Welcome to Rakt, and thank you for your interest in our company and products. In order to make you feel safe when using our Square Sync app, we want to explain what happens with the data that Rakt accrues when using the Square Sync App (hereinafter the ”Service”).
Being a based BVI company, we have adapted to EU General Data Protection Regulation 2016/679 and also the California Consumer Privacy Act of 2018.
The responsible party pursuant to Article 4 (7) of the EU General Data Protection Regulation (GDPR) is Rakt Innovations Pvt. Ltd., Intershore Chambers, P.O Box 4342, Road Town, Tortola, BVI
What information do we collect on the Service?
We collect different types of information from or through the Service. The legal bases for Rakt’s processing of personal data are primarily that the processing is necessary for providing the Service in accordance with FORSBERG+two's Terms of Service and that the processing is carried out in Rakt’s legitimate interests. We may also process data upon your consent, asking for it as appropriate.
When you use the Service, as a User or as a Visitor, you may provide, and we may collect Personal Data. Examples of Personal Data include name, email address, mailing address, mobile phone number, and billing information. Personal Data also includes other information, such as geographic area or preferences, when any such information is linked to information that identifies a specific individual. You may provide us with Personal Data in various ways on the Service. For example, when you register for an Account, use the Service, import data from Integrated Services such as Shopify Accounts, or send us customer service related requests.
Information used when accessing the "Square Sync" application
When accessing the Square Sync app you provide basic information about the shop. This includes personal information such as the shop's address, email, phone, location, locale and store owners name and email address. This information is needed to customise the application based on the shop details, as well as to help identify customer service requests. This information is stored in a temporary database, and is automatically deleted after you cancel our services and after the statutory retention periods seize to apply.
Information used when using the "Square Sync" application
In order to provide the function of the Services it is required to access transaction and fulfilment information from your Shopify Account this includes Customer’s email, phone number, address and name, Product’s name, SKU, barcode, inventory, images, Order shipping address, recipient name, shipping carrier and tracking code.
This information is stored in a temporary database, and is automatically discarded after 30 days of not using the application.
Automatically Collected Information
When a user of the Service, installs the Square Sync App we may automatically record certain information from the User’s or Visitor’s device by using various types of technology, including cookies, “clear gifs" or “web beacons.” This “automatically collected" information may include IP address or other device address or ID, web browser and/or device type, the web pages or sites visited just before or just after using the Service, the pages or other content the User or Visitor views or interacts with on the Service, and the dates and times of the visit, access, or use of the Service. We also may use these technologies to collect information regarding a Visitor or User’s interaction with email messages, such as whether the Visitor or User opens, clicks on, or forwards a message the Square Sync App.
Information from Other Sources
We may obtain information, including Personal Data, from third parties and sources other than the Service, such as our partners, advertisers, and Integrated Services. If we combine or associate information from other sources with Personal Data that we collect through the Service, we will treat the combined information as Personal Data in accordance with this Policy.
The data provided by you to make use of our range of goods and/or services is processed by us for the purpose of contract processing and is necessary to this extent. Conclusion and processing of the contract are not possible without the provision of your data. The legal basis for the processing is Art. 6 Para. 1 lit. b) GDPR.
Specifically, the following data in particular are processed for the purpose of providing contractual services, service and customer care, marketing, advertising and market research from our customers, interested parties and business partners:
Am i Obliged To Provide Data?
The processing of your data is necessary for the conclusion or fulfiment of the contract you have entered into with us. If you do not provide us with this data, we will usually have to refuse to conclude the contract or will no longer be able to perform an existing contract and consequently have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant for the fulfilment of the contract or that is not required by law.
Contacting us by e-mail or via a contact form
When you contact us by e-mail or via a contact form (e.g. contact or appointment), the data you provide (your e-mail address, first name, last name, company, postcode, city, optionally telephone, reason for contact) will be stored by us in order to answer your questions or to arrange an appointment. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are legal obligations to retain data.
