Happy Birthday is an application that is operated under licence by Union Works Ltd.
The Happy Birthday app is committed to protecting your privacy and we adhere to the General Data Protection Regulation.
For the purpose of the Data Protection Act 1998 (the “Act”) and GDPR the data controller is Union Works Ltd. Our registered office is at 86-90 Paul Street, London, EC2A 4NE. Our company registration number is 10900591.
For more specific GDPR information and to generate a Data Processing Agreement between your store and Union Works, please see the following article: GDPR
Overview of the app
- Personal information the app collects
- Collection of customer personal data
- Processing the personal data
- How do we use a Merchant's personal information?
- Sharing your customers personal information
- Change of business ownership
- Legal requests
- Your rights
- Data retention
- Contact us
Personal information the app collects
When you install the App, we are automatically access and store the following information from your Shopify store and the associated main contact account:
- Shopify Store URL (both the .myshopify.com URL and your custom URL if set)
- First name
- Last name
- Store timezone
- Store currency setting
- Store Shopify plan
- Store admin email address
- Preferred email address - we will ask you to set a preferred email address that we can use to send you app related information.
Customer protected data
We collect the following types of personal information from your customers when they join your Birthday Club:
- Shopify Customer ID
- First Name
- Last Name
- Email Address
- Mobile Phone Number
- Date of Birth
- Discount Code used
- Order Total
- Order Subtotal
- Discount Amount
We do not collect any other personal information directly or indirectly from your customers.
Collection of customer personal data
Most of the customer data that we collect is submitted via one of the Birthday Sign-up Forms that appear on the Merchant's Shopify store. It can, however, be added manually by a Merchant importing lists of customers into the App, or through manual addition within the App's user interface one at a time.
We also have integrations with 3rd party service providers that, if enabled, will send us the personal data of a customer for the purpose of joining the Merchant's Birthday Club.
The following integrations are available and once enabled, they are able to send us customer protected data:
Shopify script tags
We inject Shopify script tags into the Merchant's storefront to determine when to show the Happy Birthday Sign-up Form. We occasionally modify these script tags.
Processing the personal data
We only process the customer personal data for the purpose of delivering the Service. We require the following scopes of access in order to run and report on that campaign:
To collect the data, we request access to certain scopes so that we can read and write data to and from customers and orders
- Read and write orders - we use this to find out if a birthday discount code has been used for reporting on campaign conversions. We also have an option to tag an order with the customer's birthdate.
- Read and write customers - We use this to find out if the person that joined your Birthday Club is also a Customer in your Shopify store. We also have an option to tag a Shopify customer record with the customer's birthdate.
Orders/created Webhook - When a new order is placed on the Merchant store, we look to see if one of our Birthday Discounts has been used. If it has, we store details about the order amount and the value of the discount code.
How do we use a Merchant's personal information?
- To communicate with the Merchant to optimize or improve the App;
- To communicate with the Merchant to announce new features
- To communicate with the Merchant when a plan upgrade is required to ensure continuity of the Service.
- To provide the Merchant with information or advertising relating to our other products or services.
How do we use your customers personal information?
We use the personal information we collect from your customers to send them a Birthday email once per calendar year and to provide you with a campaign overview within the UI of the App.
Sharing your customers personal information
Some of the customer personal data collected is shared with third party service providers and our business partners.
We use GSuite by Google. All email we receive passes through Google Mail, and all data associated with email such as your email address and any headers are stored by Google. In addition we use Google Drive to store spreadsheets and other documents which may include your name and email address. We use Google Analytics for our marketing website https://unionworks.co.uk
Emails sent to firstname.lastname@example.org or email@example.com is stored in Zendesk, an email support platform. They store all data associated with email sent to this address, such as your email address and any headers.
We use Mailgun to send transactional email to customers (the birthday email). To do this, we provide them with the email address of the customer whenever a Birthday email is sent.
AWS - Amazon Web Services
We use AWS EC2 to power our virtual cloud computing environment.
We use AWS RDS to provide the database service for the App.
We use AWS Cloudwatch to monitor the AWS resources used to run the App.
We use AWS Simple Queue Service (SQS) to send, store, and receive messages between the software components of the App.
We use AWS S3 service to store images uploaded to the App and to backup the App database. The App database contains your store's App specific settings and tables containing customer details.
We use user.com as a CRM tool to provide an onboarding sequence of emails when the App is first installed. It is also used to let Merchant's know when they need to upgrade and to inform them of any new features related to the App.
We use the Oh Dear service to provide uptime and performance monitoring of the App and status pages.
We use Understand.io for error tracking and log management for the App.
If any of the following integrations are enabled within the App by the Merchant, we are able to send customer protected data to that service:
Change of business ownership
Personal information may also be shared with a company that acquires our business, whether through merger, acquisition, bankruptcy, dissolution, reorganization, or other similar transaction or proceeding. If this happens, we will post a notice on our home page.
Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.
Additionally, if you are a European resident we note that we are processing your information in order to fulfill contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When deciding what the correct time is to keep the data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.
For tax purposes the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at: firstname.lastname@example.org or by mail using the details provided below:
DATA PROTECTION OFFICER
Union Works Ltd.
86-90 Paul Street