en Flag

steve by niceshops Privacy Notice

According to the stipulations of Article 13 and Article 14 of the General Data Protection Regulation (GDPR), as well as § 165 para. 3 of the Telecommunications Act (TKG), we hereby provide you with comprehensive information regarding our data processing activities. Please familiarise yourself with how and why your personal data (hereinafter referred to as "data") is processed when you use the “steve by niceshops” service. Steve by niceshops offers order processing and inventory management for merchants and producers in the fulfillment sector. The service is based on providing a technical interface ("API") for the transmission of data from your online shop to our order database.

We may update this privacy notice from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons.

Data Processing Categories, Purposes, and Legal Basis

When you use the steve by niceshops service, we process the personal data needed for the provision of our services and for billing. This information specifically includes your name, company information, billing address, email address, telephone number, and online shop-specific data. This data may also come from publicly accessible sources, like your online shop. The legal basis for this data processing is the fulfillment of our contract or pre-contractual procedures in accordance with Article 6(1)(b) of the General Data Protection Regulation (GDPR). You are not obligated to provide us with your data, but without this data, we cannot offer you our service.

Storage Period

We only store your data for as long as it is needed for the purposes for which we collected your data. In this context, we take into account the statutory retention obligations.

Using the steve Assistant

If you choose to use the "steve Assistant", some of your data, particularly your IP addresses, may be transmitted to OpenAI, Inc., California, USA, for technical reasons. The legal basis for this is Art 6(1)(b) GDPR (fulfillment of a contract). This service cannot be provided without transferring your data. The European Commission published an adequacy decision for the USA on 10 July 2023. As per the "EU-US Data Privacy Framework (EU-US DPF)", data transfers to those service providers in the USA that are certified under the "Data Privacy Framework (DPF) Programme" are deemed adequate.

All entries and responses can be used in anonymised form by the steve Assistant for self-evaluation and improvement purposes. No data will be used for training purposes by the LLM provider (OpenAI, Inc.).

Your Rights

Provided that the legal requirements are met, you have the right to: 

  • Request information regarding which of your data has been processed (see Article 15 of the GDPR for more details).

  • Request the correction or completion of any inaccurate or incomplete data (see Article 16 of the GDPR for more details).

  • Request the deletion of your data (see Article 17 of the GDPR for more details), unless there are retention obligations that prevent us from doing so.

  • Request the restriction of the processing of your data (see Article 18 of the GDPR for more details).

  • Data portability – to receive the data you provided to us in a structured, commonly used, and machine-readable format (see Article 20 of the GDPR for more details).

  • Object to the processing of your data based on Article 6(1)(e) or (f) of the GDPR, particularly regarding the processing of your data for advertising purposes (see Article 21 of the GDPR for more details).

If we process your data based on your consent, you have the right to withdraw that consent at any time. The lawfulness of the data processing that took place prior to the withdrawal of your consent will not be affected (Article 7(3) of the GDPR).

If, contrary to your expectations, there is a violation of your right to the lawful processing of your data, please contact us. We will make every effort to address your concern swiftly, or at the latest within the legal deadline of one month. You also have the right to file a complaint with the supervisory authority responsible for data protection matters.

Responsibility

The entity responsible for the data processing described above, in accordance with Article 4(7) of the GDPR, is:
niceshops GmbH
Saaz 99
8341 Paldau
Austria

End Customer Data and Data Processing

As the merchant, you are the data controller responsible for your end customers’ personal data (as defined by Article 4(7) of the GDPR). By using the steve by niceshops service, you engage niceshops as a data processor (in accordance with Article 28 of the GDPR) for the personal data of your end customers, as defined in the Data Processing Agreement. By using steve by niceshops, you enter into this agreement. If you require a countersigned version, please email a copy of the agreement with your signature to your contact person at steve by niceshops, and we will return the countersigned document to you.

Additional Data Processed When Connecting to Your Shopify Online Store

The steve Shopify App enables steve by niceshops to be directly integrated into your Shopify Store. This section describes which additional data we process when you use the Shopify App. 

We process the following data from your Shopify Store to ensure the smooth fulfillment of the orders you assign us, as well as the synchronisation of inventory levels:

  • Shopify Store ID

  • Orders

  • Products

  • Inventory levels

From a technical perspective, we have access to the following Shopify API scopes:

  • read_inventory

  • read_orders

  • read_products

  • write_third_party_fulfillment_orders

  • write_merchant_managed_fulfillment_orders

  • write_assigned_fulfillment_orders

  • write_fulfillments

After a successful fulfillment delivery, the personal data for that delivery will be anonymized within a maximum of 21 days. For security reasons as well as to investigate any issues that arise during the fulfillment process, we may store log entries for a maximum period of 21 days.

Contact Details of the Data Protection Officer

You can contact the Data Protection Officer at the niceshops Groups by post at: niceshops GmbH, c/o The Data Protection Officer, Annenstrasse 23, 8020 Graz, Austria. Or via our contact form:

Please enter the reason for your inquiry