Privacy policy Shopify

Garnet Creditworthiness Score is an application designed to provide the service of identifying possibility of e-commerce fraud (the «Service») operated by Garnet Collect, S.L. («Garnet Creditworthiness Score», «we», «us», and «our») a company headquartered in Spain. The Service allows retailers to determine the risk of e-Commerce transaction.
We also provide additional software tools including apps for e-commerce platforms that support the Service and other services that are complementary to the Service (collectively, the «Software»).
We process your Personal Data in our Garnet Creditworthiness Score application (the “App”) or in our Garnet Creditworthiness Score plug-ins (the “Plug-in”) or in our Garnet Creditworthiness Score API (the “API”) or in our fraud detection solution located at https://www.garnet24.com (collectively, with the App, the Plug-in and the API, or the “Service”).
To support the Service we operate the website https://www.garnet24.com , and its subdomains (the «Website»). Therefore, we may collect your Personal Data when you contact us or access the website located at https://www.garnet24.com property of Garnet Collect, S.L.
The Service as well as all Software and the Website that we operate, as well as the Personal Data that we collect or store from current, prospective, and former Clients of our Service are covered under this policy.
By using the Service, our Software, or our Website, you agree to the terms of this Privacy Policy.

WHO WE ARE?

Identity:		GARNET COLLECT S.L.
TAX ID:		B-06852073
Postal address:		PASEO DE GRACIA 101, PRINCIPAL 2º, 08008 BARCELONA
Website:		https://garnet24.com/es/
E-mail:		[email protected]
DPD contact details:		[email protected]

PURPOSE FOR WHICH YOUR DATA IS PROCESSED

Data Used in the Service:
We provide our Service to our Clients and, as a result, we act as a processor on behalf of our Clients for the Personal Information we receive and process about the customers of our Clients through our Service. We are not responsible for the privacy and data protection practices of our Clients and these may differ from the policies described in this privacy policy. Please contact individual Clients for information about their policies and practices.
The Personal Data we receive for use in our Service is provided by our Clients. We receive order related information which we store in the Service to determine possibility of e-commerce fraud.

Data Collected Via Website or Clients:
When you visit our Website, contact us directly, or are a current, prospective, or former Clients of our Service you may be asked to enter your personal data to give access to any functionality or service on the Website, certain fields will be clearly marked as mandatory, as a result, we act as a controller for the Personal Information we collect directly through our Website. This information is necessary to provide the services or give access to the functionality in question.
By entering data in the required fields and ticking the corresponding boxes, expressly and unequivocally you accept that your data is necessary for the us as a provider to deal with your request.
If you do not provide this type of data, you will not be able to complete your registration and there is no guarantee that you will be able to use the services or functionalities of the Website, or that the information and services provided will be completely adjusted to your needs.

We process your personal data for the following purposes:

The provision of the Service
Administrative and commercial management of customers and suppliers.
Management of debt collection.
Management of the information and contents of our web page https://garnet24.com/es/.
Management and communication of queries on the web.
Etc.

DATA WE COLLECT ABOUT YOU
Two types of data:

Data Used in The Service:
The Personal Data we receive for use in our Service is described in detail in the Table below. With respect to the Personal Data used in the Service we only receive important order information required to determine the risk of e-Commerce transaction. The order information is based on the data received in shopping cart during e-Commerce checkout process. Our Clients may also add JavaScript in their web sites to collect the web activities of visitors.

Data Collected Via Website or Clients:
When you visit our Website, contact us directly, or are a current, prospective, or former Clients of our Service, we may collect and process the following categories of Personal Data about you, for example: Identifiers, Special Categories of Personal Data, Commercial Information, Geolocation data, etc.
This Policy doesn’t cover to the Personal Data of our employees, job applicants, contractors, business owners, directors, officers, and other staff.

LAWFULNESS FOR THE PROCESSING OF YOUR DATA
We must have a valid reason to use your Personal Data. Within the scope of this, we may rely on one or more of the following lawful grounds for processing of your Personal Data:

The processing is carried out on the basis of a contractual relationship.
The processing is carried out on the basis of the data subject’s consent.
Our legitimate interests and the legitimate interests of our customers for the purpose of facilitating the fulfillment of their business needs, which may include the detection and prevention of credit card fraud, compliance with export control and sanctions, etc.

Where we receive your Personal Data as part of providing our Services to you based on a contract, we require such Personal Data to be able to carry out the contract. Without that necessary Personal Data, we will not be able to provide the Services to you.

