Amai Digital Privacy Policy

Effective date: 10 September 2020

We respect your right to privacy and adhere to highest data protection standards. 

In this privacy policy, we explain in detail how we collect, use and disclose your personal data, and what choices you have with respect to your personal data.

Please read this document carefully. If you have any questions about our data protection practices, please contact us. 


Topics covered in this privacy policy:

1. GENERAL INFORMATION

2. TYPES AND PURPOSES OF PERSONAL DATA

3. NON-PERSONAL DATA

4. PROMOTIONAL MESSAGES

5. RETENTION PERIOD

6. SHARING AND DISCLOSING DATA

7. INTERNATIONAL TRANSFERS OF PERSONAL DATA

8. PROTECTION OF PERSONAL DATA

9. EXERCISING YOUR RIGHTS

10. TERM, TERMINATION, AND AMENDMENTS

11. CONTACT


1. GENERAL INFORMATION

In this section, you can find general information about amai.com, its owner, and this privacy policy.

1.1 About the Privacy Policy. This Amai Digital privacy policy (the “Privacy Policy”) governs the processing of personal data collected from individual users and merchants (“you” and “your”) through the website https://amai.com, the related subdomains (collectively, “amai.com”), and the software applications “Shopify Bulk Discount Manager” (“BDM”) and “Shopify Pre-Order Manager” (“POM”) (collectively, the “Apps”). The App and amai.com are hereinafter collectively referred to as the “Products”. The Privacy Policy does not cover any third-party websites, applications or software that integrate with the Products or any other third-party products and services. 

1.2 Data controller and data processor. The Products are owned, operated, and offered by Amai Digital Pte Ltd with a registered business address at 1 Raffles Place, #44-01A, Singapore 048616 (“we”, “us”, or “our”). We act in the capacity of a data controller and data processor with regard to the personal data processed through the Products in terms of the applicable data protection laws, including, the EU General Data Protection Regulation (GDPR). Our role depends on the specific situation in which personal data is handled by us, as explained in detail below:

  • Data controller. We are responsible for the collection and use of your personal data through amai.com and we make decisions about the types of personal data that should be collected from you and purposes for which such personal data should be used. Therefore, we act as a data controller with regard to the personal data collected directly through amai.com. (e.g., when you conclude a service contract, browse the website, or communicate with us). We comply with data controller’s obligations set forth in the applicable laws.
  • Data processor. We act in the capacity of a data processor in situations when we receive personal data for processing through the Apps (the “Service Data”) and that Service Data contains personal data. We do not own, control, or make decisions about the Service Data. We process the Service Data only in accordance with the instructions issued by a respective data controller. To ensure that the Service Data is processed in accordance with the strictest data protection standards, we have drafted and offer a data processing agreement that is available for consultation at the “DPA”. To conclude the DPA, please download it, add the required information, sign it, and return a copy of the signed DPA to support@amai.com.

1.3 Your consent. Before you submit any personal data through the Products, you are encouraged to read this Privacy Policy that is always available on amai.com to understand on what legal bases  (other than your consent) we rely when handling your personal data. In some cases, if required by the applicable law, we may seek to obtain your informed consent for the processing of your personal data. For example, we may seek your prior consent if: (i) we intend to collect other types of personal data that are not mentioned in this Privacy Policy; (ii) we would like to use your personal data for other purposes that are not specified in this Privacy Policy; or (iii) we would like to transfer your personal data to third parties that are not listed in this Privacy Policy. 

1.4 Children. The Products are not intended for use by children (i.e., persons who are minors in their country of residence). Therefore, we do not knowingly collect minors’ personal data.

1.5 Cookies. We use cookies on amai.com. For detailed information on our cookie use practices, please refer to our cookie policy available at https://amai.com/cookie-policy/.

2. TYPES AND PURPOSES OF PERSONAL DATA

When you use the Products, we collect a minimal amount of personal data. Your personal data is used for specified and limited purposes. In this section, we explain what types of personal data we collect from you, for what purposes we use that data, and on what legal bases we rely when processing your personal data. 

2.1 Types of personal data. We comply with data minimisation principles. Thus, we collect only a minimal amount of personal data that is necessary for your use of the Products. The list of the types of personal data that we collect from you and process on behalf of data controllers is provided in section 2.3 below.

2.2 Purposes of personal data. We use your personal data for limited, specified and legitimate purposes explicitly mentioned in this Privacy Policy. In short, we use it only for the purposes of enabling you to use the Products, providing you with the requested services, maintaining and improving the Products, conducting research about the Products and our business activities, and replying to your enquiries. We do not repurpose your personal data. It means that we do not use it for any purposes that are different from the purposes for which your personal data was provided. 