Online Payment, Secure data transmission and Credit card information
The transmission of your personal information during an order transaction is encrypted using industry standard Secure Socket Layer ("SSL") technology, (SSL encryption version 3). Any credit card information you provide will not be stored by us, but will be encrypted and collected directly from our payment service provider via hypertext transfer protocol secure ("https").
We may share information with our payment service provider, and you may need to provide credit or debit card information directly to the provider in order to process payment details and authorise payment following a secure link. The information which you supply to in such cases is not within our control and is subject to our payment service provider’s own Privacy Notice and Terms and Conditions.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, the data processed by us will be deleted or restricted in their processing in accordance with Art. 17 and 18 GDPR. If the data is not deleted because they are required for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
When do we disclose your Personal Data?
We may share your information with organisations that help us provide the services described in this policy and who may process such data on our behalf and in accordance with this policy, to support our online offer and our services. If you wish to learn more about how the relevant provider process your personal data, please follow the link embedded in the above mentioned providers name.
Typically and unless otherwise stated in this policy, data may be shared on the basis of our contractual and pre-contractual obligations, in accordance with Art. 6 para. 1 lit. b) GDPR. Equally, if you have consented to it, or where there we have a legal obligation to do so or on the basis of our legitimate interests (e.g. when using agents, hosting providers, tax, business and legal advisors, customer care, accounting, billing and similar services that allow us to perform our contractual obligations, administrative tasks and duties efficiently and effectively).
If we commission third parties to process data on the basis of a so-called "processing agreement", this is done on the basis of Art. 28 GDPR.
In relation to meta data obtained about you, we may share a cookie identifier and IP data with analytic service providers to assist us in the improvement and optimisation of our website which is subject to our Cookies Policy.
We may also disclose information in other circumstances such as when you agree to it or if the law, a Court order, a legal obligation or regulatory authority ask us to. If the purpose is the prevention of fraud or crime or if it is necessary to protect and defend our right, property or personal safety of our staff, the website and its users.
You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them.
Right to information: You can request information from us as to whether and to what extent we process your data.
Right to rectification: If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.
Right to erasure: You may request that we erase your data if we are processing it unlawfully or if the processing disproportionately interferes with your legitimate interests in protection. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of legally regulated retention obligations. Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no legal or statutory obligation to retain data in this respect.
Right to restriction of processing: You may request us to restrict the processing of your data if you dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data, the processing of the data is unlawful, but you object to erasure and request restriction of data use instead, we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
you have objected to the processing of the data.
Right to data portability: You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transfer this data to another controller without hindrance from us, provided that we process this data on the basis of a revocable consent given by you or for the performance of a contract between us, and this processing is carried out with the aid of automated procedures. If technically feasible, you may request us to transfer your data directly to another controller.
Right to object: If we process your data for legitimate interest, you may object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the assertion, exercise or defence of legal claims. You may object to the processing of your data for the purpose of direct marketing at any time without giving reasons.
Right of complaint: If you are of the opinion that we violate data protection law when processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision. If you wish to assert any of the aforementioned rights against us, please contact us. In case of doubt, we may request additional information to confirm your identity.
Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time.
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.
We encourage you to get in touch if you have any concerns with how we collect or use your personal information.
California Specific Rights
If you are a California resident, you have the following rights:
You have the right to:
In addition under California’s “Shine the Light” law, California residents who provide personal information (as defined in the statute) to obtain services are entitled to request and obtain from us, once per calendar year, information about the personal information we shared, if any, with other businesses for marketing uses. If applicable, this information would include the categories of personal information and the names and addresses of those businesses with which we shared such personal information for the immediate prior calendar year (e.g., requests made in the current year will receive information about the prior year).
This policy and our commitment to protecting the privacy of your personal data can result in changes to this policy . Please regularly review this policy to keep up to date with any changes.
Queries and Complaints
Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.