Privacy Policy - EdiEZ Shopify Integration

1. General Information

EdiEZ Online S.L. ("we", "our" or "EdiEZ") respects your privacy and is committed to protecting your personal data. This privacy policy describes how we collect, use and protect your information when you use our Shopify application for EDI integration.

Contact details:

2. Data We Collect

2.1 Shopify Store Data

  • Store information: Name, domain, basic configuration
  • Product data: SKUs, descriptions, EAN codes for matching
  • Order information: Details of orders created by EDI
  • Customer data: Only information included in EDI documents

2.2 EDI Data from Retailers

  • EDI documents: Purchase orders, confirmations, invoices
  • Commercial information: Order references, supplier codes
  • Logistics data: Delivery addresses, delivery dates
  • Financial information: Prices, discounts, payment terms

2.3 Technical Data

  • Integration logs: EDI processing records
  • Synchronization metadata: Timestamps, process states
  • Error information: For technical support and improvements

We process your data based on:

3.1 Contract Performance (Art. 6.1.b GDPR)

  • EDI order processing according to commercial agreement
  • Generation and sending of automatic EDI invoices
  • Synchronization with retailer systems

3.2 Legitimate Interest (Art. 6.1.f GDPR)

  • Service improvement and technical problem resolution
  • System performance analysis
  • Fraud prevention and malicious use prevention
  • Retention of commercial records according to Spanish regulations
  • Compliance with tax and accounting obligations

4. How We Use Your Data

4.1 EDI Processing

  • Automatic conversion of EDI documents into Shopify orders
  • Product matching using EAN codes and SKUs
  • Invoice generation from Shopify fulfillments
  • Bidirectional synchronization with retailer systems

4.2 Service Management

  • Technical support: Problem resolution and incident handling
  • Monitoring: Ensuring correct system operation
  • Improvements: Service optimization based on real use
  • Communication: Important service notifications

4.3 Commercial Compliance

  • Auditing: Transaction recording for traceability
  • Billing: Generation of invoices for our services
  • Reporting: Activity reports for commercial management

5. Data Sharing with Third Parties

5.1 Authorized Retailers

We share data only with retailers for which you are authorized:

  • LeroyMerlin Spain
  • El Corte InglΓ©s
  • Carrefour
  • Alcampo
  • Aldi
  • Other retailers according to specific authorization

5.2 Service Providers

  • Shopify Inc.: For integration functionality
  • Hosting services: For secure data storage
  • AS2 providers: For secure EDI transmission

We may disclose information when required by:

  • Spanish tax authorities
  • Valid court orders
  • Competent commercial regulators

6. International Transfers

6.1 Shopify (Canada/USA)

Data is processed on Shopify servers with appropriate safeguards:

  • Standard Contractual Clauses approved by EU
  • Security certifications ISO 27001
  • Data Processing Agreement with Shopify

6.2 Other Transfers

Any transfer outside the EEA is carried out with:

  • Adequacy decisions from European Commission
  • Appropriate safeguards according to GDPR Art. 46
  • Additional technical and organizational measures

7. Data Retention

7.1 EDI and Commercial Data

  • During commercial relationship: While maintaining active service
  • After service: 6 years (according to Spanish accounting regulations)
  • Audit data: 10 years for tax compliance

7.2 Technical Data

  • Operational logs: 12 months for technical support
  • Performance data: 24 months for service improvements
  • Error information: Until resolution + 6 months

7.3 Automatic Deletion

We implement automatic deletion when:

  • Retention period ends as established
  • Customer requests deletion (subject to legal obligations)
  • Data is not necessary for original purposes

8. Data Security

8.1 Technical Measures

  • Encryption in transit: TLS 1.3 for all communications
  • Encryption at rest: AES-256 for storage
  • AS2/X-400 protocol: EDI standards with digital signature and/or encryption
  • Restricted access: Multi-factor authentication and access control

8.2 Organizational Measures

  • Privacy training: For all technical staff
  • Regular audits: Of systems and security processes
  • Incident management: Breach response procedures
  • Confidentiality agreements: With all employees

