Privacy Policy

Last updated: March 21, 2025

Welcome to Remerce.ai, a Shopify application (the “Application”) designed to help D2C brands and e-tailers manage and resell returned items directly on their preferred platform. This Privacy Policy describes Our policies and procedures on the collection, use, and disclosure of Your information when You use the Service, as well as Your privacy rights and how the law protects You.

By installing or using Our Service, You agree to the collection and use of information in accordance with this Privacy Policy.

---

1. Interpretation and Definitions

1.1 Interpretation

Words whose initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

1.2 Definitions

For the purposes of this Privacy Policy:

• Account means a unique account created for You to access or use Our Service or parts of Our Service.
• Affiliate means an entity that controls, is controlled by, or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for election of directors or other managing authority.
• Application refers to Remerce.ai, the Shopify app provided by the Company.
• Company (referred to as either “the Company,” “We,” “Us,” or “Our” in this Privacy Policy) refers to Remerce B.V, Bolksbeekstraat 2, 3521CR, Utrecht, The Netherlands, registered with the Dutch Chamber of Commerce (KvK) under number 96487674.
• Country refers to the Netherlands.
• Device means any device that can access the Service such as a computer, a cellphone, or a digital tablet.
• Personal Data is any information that relates to an identified or identifiable individual.
• Service refers to the Application, including the associated SaaS platform used to manage and resell returned items.
• Service Provider means any natural or legal person who processes data on behalf of the Company, including third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service, or to assist the Company in analyzing how the Service is used.
• Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
• You means the individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

---

2. Who We Are

Remerce.ai is operated by Remerce B.V in the Netherlands. Our solution integrates with Shopify stores to help D2C brands manage returned items and resell them directly on their product pages. We are committed to protecting Your Personal Data, respecting Your privacy, and operating in compliance with Dutch and European data protection laws (including the General Data Protection Regulation, or GDPR).

---

3. Types of Data We Collect

3.1 Shopify Store Information

When You install Our Application on Your Shopify store, We collect and store information such as:

• Store name
• Contact email
• Store URL
• Access tokens (to enable seamless integration and functionality)

3.2 Order and Return Data

To help You manage returns and resell products, We collect relevant order and return details, including:

• Customer order information
• Product details related to returns and inventory

3.3 Customer Data

Customer data is collected only as necessary to:

• Process returns
• Manage product listings directly on Your Shopify store

3.4 Usage Data

Usage Data is collected automatically when using the Service and may include:

• Device’s Internet Protocol (IP) address
• Browser type and version
• Pages of Our Service that You visit
• Time and date of Your visit
• Time spent on those pages
• Unique device identifiers
• Other diagnostic data (e.g., interactions, clicks, and usage behaviors within the Application)

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, unique device ID, mobile operating system, and mobile Internet browser type.

3.5 Information Collected While Using the Application

With Your permission, We may collect:

• Pictures and other information from Your Device’s camera or photo library, if You choose to provide or upload such images to facilitate listing returned items.

3.6 Sensitive or Special Categories of Data

We do not intentionally collect or process any special categories of Personal Data (e.g., health data, biometric data, racial or ethnic origin) unless specifically required in the context of providing Our Service and only with Your explicit consent or as otherwise permitted by law.

---

4. Legal Bases for Processing (GDPR)

If You are located in the European Economic Area (EEA) or the UK, We rely on the following legal bases for collecting and processing Your Personal Data:

1. Performance of a Contract: Where processing is necessary for the performance of a contract to which You are a party (e.g., to provide the Service You requested).
2. Legitimate Interests: Where processing is in Our legitimate business interests (e.g., to improve the Service), provided those interests are not overridden by Your fundamental rights and freedoms.
3. Consent: Where You have given Us clear consent for a specific purpose (e.g., subscribing to marketing communications). You can withdraw Your consent at any time by contacting Us.
4. Legal Obligation: Where processing is necessary to comply with a legal obligation (e.g., tax, accounting, or other legal requirements).

---

5. Roles Under GDPR: Data Controller vs. Data Processor

• Data Controller: In certain cases, We act as a Data Controller (e.g., when We collect account data from You for billing or administration).
• Data Processor: In other contexts, particularly regarding Your customers’ Personal Data, We act as a Data Processor on behalf of Your Shopify store. In such instances, We only process that Personal Data under Your instructions (the store owner) and in accordance with Our Data Processing Agreement (available upon request).

---

6. How We Use Your Personal Data

We use the Personal Data We collect for the following purposes:

1. Service Provision

   • To provide, maintain, and improve the Service, including displaying and managing return options on Your product pages.
   • To enable seamless integration with Shopify and ensure the Application’s functionality.

2. Account Management

   • To create and manage Your Account as a registered user of the Service.

3. Order and Return Management

   • To assist You in processing and reselling returned items, including updating product listings and inventory management.

4. Customer Support

   • To communicate with You via email, telephone calls, or other electronic communications and to respond to inquiries or provide support regarding the Service.

5. Service Improvements

   • To analyze usage trends, enhance Our features, and improve the performance and functionality of the Application.

6. Legal Compliance

   • To comply with Dutch and European data protection laws, resolve disputes, and enforce Our agreements.

7. Marketing and Communications

   • To provide You with news, special offers, or general information about similar products or services We offer, unless You have opted out of receiving such information.

8. Business Transfers

   • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, where Personal Data held by Us about Our Service users is among the assets transferred.