PROCESSING OF PERSONAL DATA

Data Used in The Service:
Our Clients decide how to use this information. Usually, they use this information for fraud analysis and export control. They may use the Personal Data we process to decide if they want to accept or to decline an order. They may also use the Personal Data we process to identify whether you are using a proxy server, to comply with export control laws and sanctions.
The Table below contains more information about how we receive Personal Data for the Service, and the categories of third parties with whom we share Personal Data used in the Service.

Data Collected Via Website or Clients:
Additionally, if you access our website, contact us, or sign up as a Clients for our Service, we collect and process Personal Data:

to respond to your inquiries, and/or other requests or questions;
to sell our services to you, including processing your payments;
to pay commissions to our affiliates;
to identify how you interact with our Website;
to improve our Website;
to enable us to send you our newsletter; and
for logging and statistical purposes.

We don’t collect additional categories of Personal Data without informing you.

RECIPIENTS OF ASSIGNMENTS OR TRANSFERS
The data will be transferred, if necessary, to: banks and savings banks, public administrations, to the persons in charge of the processing that give different support to GARNET COLLECT S.L., as well as to the necessary third parties with whom the communication is necessary and/or obliged by law, in order to comply with the provision of the aforementioned service.

SHARING PERSONAL DATA WITH THIRD PARTIES
We may use third-party vendors to perform certain services on our behalf. We may share your Personal Data with these third-party vendors solely to enable them to perform the services for us. In providing them with your Personal Data, we require that these third-party vendors maintain at least the same level of data protection that we maintain for your Personal Data. We do not provide your Personal Data to parties unconnected with the services we provide.

Data Used In The Service:
For data-subjects whose Personal Data we process as part of providing the Service, see the Table below for more information about which third parties, including vendors, may receive your Personal Data.

Data Collected Via Website or Clients:
For visitors to our website, individuals who contact us directly or who are current, prospective, or former clients, we share the Personal Data we collect about you with certain third-party vendors who perform services on our behalf. These third-party vendors include those providing:

infrastructure services;
analytics services;
payment processing services;
service desk and bug tracking software services; and
email services.

SUMMARY TABLE: DATA USED IN THE SERVICE
This table summarizes the Personal Data we collect as part of the Service. The Personal Data we collect from our Website, from individuals who contact us directly, and from our Clients is described above.

Personal Data We May Collect, Process, or Store	How We Obtain It	Business/Commercial Purpose for this Collection	Third Parties Who Receive this Information
Identifiers First and last name, username, email address, company name, phone number, IP address and device fingerprint.	Identifiers We obtain this information through order form in our web site or obtain this information us through the Service from our customers.	Identifiers To provide fraud analysis to our customers for the purpose of providing the Service; our legitimate interests and those of our customers (as detailed above).	Identifiers Certain third party vendors that provide infrastructure support services, and software management services (service desk, bug tracking, etc.).
Special Categories of Personal Data credit card information	Special Categories of Personal Data Same as above.	Special Categories of Personal Data Same as above.	Special Categories of Personal Data Same as above.
Commercial Information Order amount, order currency and order quantity.	Commercial Information Same as above.	Commercial Information Same as above.	Commercial Information Same as above.
Internet or other similar network activity Information about your interaction with our website and our advertising for the Service; whether you are using a proxy server; information about which Internet Service Provider you are using and their location; Internet connection speed, ISP domain name; mobile carrier and usage type information.	Internet or other similar network activity Same as above.	Internet or other similar network activity Same as above.	Internet or other similar network activity Same as above.
Geolocation Data Billing address and shipping address.	Geolocation Data Same as above.	Geolocation Data Same as above.	Geolocation Data Same as above.

THE RIGHTS OF THE INTERESTED PARTIES

What are your rights?

Any person has the right to obtain confirmation as to whether GARNET COLLECT S.L. is processing his or her personal data, or not.
Interested parties have the right to access their personal data, as well as to request the rectification of inaccurate data or, in any case, request deletion when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
Data subjects have the right to object to the processing of their personal data.
You have the right to obtain from us confirmation as to whether or not we process Personal Data concerning you, and, where that is the case, a copy of or access to the Personal Data and certain related information.
We will stop processing the relevant Personal Data unless: we have compelling legitimate grounds for the processing that override your interests, rights, or freedoms; or we need to continue processing your Personal Data to establish, exercise, or defend a legal claim.
In certain circumstances provided for in Article 18 of the GDPR, data subjects may request the limitation of the processing of their data, in which case they will only retain them for the exercise or defense of claims.
Under the right to portability, data subjects have the right to obtain the personal data concerning them in a structured, commonly used, and machine-readable format and to transfer it to another data controller.
You have the right to ask us to not sell your Personal Data at any time. We do not sell the information we collect from our Website or from our Clients.

