Privacy Policy - EdiEZ Shopify Integration
1. General Information
EdiEZ Online S.L. ("we", "our" or "EdiEZ") respects your privacy and is committed to protecting your personal data. This privacy policy describes how we collect, use and protect your information when you use our Shopify application for EDI integration.
Contact details:
- Company: EdiEZ Online S.L.
- Email: info@ediez.online
- Web: https://ediez.online
- Address: C/ BahΓa de Alcudia 13, en 28042 Madrid, Spain
2. Data We Collect
2.1 Shopify Store Data
- Store information: Name, domain, basic configuration
- Product data: SKUs, descriptions, EAN codes for matching
- Order information: Details of orders created by EDI
- Customer data: Only information included in EDI documents
2.2 EDI Data from Retailers
- EDI documents: Purchase orders, confirmations, invoices
- Commercial information: Order references, supplier codes
- Logistics data: Delivery addresses, delivery dates
- Financial information: Prices, discounts, payment terms
2.3 Technical Data
- Integration logs: EDI processing records
- Synchronization metadata: Timestamps, process states
- Error information: For technical support and improvements
3. Legal Basis for Processing (GDPR)
We process your data based on:
3.1 Contract Performance (Art. 6.1.b GDPR)
- EDI order processing according to commercial agreement
- Generation and sending of automatic EDI invoices
- Synchronization with retailer systems
3.2 Legitimate Interest (Art. 6.1.f GDPR)
- Service improvement and technical problem resolution
- System performance analysis
- Fraud prevention and malicious use prevention
3.3 Legal Compliance (Art. 6.1.c GDPR)
- Retention of commercial records according to Spanish regulations
- Compliance with tax and accounting obligations
4. How We Use Your Data
4.1 EDI Processing
- Automatic conversion of EDI documents into Shopify orders
- Product matching using EAN codes and SKUs
- Invoice generation from Shopify fulfillments
- Bidirectional synchronization with retailer systems
4.2 Service Management
- Technical support: Problem resolution and incident handling
- Monitoring: Ensuring correct system operation
- Improvements: Service optimization based on real use
- Communication: Important service notifications
4.3 Commercial Compliance
- Auditing: Transaction recording for traceability
- Billing: Generation of invoices for our services
- Reporting: Activity reports for commercial management
5. Data Sharing with Third Parties
5.1 Authorized Retailers
We share data only with retailers for which you are authorized:
- LeroyMerlin Spain
- El Corte InglΓ©s
- Carrefour
- Alcampo
- Aldi
- Other retailers according to specific authorization
5.2 Service Providers
- Shopify Inc.: For integration functionality
- Hosting services: For secure data storage
- AS2 providers: For secure EDI transmission
5.3 Legal Compliance
We may disclose information when required by:
- Spanish tax authorities
- Valid court orders
- Competent commercial regulators
6. International Transfers
6.1 Shopify (Canada/USA)
Data is processed on Shopify servers with appropriate safeguards:
- Standard Contractual Clauses approved by EU
- Security certifications ISO 27001
- Data Processing Agreement with Shopify
6.2 Other Transfers
Any transfer outside the EEA is carried out with:
- Adequacy decisions from European Commission
- Appropriate safeguards according to GDPR Art. 46
- Additional technical and organizational measures
7. Data Retention
7.1 EDI and Commercial Data
- During commercial relationship: While maintaining active service
- After service: 6 years (according to Spanish accounting regulations)
- Audit data: 10 years for tax compliance
7.2 Technical Data
- Operational logs: 12 months for technical support
- Performance data: 24 months for service improvements
- Error information: Until resolution + 6 months
7.3 Automatic Deletion
We implement automatic deletion when:
- Retention period ends as established
- Customer requests deletion (subject to legal obligations)
- Data is not necessary for original purposes
8. Data Security
8.1 Technical Measures
- Encryption in transit: TLS 1.3 for all communications
- Encryption at rest: AES-256 for storage
- AS2/X-400 protocol: EDI standards with digital signature and/or encryption
