Date of Last Revision: 16th November 2021
ICART, Inc. (“ICART”) with its principal place of business at 687 South Coast Highway 101, Suite 239, Encinitas, California 92024 USA knows that you care how information about you is used and shared, and we appreciate your trust that we will do so carefully and sensibly.
“Account Information” means data about how and when an ICART account is created, accessed and used, including Store Information.
“Automated Decision Making” means a decision made solely by automated means without human involvement.
“Browser Information” means browser provided information, including the IP address, the website visited, network connection, device information, and other data, including Cookies.
“Contact Information” means basic personal and business information, such as first and last name, company name, postal address, phone number, email address and social media account information.
“Controller” means an entity that determines the purposes and means of the Processing of Personal Data.
“Cookie” a small file which resides on a computer hard drive containing an anonymous unique identifier accessible by the website that placed it there.
“Device Information” means information about a device, such as device ID number, model, and manufacturer, version of your operating system and geographical region, collected from device accessing the Services.
“Merchant” means a person or entity which uses or has used the Services.
“Partner” means a separate entity which participates in our channel partner or reseller program or other third-party program related to the Services.
“Payment Information” means and includes credit card, automated clearing house (ACH) or other payment information.
“Personal Data” or “Personal Information” means information that (i) relates to an identified or identifiable natural person, or (ii) identifies, relates to, or could reasonably be linked with you or your household.
“Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, including, but not limited to, collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Processor” means the entity which processes Personal Data on behalf of the Controller.
“Security Information” means user ID, password and password hints, and other security information used for authentication and account access
“Services” means ICART’s websites, services, apps, or other user interfaces
“Store Information” means information about a store, its products, and its architecture.
“Support Information” includes information about your hardware and software, authentication data, chat session contents, error reports, performance data, and other communication or technical information and may, with express permission, include remote access to facilitate troubleshooting.
“Transaction Information” means the data related to transactions that occur on the Services, including product, order, shipping information, Contact Information, and Payment Information.
“Usage Information” means information collected when you interact with the Services, including functionalities accessed, pages visited, and other interaction data.
“User” means an entity or person that interacts with a Merchant through the Services.
2. Information We Collect and Duration.
2.1 Information Collected from Merchants. When a Merchant interacts or uses the Services, we collect and control information such as Account Information, Browser Information, Contact Information, Device Information, Payment Information, Support Information, Device Information, Security Information, Transaction Information, Usage Information and set a Cookie.
2.2 Information Collected from Users. When Users interact with a Merchant’s ecommerce offering through the Services, we collect and process Browser Information and Transaction Information of the User on behalf of the Merchant.
2.3 Information Collected from Partners. When a Partner signs up for a partner account or refers a Merchant to us, we collect and control information such as Account information, Browser Information, Contact Information, Payment Information, Support Information, and Usage Information.
2.4 Information Collected from Visitors. When visitors browse our website or use the Services, or engage in communications with us online or offline, we collect and control, as applicable, Browser Information, Support Information, Contact Information, and Usage Information submitted or communicated to us.
2.5 Duration. We will delete your personal data when it is no longer necessary or relevant for the fulfillment of the purpose for which it was collected, or when you revoke a given consent, if the processing has been based on such consent, or in case you exercise your rights to oppose the processing or to delete your data; notwithstanding that a longer retention period may be established to pursue our legitimate business interests, comply with our legal obligations, resolve disputes and enforce applicable agreements.
3. How We Use Your Information.
3.1 Use of Merchant Information. We use this information as a Controller to provide Merchants with the Services, confirm identities, provide support such as debugging, troubleshooting, automated decision making such as the detection of fraudulent account creation when signing up for the Services, for advertising and marketing, invoicing, to resolve incidents related to the use of the Services, to improve and personalize the Services, such as push notifications regarding your store activities, and to comply with legal requirements. We may disclose certain information, including Account Information, Contact Information, Support Information and Transaction Information, to Partners subject to confidentiality obligations that refer Merchants to us or are engaged by a Merchant to provide services, apps or products relating to the Merchant’s store(s) or use of the Services, or to confirm identities and improve and personalize our interactions and services. We may use this information in other cases where the Merchant has given express consent or when we are legally obliged to do so.
3.2 Use of User Information. We use this information as a Processor to provide the Services to Merchants, support and process orders, and to comply with legal requirements like managing risk and fraud. The Merchant is the Controller of this information and Users who have questions about our use of this information should contact the Merchant. We may also use certain information as a Controller to improve and personalize the Services when we have the legal basis to do so and to comply with a legal requirement like manage risk and fraud.
3.3 Use of Partner Information. We use this information as a Controller to provide Partners with the Services, confirm identities, provide support, for advertising and marketing, invoicing, to resolve incidents related to the use of the Services, to improve and personalize the Services, and to comply with legal requirements. We may use this information in other cases where the Partner has given express consent.
3.4 Use of Visitor Information. We use this information as a Controller to provide the Services, and improve and personalize communications, interactions with the Services, to provide support, if needed, and to comply with legal requirements. We may use this information in other cases where the visitor has given express consent.
3.5 Promotional. We may send promotional communications to existing Merchants and Partners and to prospective customers who give consent by email, phone, and other channels. For example, we may notify a Merchant when a subscription is ending. You can opt-out of receiving promotional communications from us at any time.
4. How We Share Your Information.
4.1 Information Sharing. The Services are possible because of a variety of third parties and service providers. Sometimes it is necessary to share Merchant, Partner, User or visitor Personal Data with them to support the Services. We may access, transfer, disclose, and/or retain that Personal Data with consent or in the following circumstances.
4.2 Compliance. If we have a good faith belief that doing so is necessary to comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies or to meet national security requirements.
