Platform
- Reviews
  
  Build real trust
- Referrals
  
  Scale word-of-mouth
- Surveys
  
  Know your customers
- Quizzes
  
  Sell more products
- Loyalty
  
  Get first access
- Customer Marketing Platform
  
  Explore platform
Customers
- Customer Stories
  
  See customer growth
- Customer Showcase
  
  Get inspired
- Customer Success
  
  Get our support
Resources
- Help Center
  
  Learn now
- Developers
  
  Read docs
- Status
  
  Check status
- Blog
  
  Get the latest
- Webinars
  
  Watch the latest
- Guides
  
  Access now
Pricing

Last updated on April 29, 2023

GDPR

What is GDPR?

The General Data Protection Regulation (GDPR) is a law that came into effect on 25th May 2018 to regulate how the personal data of European residents can be collected, used, and processed by businesses. It seeks to provide and emphasise the fundamental rights and freedoms of individuals regarding their right to the protection of personal data.

The introduction of this law extends to all companies who handle personal data of European individuals, regardless of size and even if the company originated or exists outside of the EU.

Under the GDPR, Okendo is considered a “data processor”. As your business has a direct relationship with your customers, it is likely to be considered a “data controller”. This means that we have obligations to you with respect to GDPR compliance, and in turn you have obligations to your customers.

Okendo is committed to maintaining GDPR compliance and to ensuring our customers and end users are protected.

How does Okendo support you and your GDPR obligations?

Okendo has regularly updated its Privacy Policy and its Terms of Service as developments in the law have emerged to ensure continuing compliance for you, your business and your customers.

Okendo has also prepared a Data Processing Addendum applicable to all Okendo merchants located in the European Union or to whom the GDPR applies, which is based on the European Commission’s Standard Contract Clauses. This enables secure transfer of end user data outside of the European Union, and ensures we are able to provide our service to you in a GDPR compliant manner.

What does this mean for us and our customers?

Ease of Data Access – Your customers may request to access the personal information your company keeps about them. To access this data, follow the instructions outlined in Shopify’s documentation. Shopify will forward the data request to Okendo as part of their process. Okendo will automatically email the store owner with a temporary link to download the customer’s personal information. The link expires in 12 hours. The downloaded information can then be passed on to the requesting individual.

Data Rectification and Amendment – If a customer would like to change or amend any personal data that Okendo may be storing, please reach out to support@okendo.io

Data Deletion – Customers now have the right to request that you remove their personal data from your records. As your data processor, we do store information about your customers while our app remains installed on your Shopify store. If you need this data deleted, follow the instructions outlined in Shopify’s documentation.

Data portability – Similar to a customer’s right to Data Access, this same process also allows customers to receive their data in a portable, interoperable format.

Right to restriction of processing – Your customers may request to freeze the processing of his or her data. Using your Okendo admin, you can quickly remove this customer email address from Okendo’s email delivery system and blocklist their email as well. You can also reach out to support@okendo.io to have our team remove all published content so that it will no longer be displayed on your site.

Data Protection Officers – Okendo has trained staff available to respond to enquiries and ensure ongoing GDPR compliance. If you have any questions about Okendo and the GDPR, please reach out to gdpr@okendo.io.

Do I need to do anything as a Merchant?

There are some changes to the way you can use the information you hold to communicate with your customers, particularly where the information is collected for a specific purpose. For example, Including marketing such as product recommendations in a review request email is now against GDPR regulations

If you are subject to the GDPR, we ask that you update your company’s Privacy Policy and other data privacy terms to note Okendo as a data processor on your behalf. Sample language is provided below, however please source your own legal advice on any modifications to your privacy policy:

We may contact you via email to invite you to review any services and/or products you received from us.

We use an external company, Okendo Pty Ltd (“Okendo”), to collect your feedback which means that we will share your name, email address and order details with Okendo.

If you choose to provide feedback, we may use your first name and an initial, as well as any pictures, images, or videos you provide to Okendo on our behalf for our advertising and promotional purposes.

Our Data Sub-Processors

Just as we offer services to you as a data processor, we also use data processors in the operation of our business. You can find the list of data process we use below:

Shopify
- Location: Toronto, Canada
- https://help.shopify.com/en/manual/your-account/privacy/GDPR/gdpr-faq#why-cant-i-sign-a-data-processing-agreement-dpa-with-shopify
- https://www.shopify.com/legal/dpa
Sendgrid, Inc.
- Location: Denver, USA
- https://sendgrid.com/resource/general-data-protection-regulation-2/
- https://www.twilio.com/legal/data-protection-addendum
Google LLC
- Location: California, USA
Hubspot
- Location: Massachusetts, USA
- https://www.hubspot.com/data-privacy/privacy-shield
- https://www.hubspot.com/data-privacy/gdpr
Intercom
Amazon Web Services
- Location: Washington, USA
- https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf
- https://aws.amazon.com/blogs/security/aws-gdpr-data-processing-addendum/
Facebook