9. Other Purposes

   • For data analysis, identifying usage trends, and determining the effectiveness of promotional campaigns to improve Our products, services, marketing, and Your overall experience.

---

7. Cookies and Tracking Technologies

We may use cookies, web beacons, and similar tracking technologies to collect information about how You use Our Service and to provide features within Our Service.

1. What Are Cookies?

   • Cookies are small text files placed on Your Device by a website or app to store information about Your usage patterns.

2. Types of Cookies

   • Essential Cookies: Required for the operation of the Service (e.g., to enable login functionality).
   • Analytics Cookies: Help us understand how the Service is used (e.g., pages visited, time on site), so We can improve.

3. Your Choices

   • Most web browsers automatically accept cookies, but You can modify Your browser settings to decline cookies if You prefer. However, blocking or deleting cookies may affect the functionality of the Service.

4. Other Tracking Technologies

   • We may also use technologies like pixel tags or web beacons to measure usage patterns or the effectiveness of email campaigns.

---

8. Data Sharing and Disclosure

8.1 Service Providers

We may share Your Personal Data with trusted third-party providers who assist in operating Our Service. These partners are bound by strict confidentiality obligations and are only provided with the data necessary to perform their functions.

8.2 Business Transfers

If the Company is involved in a merger, acquisition, or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

8.3 Legal Requirements

We may disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities, including courts or government agencies.

8.4 Affiliates

We may share Your information with Our affiliates, in which case We will require those affiliates to honor this Privacy Policy.

8.5 With Your Consent

We may disclose Your Personal Data for any other purpose with Your explicit consent.

---

9. International Data Transfers

Your information, including Personal Data, may be transferred to—and maintained on—servers located outside of Your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in Your jurisdiction.

If You are in the EEA or UK, and Your Personal Data is transferred outside the EEA or UK, We will ensure that an adequate level of protection is in place (e.g., using Standard Contractual Clauses or relying on an adequacy decision where applicable).

---

10. Data Security

We use industry-standard security measures to protect Your Personal Data. Access to Personal Data is restricted to authorized personnel only, and We continuously review Our security practices to help prevent unauthorized access, loss, or misuse of data. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

---

11. Data Retention

We retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected and to comply with applicable legal obligations. We may also retain certain information for internal analysis or security purposes. If You wish to request the deletion of Your data, please see Section 12.2 (Delete Your Personal Data).

---

12. Your Rights

12.1 Access, Correction, and Objection

If You are located in the European Economic Area (EEA), UK, or a similar jurisdiction, You have certain rights regarding Your Personal Data:

• Access: Request a copy of the Personal Data We hold about You.
• Correction: Ask Us to correct or update any inaccurate or incomplete data.
• Objection: Object to Our processing of Your Personal Data, where We rely on legitimate interests as Our legal basis.

12.2 Delete Your Personal Data

You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.

• Self-Deletion: Our Service may give You the ability to delete certain information within Your Account settings.
• Request Deletion: You may also contact Us at any time to request access to, correct, or delete any Personal Data that You have provided to Us.
• Retention Exceptions: Please note that We may need to retain certain data if We have a legal obligation or lawful basis to do so (e.g., compliance with legal obligations).

To exercise any of these rights, please contact Us at support@remerce.ai.

---

13. Additional Disclosures for California Residents (CCPA)

If You are a California resident, You may have additional privacy rights under the California Consumer Privacy Act (CCPA):

• Categories of Personal Information Collected: We collect the categories of personal information described in Section 3 of this Policy.
• Right to Know and Delete: California residents have the right to request that We disclose certain details about Our data collection and processing practices, and to request deletion of their personal information (subject to certain exceptions).
• Right to Opt Out of Sale/Sharing: We do not sell personal information as defined by the CCPA.
• Non-Discrimination: We will not discriminate against You for exercising any of Your CCPA rights.

California residents may exercise their rights by contacting Us at support@remerce.ai.

---

14. Do Not Track (DNT) Signals

Some browsers transmit “Do Not Track” (DNT) signals to websites. Because there is no universally accepted standard for DNT, We currently do not take action to respond to DNT signals. We will continue to monitor developments around DNT browser technology and reassess Our approach as standards evolve.

---

15. Data Protection Officer (If Applicable)

We will appoint a Data Protection Officer (DPO) if required by law. Currently, We do not meet the thresholds mandating a DPO under the GDPR. However, if You have any questions regarding data protection, You can still address them to support@remerce.ai.

---

16. Children’s Privacy

Our Service does not knowingly collect or solicit Personal Data from children under 16 years of age. If We learn that We have collected Personal Data from a child under 16 without parental consent, We will delete that information as quickly as possible. If You believe that a child under 16 may have provided Us with Personal Data, please contact Us immediately at support@remerce.ai.

---

17. Changes to This Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date at the top of this Privacy Policy. We encourage You to review this page periodically to stay informed of how We are protecting Your data. Changes to this Privacy Policy are effective when they are posted on this page.

---

18. Contact Us

If You have any questions about this Privacy Policy, Our data practices, or Your rights, please contact Us at:

Remerce B.V
Bolksbeekstraat 2
3521CR, Utrecht, The Netherlands
KvK Number: 96487674
Email: support@remerce.ai

We are committed to protecting and respecting Your privacy. Thank You for using Remerce.ai.