4.3 Protection. If we have a good faith belief that doing so is necessary to: (i) protect Merchants, Partners, Users, or visitors; for example, to prevent spam or attempts to defraud us or users of the Services, or in response to threats of safety of any person; (ii) protect the rights or property of ICART, including enforcing the terms governing the use of the Services; or (iii) operate and maintain the security of the Services, including to prevent or stop an attack on our computer systems or networks.
4.6 Payment Processing. We share payment data with banks and other entities that process payment transactions or provide other financial services, and for fraud prevention and credit risk reduction.
4.7 Apps. Upon receiving a Merchant’s consent to install an application, we will share the Merchant’s Contact Information and other information requested by the app with the app Partner.
4.8 Merger; Sale. We may also disclose Personal Data as part of a sale of assets or if we merge with or are acquired by another company.
5.2 Persistence. We use both session-based and persistent cookies on our websites. Persistent cookies remain on your computer when you have gone offline, while session cookies are deleted as soon as you close your web browser. A website may set a cookie if the browser’s preferences allow it. A browser only permits a website to access the cookies that it has set, not those set by other websites.
5.3 Types of Cookies include: essential cookies which are necessary for our website to work as intended; functional cookies which enable enhanced functionality, like videos and live chat, without these cookies, certain functions may become unavailable; analytic cookies which provide statistical information on site usage which allow us to improve our website over time; targeting and advertising cookies which are used to create profiles or personalize content to enhance your experience.
5.4 Control. It is possible to disable cookies through your device or browser settings, but doing so may affect your ability to use our website. For instance, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit our website. The method for disabling cookies may vary by device and browser, but can usually be found in preferences or security settings.
5.5 Other Resources. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit allaboutcookies.org, or aboutcookies.org.
6. Information Protection.
6.1. We maintain administrative, technical, and physical security measures designed to provide reasonable protection for Personal Data against unauthorized access, disclosure, alteration, loss, and misuse. The ways we do this include (i) using Secure Sockets Layer (SSL) software, which encrypts information you input during transmission; (ii) following Payment Card Industry Data Security Standard (PCI DSS) when handling credit card data; (iii) maintaining physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of Personal Data. Unfortunately, no method of Internet use, data transmission, or electronic storage is completely secure, so we cannot guarantee the absolute security of Personal Data.
6.2 While we are dedicated to securing the Services, you are responsible for securing and maintaining the privacy of your passwords and account information. We are not responsible for protecting Personal Data shared with a third-party based on an account connection that you have authorized.
7. Accountability and Safeguards for Onward Transfer.
7.2 Remedial Measures. If we learn Personal Data is not protected according to our contract, or is being processed beyond your consent, we will take reasonable steps to protect your information and/or cease its illegitimate processing.
7.3 Privacy Shield. We provide services around the world. To provide the Services, it may be necessary to transmit Personal Data outside of the country, state, or province where the data was received. While the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework may no longer be used or relied upon for transfer of personal information, we will continue to comply with all EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework obligations. To learn more about the Privacy Shield program, or to view ICART’s certification, please see https://www.privacyshield.gov/. In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at: privacy@iCART.com or
687 S. Coast Highway 101, Suite 239
Encinitas, California 92024 USA
We have further committed to refer unresolved Privacy Shield complaints to the Better Business Bureau (BBB) an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://bbbprograms.org/programs/all-programs/bbb-eu-privacy-shield for more information or to file a complaint. The services of Better Business Bureau (BBB) are provided at no cost to you. Complaining parties may also, in absence of a resolution by ICART and Better Business Bureau (BBB), seek to engage in binding arbitration through the Privacy Shield Panel. ICART is responsible for all onward transfers of Personal Data to third parties in accordance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.
7.4 Standard Contractual Clauses. For third-country transfer outside the EU/EEA we also use the Standard Contractual Clauses adopted by the EU Commission as an adequate level of protection.
8. Legal Basis for Processing (EU visitors only).
8.1 Lawful Basis. We collect Personal Data from you only where (i) necessary for a specific purpose such as to perform a contract with you, (ii) the processing is in our legitimate interests and not overridden by your rights, or (iii) we have your consent. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
8.2 Notice. If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not, as well as of the possible consequences if you do not provide your personal information.
8.3 Legitimate Interest. If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are. For instance, we may rely on our legitimate interests when responding to your queries, improving and personalizing the Services or undertaking marketing (when we can do so in accordance to our legitimate interest) or for the purposes of detecting or preventing illegal activities (e.g. checking your identity, fraud prevention).
8.4 Questions. If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided below.
9. Your Choices.
9.1 Generally. You can exercise rights over your Personal Data against the Controller. We provide reasonable steps to allow you to access, rectify, erase, port, or restrict the use of your Personal Data. You have the right to object to the use of your Personal Data at any time, subject to applicable law. When collection is based on your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal by applicable law. If applicable by national law, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data relating infringes your rights.
9.2 Merchants, Partners, and Visitors. Merchants and Partners can update many types of collected Personal Data directly within their accounts. Please contact us if you are a visitor or otherwise unable to access or otherwise change your Personal Data within your account.
9.3 Users. We serve as a Processor for Merchants. Users may wish to contact Merchants directly regarding their Personal Data. We can forward User requests for access or deletion to Merchants, but we are unable to delete Merchant data. Requests for deletion of Personal Data may adversely affect our ability to serve you.
- Contact Information; Enforcement; Recourse. If you would like to ask about, make a request relating to, or complain about how we process your Personal Data, you can contact as follows: email@example.com 11. The Services on WWW.CARTFIY.COM are not directed to users below the age of 18 years, or equivalent minimum age in the relevant jurisdiction. If you are younger than 18, you cannot register with and use this websites or online services.
For further questions you can check the FAQ or Knowledge base or email us on firstname.lastname@example.org