Privacy Policy

Effective Date: 01 November 2023
Last Updated: 01 January 2026

1. Who We Are

This Privacy Policy explains how DROPLOGICX LTD, a company registered in England and Wales under company number 15152081, (“we”, “our”, “us”), collects, uses, and protects personal data.

This Policy applies to:

• Applications we publish on the Shopify platform

• Our website at www.droplogicx.com

• Our eCommerce development, consulting, and technical services

• Any related digital products or services (collectively, the “Services”)

We are committed to processing personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

---

2. Data Controller and Data Processor Roles

Depending on the context, we act as:

• Data Controller — when processing personal data relating to our clients, website visitors, and business contacts.

• Data Processor — when processing merchant store data through our Shopify applications on behalf of merchants.

Merchants remain the data controllers of their customers’ personal data.

---

3. Categories of Personal Data We Collect

A. Merchant & Store Data (Shopify Applications)

When merchants install or use our Shopify applications, we may process:

• Store name and store URL

• Store owner contact details

• Shopify account identifiers

• Product and inventory data

• Order information

• Customer data (such as name and email address)

• Cart and transactional data

• App usage and configuration data

We only access data necessary to provide the functionality of our applications.

---

B. Client Data (Development & Consulting Services)

When delivering professional services, we may process:

• Business contact details

• Project documentation and communications

• Technical access credentials (where required)

• Billing and payment information

---

C. Website Visitor Data

When individuals visit our website, we may collect:

• Name and email address (via forms)

• IP address

• Device and browser information

• Analytics data

• Cookie identifiers

---

4. Lawful Basis for Processing (UK GDPR)

We process personal data under the following lawful bases:

• Contractual necessity — to deliver our Services

• Legitimate interests — to operate and improve our business and Services

• Legal obligation — to comply with applicable laws

• Consent — where required (e.g., marketing communications or non-essential cookies)

Where processing is based on legitimate interests, we ensure those interests are not overridden by individual rights and freedoms.

---

5. How We Use Personal Data

We use personal data to:

• Provide and maintain our Services

• Develop and improve Shopify applications

• Deliver contracted development and consulting services

• Provide customer and technical support

• Manage billing and invoicing

• Monitor performance and prevent fraud

• Comply with legal and regulatory obligations

We do not sell personal data.

---

6. Data Sharing

We may share personal data with:

• Cloud hosting providers

• Infrastructure and technical service providers

• Payment processors

• Professional advisers (legal, financial, compliance)

• Regulatory authorities where legally required

All third parties are required to implement appropriate security measures and process data only in accordance with our instructions and applicable law.

---

7. International Data Transfers

Some of our service providers may be located outside the United Kingdom.

Where personal data is transferred internationally, we ensure appropriate safeguards are in place, such as:

• UK International Data Transfer Agreements (IDTA)

• Standard Contractual Clauses (SCCs)

• Transfers to countries deemed adequate by the UK Government

---

8. Data Retention

We retain personal data only for as long as necessary to:

• Fulfil contractual obligations

• Provide ongoing support

• Comply with legal requirements

• Resolve disputes and enforce agreements

When a Shopify application is uninstalled, store-related personal data is deleted or anonymised within a reasonable period unless retention is legally required.

Financial records may be retained for up to six years in accordance with UK tax law.

---

9. Data Security

We implement appropriate technical and organisational measures, including:

• Encrypted transmission (HTTPS)

• Secure cloud-based infrastructure

• Role-based access controls

• Logging and monitoring systems

• Regular security assessments

While we take reasonable steps to protect personal data, no system can guarantee absolute security.

---

10. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner’s Office
Website: https://ico.org.uk

We would, however, appreciate the opportunity to address your concerns before you approach the ICO.

---

11. Cookies and Electronic Communications (PECR Compliance)

Our website uses cookies and similar technologies in accordance with the Privacy and Electronic Communications Regulations (PECR).

Where required, we obtain consent before placing non-essential cookies. Users may manage cookie preferences via browser settings.

---

12. Marketing Communications

We may send marketing communications where:

• You have given consent; or

• We are permitted to do so under applicable soft opt-in rules.

You may unsubscribe at any time using the link in our emails or by contacting us directly.

---

13. Third-Party Platforms

Our Services integrate with third-party platforms, including Shopify. We are not responsible for the privacy practices of third-party services and encourage reviewing their respective privacy policies.

---

14. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be reflected by revising the “Last Updated” date above.

---

15. Contact Details

DROPLOGICX LTD
Company Number: 15152081
Email: contact@droplogicx.com