9. Your Rights (GDPR)

9.1 Access and Control Rights

  • Access (Art. 15): Information about what data we process
  • Rectification (Art. 16): Correction of inaccurate data
  • Erasure (Art. 17): "Right to be forgotten" with legal limitations
  • Restriction (Art. 18): Restriction of processing

9.2 Portability and Objection Rights

  • Portability (Art. 20): Receive data in structured format
  • Objection (Art. 21): Object to processing by legitimate interest
  • Automated decisions (Art. 22): Not applicable to our service

9.3 Exercising Your Rights

How to Request

To exercise any GDPR right:

πŸ“§ Email: info@ediez.online:brπŸ“‹ Subject: "Exercise of GDPR rights - Type of right "

Required Information

Include in your request:

πŸ“ Identification Data:

  • Full company name
  • Company CIF/NIF
  • Authorized contact person
  • Shopify store domain (e.g.: mystore.myshopify.com)

πŸ“„ Documentation:

  • Copy of company CIF
  • Power of representation (if applicable)

πŸ“‹ Specific Request:

  • Type of right you wish to exercise
  • Specific data subject to the request
  • Reason for the request (optional but recommended)

Timelines and Process

⏱️ Response: 30 days from receipt of complete request
πŸ“‹ Verification: We will validate your identity before processing
πŸ“§ Confirmation: You will receive acknowledgment within 48 hours

Some rights may be limited by:

  • Tax and accounting obligations (6-10 years retention)
  • Legitimate interests of third parties (retailers)
  • Contractual compliance with authorized suppliers

10. Cookies and Tracking Technologies

10.1 Technical Cookies (Strictly Necessary)

  • Authentication: Maintain active session in Shopify
  • Configuration: EDI integration preferences
  • Security: CSRF protection and origin validation

10.2 Performance Cookies

  • Monitoring: Service availability
  • Optimization: Response and load times
  • Diagnostics: Proactive problem identification

Disable cookies:

  • Browser: Privacy settings
  • Impact: Limited application functionality
  • Support: Contact for alternative configuration

11. Minors

11.1 Age Restriction

  • Users: Only companies and professionals (18+ years)
  • B2B exclusive: We do not process end consumer data
  • Verification: Validation of business legal capacity

11.2 Additional Protection

If we detect minor data:

  • Immediate deletion of personal data
  • Notification to company representative
  • Process review to prevent recurrence

12. Transfers due to Change of Control

12.1 Mergers and Acquisitions

In case of sale, merger or restructuring:

  • Prior notification: 60 days in advance
  • Same guarantees: Acquirer will respect this policy
  • Right to object: You can request data deletion

12.2 Service Continuity

  • Responsible transfer: To company with adequate technical capacity
  • No interruption: Service maintenance during transition
  • New terms: Opportunity to review and accept

13. Modifications to this Policy

13.1 Updates

  • Notification: 30 days before material changes
  • Method: Email to registered address + notice in application
  • Detail: Clear summary of important modifications

13.2 Minor Changes

  • Technical: Corrections or clarifications without prior notice
  • Contact: Contact information updates
  • Legal: Adaptation to new applicable regulation

13.3 Version History

We maintain a record of previous versions available at:

πŸ“§ Request: info@ediez.online:brπŸ“‹ Subject: "Privacy Policy History"

14. Contact and Inquiries

14.1 Data Protection Officer

πŸ“§ Email: dpo@ediez.online:brπŸ“‹ Subject: "Data Protection Inquiry"

14.2 General Inquiries

πŸ“§ Email: info@ediez.online:brπŸ“ž Phone: +34 91 091 6556
🌐 Web: https://ediez.online

14.3 Supervisory Authorities

You have the right to file a complaint with:

πŸ›οΈ Spanish Data Protection Agency (AEPD)
πŸ“§ Email: consultas@aepd.es:br🌐 Web: https://www.aepd.es

14.4 Service Hours

  • Email: Response within 48 hours (business days)
  • Phone: Mon-Fri 9:00-18:00 (CET/CEST)
  • Emergencies: Only for serious security breaches

🏒 EdiEZ Online S.L. - EDI Integration Services