Privacy Policy

Privacy Policy

Last updated: 19th December 2024

Who we are and what we do

Who we are

We are Union Works Limited (“Union Works Limited”, “us”, “we”, “our”). We are a limited company registered in England and Wales under registration number 10900591 and we have our registered office at 86-90 Paul Street, London, EC2A 4NE. We are registered with the UK supervisory authority, Information Commissioner’s Office (“ICO”) in relation to our processing of Personal Data under registration number ZA504018 

What we do

We combine our development and eCommerce experience to conceive, build and deliver smart and robust Shopify apps to merchants all over the world.  We work hard to ensure that merchants get the most out of our apps and do our best to answer support tickets as soon as we can (throughout the day and sometimes through the night.

We and our affiliates, subsidiaries and related entities are committed to protecting the privacy and security of the Personal Data we process about you.

Unless we notify you otherwise, we are the data controller of the Personal Data we process about you. This means that we decide what Personal Data to collect and how to process it.

If you are a merchant (Merchant) and you have installed and authorised a Union Works software application (the App) we are the data controller of the personal data that you provide to us (Merchant Data). If you are a customer of a Merchant (a Customer) and we access your personal data or the Merchant provides to us your personal data, then we are the data processor of such personal data (Customer Data).

Purpose of this privacy notice

The purpose of this privacy notice is to explain what Personal Data we collect about you and how we process it. This privacy notice also explains your rights, so please read it carefully. If you have any questions, you can contact us using the information provided below under the ‘How to contact us’ section.

Who this privacy notice applies to

This privacy notice applies to you if:

  1. You visit our website
  2. You purchase services from us
  3. You enquire about our services
  4. You use our Apps
  5. You sign up to receive newsletters and/or other promotional communications from us

What Personal Data is

‘Personal Data’ means any information from which someone can be identified either directly or indirectly. For example, you can be identified by your name or an online identifier.

‘Special Category Personal Data’ is more sensitive Personal Data and includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying someone, data concerning physical or mental health or data concerning someone’s sex life or sexual orientation. 

Personal Data we collect

Personal data means any information capable of identifying an individual. It does not include anonymised data.

We may process the following categories of personal data about you:

  • Communication Data that includes any communication that you send to us whether that be through the contact form on our website, through our apps, through email, text, social media messaging, social media posting or any other communication that you send us. We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defence of legal claims. Our lawful ground for this processing is our legitimate interests which in this case are to reply to communications sent to us, to keep records and to establish, pursue or defend legal claims.

  • Customer Data that includes data relating to any purchases of goods and/or services such as your name, title, billing address, delivery address email address, phone number, contact details, purchase details and your card details. We process this data to supply the goods and/or services you have purchased and to keep records of such transactions. Our lawful ground for this processing is the performance of a contract between you and us and/or taking steps at your request to enter into such a contract.

  • User Data that includes data about how you use our website and any online services together with any data that you post for publication on our website or through other online services. We process this data to operate our website and ensure relevant content is provided to you, to ensure the security of our website, to maintain back- ups of our website and/or databases and to enable publication and administration of our website, other online services and business. Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business.

  • Technical Data that includes data about your use of our website and online services such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website. The source of this data is from our analytics tracking system. We process this data to analyse your use of our website and other online services, to administer and protect our business and website, to deliver relevant website content and advertisements to you and to understand the effectiveness of our advertising. Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business and to grow our business and to decide our marketing strategy.

  • Marketing Data that includes data about your preferences in receiving marketing from us and our third parties and your communication preferences. We process this data to enable you to partake in our promotions such as competitions, prize draws and free give-aways, to deliver relevant website content and advertisements to you and measure or understand the effectiveness of this advertising. Our lawful ground for this processing is our legitimate interests which in this case are to study how customers use our products/services, to develop them, to grow our business and to decide our marketing strategy.

  • We may use Customer Data, User Data, Technical Data and Marketing Data to deliver relevant website content and advertisements to you (including Facebook adverts or other display advertisements) and to measure or understand the effectiveness of the advertising we serve you. Our lawful ground for this processing is legitimate interests which is to grow our business. We may also use such data to send other marketing communications to you. Our lawful ground for this processing is either consent or legitimate interests (namely to grow our business).

How we collect your Personal Data

We may collect data about you by you providing the data directly to us (for example by filling in forms on our site or by sending us emails). We may automatically collect certain data from you as you use our website by using cookies and similar technologies. Please see our cookie policy for more details about this.

We may receive data from third parties such as analytics providers such as Google based outside the EU, advertising networks such as Facebook based outside the EU, such as search information providers such as Google based outside the EU, providers of technical, payment and delivery services, such as data brokers or aggregators. We may also receive data from publicly available sources such as Companies House and the Electoral Register based inside the EU

However, we may also collect your Personal Data from third parties such as:

  • reputable companies who provide lead generation contact lists
  • others to whom you have provided consent
  • publicly available sources such as social media platforms

Purposes, lawful bases and retention periods

We will only use your Personal Data when the law allows. Most commonly, we will use your Personal Data in the following circumstances:

Marketing Communications

Our lawful ground of processing your personal data to send you marketing communications is either your consent or our legitimate interests (namely to grow our business).