- Restricted access: Multi-factor authentication and access control
8.2 Organizational Measures
- Privacy training: For all technical staff
- Regular audits: Of systems and security processes
- Incident management: Breach response procedures
- Confidentiality agreements: With all employees
9. Your Rights (GDPR)
9.1 Access and Control Rights
- Access (Art. 15): Information about what data we process
- Rectification (Art. 16): Correction of inaccurate data
- Erasure (Art. 17): "Right to be forgotten" with legal limitations
- Restriction (Art. 18): Restriction of processing
9.2 Portability and Objection Rights
- Portability (Art. 20): Receive data in structured format
- Objection (Art. 21): Object to processing by legitimate interest
- Automated decisions (Art. 22): Not applicable to our service
9.3 Exercising Your Rights
How to Request
To exercise any GDPR right:
π§ Email: info@ediez.online:brπ Subject: "Exercise of GDPR rights - Type of right "
Required Information
Include in your request:
π Identification Data:
- Full company name
- Company CIF/NIF
- Authorized contact person
- Shopify store domain (e.g.: mystore.myshopify.com)
π Documentation:
- Copy of company CIF
- Power of representation (if applicable)
π Specific Request:
- Type of right you wish to exercise
- Specific data subject to the request
- Reason for the request (optional but recommended)
Timelines and Process
β±οΈ Response: 30 days from receipt of complete request
π Verification: We will validate your identity before processing
π§ Confirmation: You will receive acknowledgment within 48 hours
Legal Limitations
Some rights may be limited by:
- Tax and accounting obligations (6-10 years retention)
- Legitimate interests of third parties (retailers)
- Contractual compliance with authorized suppliers
10. Cookies and Tracking Technologies
10.1 Technical Cookies (Strictly Necessary)
- Authentication: Maintain active session in Shopify
- Configuration: EDI integration preferences
- Security: CSRF protection and origin validation
10.2 Performance Cookies
- Monitoring: Service availability
- Optimization: Response and load times
- Diagnostics: Proactive problem identification
10.3 Cookie Management
Disable cookies:
- Browser: Privacy settings
- Impact: Limited application functionality
- Support: Contact for alternative configuration
11. Minors
11.1 Age Restriction
- Users: Only companies and professionals (18+ years)
- B2B exclusive: We do not process end consumer data
- Verification: Validation of business legal capacity
11.2 Additional Protection
If we detect minor data:
- Immediate deletion of personal data
- Notification to company representative
- Process review to prevent recurrence
12. Transfers due to Change of Control
12.1 Mergers and Acquisitions
In case of sale, merger or restructuring:
- Prior notification: 60 days in advance
- Same guarantees: Acquirer will respect this policy
- Right to object: You can request data deletion
12.2 Service Continuity
- Responsible transfer: To company with adequate technical capacity
- No interruption: Service maintenance during transition
- New terms: Opportunity to review and accept
13. Modifications to this Policy
13.1 Updates
- Notification: 30 days before material changes
- Method: Email to registered address + notice in application
- Detail: Clear summary of important modifications
13.2 Minor Changes
- Technical: Corrections or clarifications without prior notice
- Contact: Contact information updates
- Legal: Adaptation to new applicable regulation
13.3 Version History
We maintain a record of previous versions available at:
π§ Request: info@ediez.online:brπ Subject: "Privacy Policy History"
14. Contact and Inquiries
14.1 Data Protection Officer
π§ Email: dpo@ediez.online:brπ Subject: "Data Protection Inquiry"
14.2 General Inquiries
π§ Email: info@ediez.online:brπ Phone: +34 91 091 6556
π Web: https://ediez.online
14.3 Supervisory Authorities
You have the right to file a complaint with:
ποΈ Spanish Data Protection Agency (AEPD)
π§ Email: consultas@aepd.es:brπ Web: https://www.aepd.es
14.4 Service Hours
- Email: Response within 48 hours (business days)
- Phone: Mon-Fri 9:00-18:00 (CET/CEST)
- Emergencies: Only for serious security breaches
π’ EdiEZ Online S.L. - EDI Integration Services