How can you exercise your rights?

By writing to GARNET COLLECT S.L., Paseo de Gracia 101, Principal 2º, 08008 Barcelona, Spain.
By writing to GARNET COLLECT S.L. to the e-mail address: [email protected].

What are the ways of claiming?
If you feel that your rights have not been properly addressed, you have the right to file a complaint with the Spanish Agency for Data Protection (www.aepd.es).

RETENTION PERIOD OF YOUR DATA

Your data will be kept:

As long as the business relationship is maintained.
Your data may be retained after the end of any contractual relationship with the parties involved for a period of five (5) years to comply with legal obligations, without prejudice to those data that must be retained for a longer period due to legal imposition and prescription of responsibilities.
The personal data provided will be kept until the interested party requests deletion, provided that such deletion is appropriate.
During the period of conservation due to legal obligation and prescription of responsibilities, the data will be kept blocked.
Upon expiration of the retention period, the data will be destroyed.

RETENTION PERIOD OF YOUR DATA
Your data will be kept:

As long as the business relationship is maintained.
Your data may be retained after the end of any contractual relationship with the parties involved for a period of five (5) years to comply with legal obligations, without prejudice to those data that must be retained for a longer period due to legal imposition and prescription of responsibilities.
The personal data provided will be kept until the interested party requests deletion, provided that such deletion is appropriate.
During the period of conservation due to legal obligation and prescription of responsibilities, the data will be kept blocked.
Upon expiration of the retention period, the data will be destroyed.

VERACITY OF THE DATA
The information provided by the interested party must be truthful, otherwise he/she will be responsible for any damage that may be caused to the entity or to third parties for not providing authentic data.

ADDITIONAL INFORMATION
We are committed to keeping your Personal Data safe. We will be maintaining technical, administrative, and physical measures that are reasonably designed to help protect Personal Data from unauthorized processing. Unauthorized processing includes unauthorized access, exfiltration, theft, disclosure, alteration, or destruction.

Data Integrity & Security
We are strongly committed to keeping your Personal Data safe. Garnet Collect has implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect Personal Data from unauthorized processing. Unauthorized processing includes unauthorized access, exfiltration, theft, disclosure, alteration, or destruction

Data Retention
Personal Data processed in relation to our Service is retained as described in the paragraph “Retention Period of Your Data”. However, you may send a request to us to ask to delete your Personal Data at any time, subject to the limitations described in this Notice.
We process the data in a lawful, loyal, transparent, adequate, pertinent, limited, exact and updated way. That is why we undertake to take all reasonable measures to ensure that they are deleted or rectified without delay when they are inaccurate.
As long as the interested parties do not inform us to the contrary, we will understand that their data have not been modified and they will be responsible for notifying us of any variation.

TREATMENT OF DATA OF MINORS
None of our services and specifically the Service are not directed at, or intended for use by, children under the age of 18.
It is forbidden to provide data through this portal of persons under fourteen (14) years of age. If any person under this age provides data, their parents or guardians will be solely responsible for this situation.

COOKIES
A “cookie” is a small file stored on your device that contains information about your computer. We may use cookies for session management, targeted advertising, and web analytics. Most of the cookies placed on your device through our Services are first-party cookies since they are placed directly by us. Other parties, use our Services. Please refer to the policies of these third parties to learn more about the way in which they collect and process information about you.
Clients or Visitors who do not wish to allow us to use cookies may use their web browser settings to prevent us from doing so at any time. Note, if you reject certain cookies, you may not be able to access all of our Website’s features. For more information, please visit https://www.aboutcookies.org/.
Please see our Cookie Policy for more information about the cookies we place on our Website.

YOUR IDENTITY

Data Collected Via Website or Clients:
To evaluate your privacy rights requests, we need to be sure it was you who made the request. Consequently, we might need some identification to check that you are who you say you are.
For this verification we may ask you for specific information, including certain Personal Data. We will only use the Personal Data you provide us in a request to verify the requestor’s identity or authority to make the request.

Data Used in the Service:
As discussed above, we will verify your identity by matching the email address to the email address we have stored in the Service. If the two do not match, we will need to verify your identity by another method. We will likely require you to obtain a certification or attestation. We may also ask for certain Personal Data such as your Name or email address so that we may contact you about your request. We will only use this information to contact you about your request and will delete this information once the request is complete.

VALIDITY AND MODIFICATION OF THIS DATA PROTECTION POLICY
We reserve the right to modify its privacy policy if there is a change in current legislation, jurisprudential doctrine or for its own business criteria. If any change is introduced in this policy, the new text will be post in this same address.