Under the Privacy and Electronic Communications Regulations, we may send you marketing communications from us if (i) you made a purchase or asked for information from us about our goods or services or (ii) you agreed to receive marketing communications and in each case, you have not opted out of receiving such communications since. Under these regulations, if you are a limited company, we may send you marketing emails without your consent. However, you can still opt out of receiving marketing emails from us at any time.

Before we share your personal data with any third party for their own marketing purposes we will get your express consent.

You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by emailing us at dpo@unionworks.co.uk at any time.

If you opt out of receiving marketing communications this opt-out does not apply to personal data provided as a result of other transactions, such as purchases, warranty registrations etc.

Where Personal Data is processed because it is necessary for the performance of a contract to which you are a party, we will be unable to provide our services without the required information.

Sharing your Personal Data

We may have to share your personal data with the parties set out below:

  • Service providers who provide IT and system administration services.
  • Professional advisers including lawyers, bankers, auditors and insurers
  • Government bodies that require us to report processing activities.
  • Third parties to whom we sell, transfer, or merge parts of our business or our assets.
  • AI providers that develop our support chatbot/messenger

We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.

International Transfers

Your Personal Data may be processed outside of the UK. This is because the organisations we use to provide our service to you are based outside the UK.

We have taken appropriate steps to ensure that the Personal Data processed outside the UK has an essentially equivalent level of protection to that guaranteed in the UK. We do this by ensuring that:

  • Your Personal Data is only processed in a country which the Secretary of State has confirmed has an adequate level of protection (an adequacy regulation), or
  • We enter into an International Data Transfer Agreement (“IDTA”) with the receiving organisation and adopt supplementary measures, where necessary. (A copy of the IDTA can be found here international-data-transfer-agreement.pdf (ico.org.uk)).

Your rights and how to complain

You have certain rights in relation to the processing of your Personal Data, including to:

  • Right to be informed
    You have the right to know what personal data we collect about you, how we use it, for what purpose and in accordance with which lawful basis, who we share it with and how long we keep it. We use our privacy notice to explain this.
  • Right of access (commonly known as a “Subject Access Request”)
    You have the right to receive a copy of the Personal Data we hold about you.
  • Right to rectification
    You have the right to have any incomplete or inaccurate information we hold about you corrected.
  • Right to erasure (commonly known as the right to be forgotten)
    You have the right to ask us to delete your Personal Data.
  • Right to object to processing
    You have the right to object to us processing your Personal Data. If you object to us using your Personal Data for marketing purposes, we will stop sending you marketing material.
  • Right to restrict processing
    You have the right to restrict our use of your Personal Data.
  • Right to portability
    You have the right to ask us to transfer your Personal Data to another party.
  • Automated decision-making.
    You have the right not to be subject to a decision based solely on automated processing which will significantly affect you. We do not use automated decision-making.

  • Right to withdraw consent
    If you have provided your consent for us to process your Personal Data for a specific purpose, you have the right to withdraw your consent at any time. If you do withdraw your consent, we will no longer process your information for the purpose(s) you originally agreed to, unless we are permitted by law to do so.
  • Right to lodge a complaint
    You have the right to lodge a complaint with the relevant supervisory authority, if you are concerned about the way in which we are handling your Personal Data. The supervisory authority in the UK is the Information Commissioner’s Office who can be contacted online at:

    Contact us | ICO

    Or by telephone on 0303 123 1113

    For supervisory authorities in other countries within the EU see the link below:

    https://edpb.europa.eu/about-edpb/about-edpb/members_en

How to exercise your rights

You will not usually need to pay a fee to exercise any of the above rights. However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

If you wish to exercise your rights, you may contact us using the details set out below within the section called ‘How to contact us and our Data Protection Officer’. We may need to request specific information from you to confirm your identity before we can process your request. Once in receipt of this, we will process your request without undue delay and within one month. In some cases, such as with complex requests, it may take us longer than this and, if so, we will keep you updated.  

Children’s Privacy

We do not offer our products and services to children and we do not knowingly collect Personal Data of children without parental consent, unless permitted by law. If you are a child, you must have your parent’s permission to use our services. If you learn that a child has provided us with their Personal Data without parental consent, you may contact us, as described below, and if appropriate, we will securely and permanently delete it, in accordance with applicable law. 

Data Security

We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We also allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data on our instructions and they must keep it confidential.

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.

How to contact us and our Data Protection Officer

If you wish to contact us in relation to this privacy notice or if you wish to exercise any of your rights outlined above, please contact us as follows:

Full name of legal entity: Union Works Limited

Data Protection Officer: Evalian Limited

Email address: dpo@unionworks.co.uk

Postal address: 86-90 Paul Street, London, EC2A 4NE

It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at dpo@unionworks.co.uk

Third Party Links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

When deciding what the correct time is to keep the data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.

For tax purposes the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.

In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you. 

Changes to this privacy notice

We may update this notice (and any supplemental privacy notice), from time to time as shown below. We will notify of the changes where required by applicable law to do so.

If you would like to receive a copy of previous versions of this notice, please contact us at dpo@unionworks.co.uk