Formful Privacy policy. This page is ready

Formful Privacy policy

1. Introduction

Formful is committed to protecting and respecting your privacy. This data policy outlines how we collect, use, and safeguard personal data in line with the General Data Protection Regulation (GDPR).

2. Data Collection

We collect two primary types of data:

  1. Merchant Data: Pertains to the Shopify store owner or operator.
  2. Customer Data: Information provided by customers interacting with or submitting the form created using Formful.

3. Legal Basis for Processing

Data is processed based on:

  1. Consent: Where users have given explicit permission.
  2. Contractual Obligations: Necessary for the performance of a contract.
  3. Legitimate Interests: Where processing is in our legitimate interests and not overridden by data protection interests or fundamental rights and freedoms.

4. How We Use Data

  1. Merchant Data: For account creation, authentication, support, and related communication.
  2. Customer Data: Used for its intended purpose like fulfilling a request. We don't use this for promotions or sell to third parties.

5. Data Storage, Security, and Transfers

Data is stored on secure servers hosted by multiple providers:

  • Fly.io:
    Fly.io
    2261 Market Street #4990
    San Francisco, CA 94114
    United States
  • DigitalOcean:
    DigitalOcean, LLC
    101 Avenue of the Americas, 10th Floor
    New York, NY 10013
    United States
  • Google Cloud Storage: Used for storing submitted files.
    Google LLC
    1600 Amphitheatre Parkway
    Mountain View, CA 94043
    United States

We employ robust encryption and security measures. Transfers outside the European Economic Area (EEA) are protected by appropriate safeguards.

6. Data Sharing and Third Parties

We don't sell or lease data to third parties without explicit consent or unless legally required. Our service providers, including Fly.io, DigitalOcean, and Google Cloud Storage, adhere to GDPR standards.

7. Compliance with Google API Services User Data Policy

Formful use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

8. Data Retention

Data is retained as necessary for its intended purpose, legal or regulatory reasons. We periodically review stored data and remove unnecessary information.

9. Rights of Data Subjects

Under GDPR, individuals have:

  • Right of Access: To obtain a copy of their data.
  • Right to Rectification: Correcting inaccurate data.
  • Right to Erasure: Deletion of data ("right to be forgotten").
  • Right to Restrict Processing: Limiting how data is used.
  • Right to Data Portability: Obtain and reuse data.
  • Right to Object: Objecting to data use, including for direct marketing.
  • Rights related to Automated Decision Making and Profiling: Decisions made without human involvement.

10. Changes to this Policy

We may update this policy for operational, legal, or regulatory reasons. Users are encouraged to review periodically.

11. Contact and Complaints

For questions, to exercise your rights, or to complain, contact:

HerculesApps
Stefano Di Legami
Eduard-Heis-Str. 3
51061 Köln

Phone: +491794300756
E-mail: contact@herculesapps.com

Data subjects also have the right to lodge a complaint with a supervisory authority.