2.3 Overview of types and purposes of your personal data. The list below provides a detailed description of the types of personal data that we collect and process on behalf of data controllers, the purposes for which we use it, and the legal bases on which we rely when processing your personal data.

  • Contact form. When you contact us by using the contact form available on amai.com, we collect your first name, last name, email address, and any information that you decide to include in your message. We use such data to respond to your enquiries and provide you with the requested information. The legal bases on which we rely are ‘pursuing our legitimate business interests’ (i.e., to grow and promote our business) and ‘your consent’ (for optional personal data).
  • BDM. When you use BDM, we collect certain information from your Shopify account, such as read and write theme data, product parameters, and draft orders. Such information may contain your or other data subjects’ personal data like first names, last names, addresses, email addresses, and phone numbers. We use such personal data to provide you with the requested services and perform our contractual obligations. The legal basis on which we rely is “performing a contract”.
  • POM. When you use POM, we collect certain information from your Shopify account, such as read and write theme data, product parameters, orders, and script tags, shop URL, shop name, tariff plan name, primary locale and timezone. In addition, we process personal data submitted by persons that access our clients’ stores, such as their first names, last names, addresses, email addresses, and phone numbers. We use such personal data to provide you with the requested services and comply with our contractual obligations to our clients. The legal basis on which we rely is “performing a contract”.
  • Email enquiries. When you contact us by email, we collect your name, email address, and any information that you decide to provide in your message. We use such data to respond to your enquiries and provide you with the requested information. The legal bases on which we rely are ‘pursuing our legitimate business interests’ (i.e., to grow and promote our business) and ‘your consent’ (for optional personal data). 
  • Live chat. When you contact us by using the live chat functionality available on amai.com, we collect any information that you decide to provide in your message. We use such data to respond to your enquiries and provide you with the requested information. The legal basis on which we rely is ‘your consent’ (for optional personal data).
  • Comments. When you post a comment under a blog post available on amai.com, we collect your name, email address, website, and any information that you decide to provide in your comment. We use such personal data to feature your comment, ensure compliance with our legal terms and applicable laws, prevent abuse and scam, and ensure security of amai.com. The legal bases on which we rely are ‘pursuing our legitimate business interests’ (i.e., to protect our business) and ‘your consent’ (for optional personal data).
  • Cookies. When you browse amai.com or use the Apps, we collect your cookie-related data. For more information about the purposes for which we use cookies, please refer to our cookie policy available at https://amai.com/cookie-policy/. The legal bases on which we rely are ‘pursuing our legitimate business interests’ (i.e., to analyse and promote our business) and ‘your consent’.   
  • Support. If you request support for the Apps from us, we may ask you to provide us with your personal data that is necessary to deliver the requested support services, such as your name, email address, delivery address, and phone number. We will use such personal data only to provide the requested support and for troubleshooting purposes and. The legal basis on which we rely is ‘performing a contract’.
  • Payments. When you make a payment, we may have access to your billing information, such as your name, billing address, payment card details, or information related to other payment methods that you choose. We do not accept payments directly or process payments – it is done by Shopify. We use your payment data to process your payments and maintain our business records. The legal bases on which we rely are ‘performing a contract’ and ‘pursuing our legitimate business interests’ (i.e., administer our business). 

2.4 Sensitive data. We do not collect or use any special categories of personal data (“sensitive data”) from you, unless you decide, at your own discretion, to provide such data to us. Sensitive data is information that relates to your health, religious and political beliefs, racial origins, membership of a professional or trade association, or sexual orientation.    

2.5 Refusal to provide personal data. If you refuse to provide us with your personal data when we ask to, we may not be able to perform the requested operation and you may not be able to use the full functionality of the Products, receive our services, or get our response. Please contact us immediately if you think that any personal data that we collect is excessive or not necessary for the intended purpose. 

3. NON-PERSONAL DATA

When you use the Products, we receive some technical data for analytics purposes. In this section, we inform you what non-personal data we collect from you and for what purposes we use that data. 

3.1 Log files and analytics data. In order to analyse your use of the Products, we collect and use third-party analytics services (e.g., Google Analytics, Amplitude, and Inspectlet) to automatically collect certain technical non-personal data (log files and analytics data) about your use of the Products. Such data does not allow us us to identify you in any manner. The non-personal data collected by us and third-party analytics providers includes the following information: 

  • Your activity on amai.com and the Apps; 
  • IP address in an anonymised form; 
  • Browser type; 
  • Internet service provider;
  • Referring/exit pages; 
  • Date/time stamps; 
  • Country;
  • Device number;
  • Device screen information; and
  • Preferred language.

