Make an Offer Privacy Policy

Who Are We

Make an Offer App is operated by Buraleo Limited (company number: SC711544).

You can contact us at: support@makeofferapp.com

Our Service

Make an Offer "the App” provides tools for offering a price guarantee "the Service" to merchants who use Shopify to power their stores. This Privacy Policy describes how personal information is collected, used, and shared when you install or use the App in connection with your Shopify-supported store.

Make an Offer’s data privacy program aims to protect the rights of all data subjects in all territories. We will endeavour to meet the requirements of and meet our obligations to the World’s major data protection regimes, including, but not limited to:

  • Australia’s Privacy Act (1988)
  • Brazil’s General Data Protection Law (LGPD)
  • California Consumer Privacy Act (CCPA)
  • General Data Protection Regulation (EU GDPR)
  • United Kingdom’s Data Protection Act (2018)

To exercise your data protection rights or for more information please contact us at the address shown in this policy.

Personal Information the App Collects

When you install the App, we are automatically able to access certain types of information from your Shopify account:

  • Read products, variants, and collections - we use this to get product information
  • Modify script tags in your store's theme template files - we use this to insert JavaScript file needed to show Make an offer popup
  • Draft Orders and Orders - we use this to create an order with discount

Additionally, we collect the following types of personal information from you and/or your customers once you have installed the App:

  • Information about you and others who may access the App on behalf of your store, such as your name, address, email address, phone number;
  • Information about individuals who visit your store, such as:
    • user agent (aggregated technical information related to the browser and device)
    • time stamp (date, time)
    • anonymized IP address
  • Information about individuals who submit Make an Offer form via the App, such as:
    • Name
    • Phone
    • Email
    • Notes
    • Shipping Address
  • Other information as required to providing our services.

We collect personal information directly from the relevant individual, through your Shopify account, or using the following technologies:

  • "Cookies" are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
  • "Log files" track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.

How Do We Use Your Personal Information?

We use the personal information we collect from you and your customers in order to provide the Service and to operate the App. Additionally, we use this personal information to: Communicate with you; Optimize or improve the App; and provide you with information or advertising relating to our products or services.

Our Lawful Basis - What this policy applies to

This section describes the lawful basis for processing your data and applies to all personal information collected, stored, and processed which relates to any individual.

We will only use your personal data for the purposes for which we collected it and as you would reasonably expect your data to be processed and only where there is a lawful basis for such processing, for example:

Purpose/Activity Type of data Lawful basis for processing
To register you as a new client (a) Identity, (b) Contact (a)Performance of a contract with you.
(b)In our legitimate interests.
(c)Where we have a legal obligation.
(d)with your consent
To process and deliver our services you requested, managing payments, fees and charges, and to collect and recover money owed to us (a) Identity, (b) Contact, (c) Financial, (d) Transaction, (e) Marketing and Communications (a)Performance of a contract with you.
(b)In our legitimate interests.
(c)Where we have a legal obligation.
(d)with your consent
To manage our ongoing relationship with you which will include notifying you about changes to our terms, or privacy policy, to maintain our records (a) Identity, (b) Contact, (c) Profile, (d) Marketing and Communications (a) Performance of a contract with you,
(b) Necessary to comply with a legal obligation,
(c) Necessary for our legitimate interests to keep our records updated and to study how customers use our products/services
(d) with your consent
To administer and protect our business and our site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity, (b) Contact, (c) Technical (a) Necessary for our legitimate interests for running our business, provision of administration and IT services, network security,
(b)to prevent fraud and in the context of a business reorganisation or group restructuring exercise,
(c) Necessary to comply with a legal obligation
(d) with your consent
To deliver relevant content and advertisements to you and measure and understand the effectiveness of our advertising (a) Identity, (b) Contact, (c) Profile, (d) Usage, (e) Marketing and Communications, (f) Technical (a)Necessary for our legitimate interests to study how customers use our products/services, to develop them,
(b)to grow our business and (c)to inform our marketing strategy and with your consent
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences (a) Technical, (b) Usage (a)Necessary for our legitimate interests to define types of customers for our products and services,
(b)to keep our site updated and relevant,
(c)to develop our business
(d)to inform our marketing strategy
To make suggestions and recommendations to you about goods or services that may be of interest to you (a) Identity, (b) Contact, (c) Technical, (d) Usage, (e) Profile (a)Necessary for our legitimate interests to develop our products/services and grow our business and
(b)with your consent

Sharing Your Personal Information

Third Parties

Some of the personal data collected is shared with third party service providers and our business partners.

Compose

We use Compose - the platform to manage and create databases. All data including your personal data are stored on their clouds.

Freshdesk

Emails sent to support@makeanoffer.com is stored in Freshdesk, an email support platform. They store all data associated with email sent to this address, such as your email address and any headers.

SendGrid

We use SendGrid Service to send transactional email to customers. To do this, we provide them with your email address whenever such an email is sent.

AWS - Amazon Web Services

We use CloudFont for DNS, CDN and DDoS protection.

Mouseflow

We use Mouseflow to recording users behaviour on our site, to find errors and UI issues

Personal information may also be shared with a company that acquires our business, whether through merger, acquisition, bankruptcy, dissolution, reorganization, or other similar transaction or proceeding. If this happens, we will post a notice on our home page.

Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.

We have completed a detailed Legitimate Interest Assessment to ensure that sharing your information and processing your information as described here is reasonable and that we have an appropriate lawful basis.

How Do We Keep Your Personal Information secure?

We take data security seriously and have established our own data protection policies and procedures to ensure your data is protected at all times. We will store your data on secure Heroku servers which provide the highest levels of security and comply with all applicable data protection protection regulations. We have review the compliance information provided by Heroku and taken into account the Schrems II judgement and are confident that Heroku represents a secure platform.

Heroku Compliance info:
https://www.heroku.com/compliance

SchremsII info:
https://www.salesforce.com/company/privacy/

Heroku GDPR:
https://devcenter.heroku.com/articles/gdpr

Behavioural Advertising

As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s ("NAI") educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can opt out of targeted advertising by:

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.

Your Rights

If you are a UK or European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.

Additionally, if you are a UK or European resident we note that we are processing your information in order to fulfill contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred to third countries for example to Canada,the United States, and Australia. Where we transfer your data to a third country we will ensure to protect your data through technical, contractual, and operational measures. These will include, as a minimum, Standard Contractual Clauses, Data Protection Agreements, and Risk Assessments.We offer You choices regarding the collection, use and sharing of Your Personal Information. You may manage your receipt of marketing and non-transactional communications by clicking on the "unsubscribe" link located on the bottom of Our marketing emails. Additionally, you may send a request to support@makeofferapp.com to receive the information we have available, as well as amend, or request deletion of such information at no cost.

Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

When deciding what the correct time is to keep the data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.

For tax purposes the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.

Changes

We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.

Contact Us

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at: support@makeofferapp.com

Your Right to Contact a Supervisory Authority

You have the right to contact your local Data Protection Authority [Supervisory Authority, AKA Regulator], you can find a list of the local Supervisory Authority here: https://edpb.europa.eu/about-edpb/about-edpb/members_en