data is carried out in accordance with the requirements set out in the Personal Data Protection Act and Electronic Communications Act of the Republic of Estonia.
3. Data access, data correction, data deletion, data portability and withdrawal of the consent
3.1. Visitors and Customers can review, correct, update, delete or transfer their personally identifiable information. For that, contact us directly at email@example.com. We will acknowledge your request within seventy-two (72) hours and handle it promptly and as required by law.
3.1.1. Right to access. Any Visitors and Customers may contact us to get confirmation as to whether or not we are processing Customer’s/Visitor’s personal data. Where we do process Customer’s/Visitor’s personal data, we will inform Customer/Visitor of what categories of personal data we process regarding him/her, the processing purposes, the categories of recipients to whom personal data have been or will be disclosed and the envisaged storage period or criteria to determine that period.
3.1.2. Right to withdraw consent. In case our processing is based on a consent granted by the Customer/Visitor, the Customer/Visitor may withdraw the consent at any time by contacting us or by using the functionalities of our Services.You can withdraw your consents at any time by replying the email with your withdrawal and your Personal Data will be deleted in 48 hours. Withdrawing a consent may lead to fewer possibilities to use our Services.
3.1.3. Right to object. In case our processing is based on our legitimate interest to run, maintain and develop our business, any Customer/Visitor has the right to object at any time to our processing. We shall then no longer process Customer’s/Visitor’s personal data unless for the provision of our Services or if we
demonstrate other compelling legitimate grounds for our processing that override Customer’s/Visitor’s interests, rights and freedoms or for legal claims. Notwithstanding any consent granted beforehand for direct marketing purposes, any Customer/Visitor has the right to prohibit us from using his/her personal data for direct marketing purposes, by contacting us or by using the functionalities of the Services or unsubscribe possibilities in connection with our direct marketing messages.
3.1.4. Right to restriction of processing. Any Customer/Visitor has the right to obtain from us restriction of processing of Customer’s/Visitor’s personal data, as foreseen by applicable data protection law, e.g. to allow our verification of accuracy of personal data after Customer’s/Visitor’s contesting of accuracy or to prevent us from erasing personal data when personal data are no longer necessary for the purposes but still required for Customer’s/Visitor’s legal claims or when our processing is unlawful. Restriction of processing may lead to fewer possibilities to use our Services.
3.1.5. Right to data portability. Any Customer/Visitor has the right to receive Customer’s/Visitor’s personal data from us in a structured, commonly used and machine-readable format and to independently transmit those data to a third party, in case our processing is based on Customer’s/Visitor’s consent and carried out by automated means.
3.1.6. How to use these rights. To exercise any of the above mentioned rights, User should primarily use the functions offered by our Services. If such functions are however not sufficient for exercising such rights, Customer shall send us a letter or email to the address set out below under Contact, including the following information: name, address, phone number, email address and a copy of a valid proof of identity. We may request additional information necessary to confirm User’s identity. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.
3.2. You have the right to lodge a complaint with a supervisory authority if you think that we violate your rights. You could contact The Data Protection Inspectorate in Estonia via their website (http://www.aki.ee/).
3.3. If you are from California and dissatisfied with how we have used your personal information, you can complain to the Information Commissioner’s Office at firstname.lastname@example.org. Also You have the right to lodge a complaint with a supervisory authority if you think that we violate your rights. You could contact The California Department of Justice (Department) via their website (https://www.oag.ca.gov/privacy/caloppa/complaint-form/privacy-notice).
3.4. If you are from Brazil, you can also file a complaint with Brazil’s National Data Protection Authority (ANPD) through its official channels.
4. Data Retention
4.1. We will retain Personal Data for as long as you, as Customer, use our Apps or as you, as Visitor, are continue to communicate with our support team. Your information will be deleted if you did not communicate with the support team for more than 12 months.
4.2. Personal Data of Customer’s Clients will be deleted as soon as Customer stops to use our App. Any data collected for the purpose of analytics will be deleted in 12 months after being collected.
5. Information Security
5.1. We care to ensure the security of personal data. We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain technical, physical, and administrative security measures to provide reasonable protection for your Personal Data. When we or our contractors process Your information, we also make sure that your information is protected from unauthorized access, loss, manipulation, falsification, destruction or unauthorized disclosure. This is done through appropriate administrative, technical and physical measures.
5.2. We always use pseudonymisation as a method of securing the Personal Data we process as the Processor.
5.3. There is no 100% secure method of transmission over the Internet or method of electronic storage. Therefore, we cannot guarantee its absolute security.
5.4. We never process any kind of sensitive data and criminal offence data not as a Controller nor as a Processor. Also we never undertake profiling of personal data.
6.1. We work with third party service providers who provide website, application development, hosting, maintenance, and other services for us. They may be located outside of the EEA. These contractors may have access to, or process Personal Data on behalf of us as part of providing those services for us. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions.
6.2. We hereby guarantees that we have data processing agreements in place with our service providers, ensuring compliance with the GDPR and our
contracts with them requiring to maintain the confidentiality of such information. All data transfers inside and outside of the EEA are being done in accordance with these data processing agreements.
6.3. All data transfers are performed in accordance with the highest security regulations. Transfer of Personal Data to countries outside of the European Economic Area may be possible only in the case, when we have obtained your consent for it.
6.4. All data processed by us is stored exclusively in secure hosting facilities provided by DigitalOcean LLC (https://www.digitalocean.com) and located in The Kingdom of the Netherlands. DigitalOcean's infrastructure is secured through a defense-in-depth layered approach.
6.5. We use Dropbox (https://www.dropbox.com/) provided by Dropbox, Inc to keep back-ups of our data bases with Personal Data.
6.6. We use Cloudflare (https://www.cloudflare.com/) provided by Cloudflare, Inc for web optimization and security services that we use to improve and protect our website, including a reverse proxy, pass-through security service, and a content distribution network.
6.7. We use Trello (http://trello.com/) provided by Trello, Inc., Front (https://frontapp.com/) provided by frontapp.com, Inc. and Slack (https://slack.com/) provided by Slack Technologies, Inc to organize work inside our company, including with Personal Data.
6.8. We use a services provided by Mailgun Technologies, Inc. d/b/a MailGun (https://www.mailgun.com/) to send you our marketing and notifications emails and by Google LLC d/b/a Gmail (https://mail.google.com/) to communicate with you. This service processes your personal data such as email address and name which are provided by us.
6.9. For a complete list of contractors - contact us.
8. Acceptance of these Conditions
address you most recently provided to us or by prominently posting a notice on our Service. We encourage you to periodically check back and review this Policy so that you always will know what information we collect, how we use it, and with whom we share it.
10. Contact us!
10.1. We support the protection of intellectual property and ask the Customers to do the same. If you believe that one of our Customers infringes on your intellectual property rights, you can contact us using the ways provided below. We will take all reasonable steps to respond to all notices of alleged copyright infringement and cooperate with the Customer to clarify the situation and provide ways to settle it down. However, we cannot guarantee to have settled the dispute within a specific period of time.
10.2. If you have any questions, the practices of this Site, or your dealings with this website, please contact us at email@example.com or firstname.lastname@example.org. We understand how it is important to have the opportunity to get in touch with the Service. Please, feel free to use other ways of contacting us by filling out the contact form. Nevertheless, you can access the Help Center to find quick answers to the most common topics.
Harju maakond, Tallinn,
Sepapaja tn 6, 15551,
Republic of Estonia.