3.2 Your feedback. If you contact us, we may keep records of any questions, complaints, recommendations, or compliments made by you and the response. Where possible, we will de-identify your personal data (i.e., we will remove all personal data that is not necessary for keeping such records). 

3.3 Purposes of non-personal data. We will use non-personal data for the following purposes:

  • To analyse what kind of users use the Products;
  • To examine the relevance, popularity, and engagement rate of the Products; 
  • To investigate and help prevent security issues and abuse; 
  • To develop and provide additional features to the Products; and
  • To personalise the Products for your specific needs. 

3.4 Aggregated and de-identified data. In case your non-personal data is combined with certain elements of your personal data in a way that allows us to identify you, we will handle such aggregated data as personal data. If your personal data is aggregated or de-identified in a way that it can no longer be associated with an identified or identifiable natural person, it will not be considered personal data and we may use it for any business purpose.

4. PROMOTIONAL MESSAGES

From time to time, you may receive promotional messages from us. Below, we explain when you may receive such notices from us and what you can do to decline our promotional messages.

4.1 Newsletters. We may send you a newsletter to keep you updated about the latest developments related to the Products, our new services, additional features of the Products and special offers. You will receive our newsletters in the following instances:

  • If we receive your express (“opt-in”) consent to receive marketing messages (please note that your voluntary subscription for our newsletters substitutes such consent); or
  • We decide to send you information about our new products or services that are closely related to the Products already used by you. 

4.2 Opt-out. You can opt-out from receiving marketing messages at any time free of charge by clicking on the “unsubscribe” link contained in any of the newsletters sent to you or by contacting us directly.

4.3 Informational notices and updates. From time to time, we may send you important informational notices, such as service-related, technical or administrative emails, your privacy and security, and other administrative matters. Please note that we will send such notices on an “if-needed” basis and they do not fall within the scope of direct marketing communication that requires your prior consent. 

4.4 Interest-based advertising. You may encounter targeted interest-based advertising that is generated on the basis of your use of the Products and other websites. You can control how such advertisements are shown to you or opt-out from targeted advertising by consulting the guide powered by the Digital Advertising Alliance available at https://youradchoices.com. For more information on opting-out from advertising features on your device, please visit https://www.networkadvertising.org .

5. RETENTION PERIOD

We store your personal data for the time period it is necessary for its intended purposes. In this section, we specify the retention periods for your personal and non-personal data. 

5.1 Retention of personal data. We will store your personal data in our systems only for as long as such personal data is required for the purposes described in this Privacy Policy or until you request us to delete your personal data, whichever comes first. After your personal data is no longer necessary for its purposes and there is no other legal basis for storing it, we will immediately securely delete your personal data from our systems. For example, if you uninstall the Apps, we will automatically delete your personal data from our systems within 48 hours.

5.2 Retention of non-personal data. We retain non-personal data pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include storing non-personal data for the period of time needed for us to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

5.3 Retention as required by law. In instances when we are obliged by law to store your personal data for certain period of time (e.g., for business records purposes), we will store your personal data for the time period stipulated by the applicable law and delete the personal data as soon as the required retention period expires.

6. SHARING AND DISCLOSING DATA

We cooperate with external service providers and share some personal data with them. In this section, you can find information about third parties that have access to your personal data and the instances when we make data transfers.

6.1 Disclosure to data processors. If necessary, we will disclose your personal data to the service providers with whom we cooperate (our data processors). For example, we may share your personal and non-personal data with entities that provide certain technical support services to us, such as hosting and email distribution services. We do not sell your personal data to third parties. The disclosure is limited to the situations when such data is required for the following purposes:

  • Ensuring the proper operation of the Products;
  • Ensuring the delivery of services requested by you;
  • Providing you with the requested information;
  • Pursuing our legitimate business interests;
  • Enforcing our rights, preventing fraud, and security purposes;
  • Carrying out our contractual obligations;
  • Law enforcement purposes; or 
  • If you provide your prior consent to such a disclosure. 

6.2 List of data processors. The data processors that we choose agree to ensure an adequate level of protection of personal data that is consistent with this Privacy Policy and the applicable data protection laws. The data processors that will have access to your personal data are: 

  • Our hosting and cloud storage service provider AWS (https://aws.amazon.com) located in the United States;
  • Our email marketing service provider Mailchimp (https://mailchimp.com) located in the United States;
  • Our live chat service provider Hubspot (https://hubspot.com) located in the United States;
  • Our email service provider Google (https://gmail.com) located in the United States;
  • Our analytics service providers Google Analytics (https://analytics.google.com/analytics/) located in the United States, Amplitude (https://amplitude.com) located in the United States, and Inspectlet (https://www.inspectlet.com) located in the United States;
  • Our advertising network Google Adsense (https://www.google.com/adsense/start/) located in the United States; and
  • Our independent contractors and consultants.

6.3 Disclosure of non-personal data. Your non-personal data may be disclosed to third parties for any purpose. For example, we may share it with prospects or partners for business or research purposes, for improving the Products, responding to lawful requests from public authorities or developing new products and services. 

6.4 Legal requests. If requested by a public authority, we will disclose information about the users of the Products to the extent necessary for pursuing a public interest objective, such as national security or law enforcement.

6.5 Successors. In case our business is sold partly or fully, we will provide your personal data to a purchaser or successor entity and request the successor to handle your personal data in line with this Privacy Policy.

7. INTERNATIONAL TRANSFERS OF PERSONAL DATA

Your personal data may be transferred outside the country where you reside. In this section, we explain when we transfer personal data abroad and what safeguards we implement to ensure that your personal is properly protected.

Some of our data processors listed in section 6 of this Privacy Policy are located outside the country in which you reside. For example, if you reside in the European Economic Area (EEA), we may need to transfer your personal data to jurisdictions outside the EEA. In case it is necessary to make such a transfer, we will make sure that the jurisdiction in which the recipient third party is located guarantees an adequate level of protection for your personal data or we conclude an agreement with the respective third party that ensures such protection (e.g., a data processing agreement based pre-approved standard contractual clauses).

8. PROTECTION OF PERSONAL DATA

We strive to ensure that your personal data is kept safe and secure. In this section, we inform you about our measures that help us to protect your personal data.

8.1 Security measures. We implement organisational and technical information security measures to protect your personal data from loss, misuse, unauthorised access, and disclosure. The security measures taken by us include secured networks, SSL protocol, strong passwords, limited access to your personal data by our staff, and anonymisation of personal data (when possible). In order to ensure the security of your personal data, you are requested to use the Products through a secure network only. 

8.2 Security breaches. Although we put our best efforts to protect your personal data, given the nature of communications and information processing technology and the Internet, we cannot be liable for any unlawful destruction, loss, use, copying, modification, leakage, and falsification of your personal data caused by circumstances that are beyond our reasonable control. In case a serious breach occurs, we will take reasonable measures to mitigate the breach, as required by the applicable law. Our liability for any security breach will be limited to the highest extent permitted by the applicable law. 

9. EXERCISING YOUR RIGHTS

You have the right to control how we process your personal data. Below, we list the rights that you can exercise with regard to your personal data and explain how you can exercise those rights.  

9.1 The list of your rights. Subject to any exemptions provided by law, you may ask us to:

  • Get a copy of your personal data that we store;
  • Get a list of purposes for which your personal data is processed;
  • Rectify inaccurate personal data;
  • Move your personal data to another processor;
  • Delete your personal data from our systems;
  • Object and restrict processing of your personal data;
  • Withdraw your consent, if you have provided one; or
  • Process your complaint regarding your personal data.

9.2 How to exercise your rights? If you would like to exercise any of your rights listed in section 9.1, please contact us by email at support@amai.com and explain in detail your request. In order to verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information, so that we would be able to identify you in our system. We will answer your request within a reasonable time frame but no later than 2 weeks.

9.3 Complaints. If you would like to launch a complaint about the way in which we handle your personal data, we kindly ask you to contact us first and express your concerns. After you contact us, we will investigate your complaint and provide you with our response as soon as possible. If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.

10. TERM, TERMINATION, AND AMENDMENTS

This Privacy Policy may be changed or terminated at any time. In this section, we explain for how long this document is valid and how you will be informed about any changes. 

10.1 Term and termination. This Privacy Policy enters into force on the effective date indicated at the top of the Privacy Policy and remains valid until terminated or updated by us.

10.2 Amendments. The Privacy Policy may be changed from time to time to address the changes in laws, regulations, and industry standards. We encourage you to review our Privacy Policy to stay informed. For significant material changes in the Privacy Policy or, where required by the applicable law, we may seek your consent.

11. CONTACT

Any enquiries about the Privacy Policy and our data protection practices should be addressed to us by using the following contact details:

Email: support@amai.com

Contact form: https://amai.com/contact/

Postal address for communication: Amai Digital Pte Ltd, 1 Raffles Place, #44-01A, Singapore 048616

***