For answers to some frequent questions about GDPR please see our FAQ page here.

Vendsta (“We”) are committed to protecting and respecting your privacy.
This policy (together with our Terms and Conditions and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. We keep certain basic information when you visit our website and recognise the importance of keeping that information secure and letting you know what we will do with it.

This policy only applies to our site. If you leave our site via a link or otherwise, you will be subject to the policy of that website provider. We have no control over that policy or the terms of the website and you should check their policy before continuing to access the site.

In order to ensure confidentiality and lawful processing of its, Visitors, Customers and Campaign Users personal data, Vendsta in its capacity of a data controller and of a processor, conducts its activities in strict compliance with the requirements set in GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of this data.

This policy sets out:

  • details of the personal information that we may collect from you;
  • information about how we use your personal information;
  • information about the limited way we share your information with our partners;
  • information about how we store your information; and
  • information about your rights.
Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purpose of data protection legislation (including the EU General Data Protection Regulation ('GDPR')), the data controller of your personal data is Vendsta.

When we refer in this policy to 'you', we are referring to a customer of our services, or a person visiting our website. We are not referring to your store's customers or the users our customers' stores. We refer to those people in this policy as 'Contacts'. We do not have any relationship with Contacts, and process information relating to them solely for the purposes of providing our service to our customers.

INFORMATION WE MAY COLLECT FROM YOU
We may collect and process the following data about you:

  • Information that you provide by filling in forms on our site vendsta.com (our site). This includes information provided at the time of registering to use our site, subscribing to our service or requesting further services. We may also ask you for information when you report a problem with our site.
  • If you contact us, we may keep a record of that correspondence.
  • We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
  • Details of your visits to our site including, but not limited to, traffic data, location data, weblogs, operating system, browser usage and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
  • When you connect your eBay account, after registering for our service, we will collect information about your account, including the username of it, the store url (if applicable), and all of your accounts's orders (within the last 90 days), customers, products, variations, messages.
  • With regard to each of your visits to our website, we will collect your IP address. This information is used for fraud and abuse detection.
  • Payment information: When using our paid service, you will be asked for financial details such as credit/debit card information. The processing of these payments is carried out by our payment processor, Stripe. We do not store any credit or debit card information on our servers. Stripe has been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1. (This is the most stringent level of certification available). Their security assurances and Privacy Policy are available on their website.

HOW WE USE YOUR PERSONAL INFORMATION
We use information held about you for the following purposes:

  • to provide you with information or services that you request from us, including responding to any requests for assistance with the service;
  • to send you newsletters about our service and notify you about any changes to the service;
  • to carry out our obligations arising from any contracts entered into between you and us;
  • to administer our site and for internal operations, including troubleshooting;
  • to help optimise and develop our service, for example through statistical analysis and research on your use of our service;
  • as part of our efforts to keep our website safe and secure and to monitor actual or suspected fraudulent activity;

IP ADDRESSES AND COOKIES
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual and we will not collect personal information in this way.
We may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service. They enable us:

  • To estimate our audience size and usage pattern.
  • To store information about your preferences, and so allow us to customise our site according to your individual interests.
  • To speed up your searches.
  • To recognise you when you return to our site.
You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our site.

WHERE WE STORE YOUR PERSONAL DATA
The data that we collect from you is stored on our secure servers in the United Kingdom by our hosting provider Vultr. All the personal data we collect from you may be processed by our staff or those of our service providers:

  • Vultr (Servers)
  • Stripe (Payment)
  • Zoho (Email)
  • Chatra (Live Chat)
  • Google Analytics (Reporting)
  • Facebook Advertising
  • Google Advertising
Such staff maybe engaged in, among other things, the fulfillment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

YOUR EBAY DATA
When you import and connect your eBay account to Vendsta, we collect your eBay accounts data, including:

  • Orders
  • Products
  • Variations
  • Customers
  • Messages
This data is stored in the United Kingdom on the secure servers of Vultr. We don't, under any circumstances, sell or share your store data. Only you, and our authorised employees, have access to view your eBay account data, and we will only do so when assisting you with a support query or fixing a problem with our service. You may export (download) your eBay account data from Vendsta at any time, by exporting data through the Vendsta app, or contacting us directly. We will never use or disclose the information of your contacts to send our own informational and promotional content.

SECURITY
All information you provide to us is stored on our secure servers. Any payment transactions will be carried out by Stripe over encrypted connections using SSL technology. Where we have given you (or where you have chosen) a password or API key which enables you to access certain parts of our site, or you have invited team members to access parts of our site, you are responsible for keeping this password or API key confidential. We take security very seriously, and 'privacy by design' is baked into our engineering and product development principles but as with any online service, despite our use of leading security tools and techniques, the personal data we hold about you can never be 100% immune from unauthorised access.

DISCLOSURE OF YOUR INFORMATION
With the exception of user obligations arising from existing relationships with eBay and use of eBay services that may result in shared user information, although Vendsta makes every effort to preserve user privacy, Vendsta may need to disclose personal information when required by law wherWho Is This Policy Addressed To?ein Vendsta has a good-faith belief that such action is necessary to comply with a current judicial proceeding, a court order or legal process served on the Websites.
If Vendsta is acquired by a third party we may disclose information the that relevant third party.

RETENTION OF YOUR PERSONAL INFORMATION
The periods for which we keep your information depend on why your information was collected and what we use it for. We will not keep your personal information for longer than necessary for our business purposes or for legal requirements.
Your account's data will be deleted automatically within 3 months of you ceasing to use our services (no active trial and no active subscription). Your personal user account will only be deleted if you request us to delete it or do not login for 5 years.

LEGAL BASIS FOR PROCESSING
We are required to state the legal basis on which we undertake processing of your personal information. We will only use your information where:

  • We have your consent to do so; or
  • We need to process the personal information to perform services for you under our terms and conditions of service.
  • We have a legitimate interest in engaging in the provision of our Vendsta service and in offering products and services of value to you.
Any consent you provide may be withdrawn at any time by emailing us.

YOUR RIGHTS
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

You have the right to request access to personal data that we may process about you.

You have the right to require us to correct any inaccuracies in your data, free of charge. If you wish to exercise this right, you should:

  • put your request in an email to us;
  • provide us with enough information to identify you (e.g. username or email address); and
  • verify that you are the party that you're requesting the data of; and
  • specify the information that is incorrect and what it should be replaced with.
You can access, correct, update or request deletion of your personal information at any time, either through your online account or by contacting us.

Deletion of data will be carried out on the understanding that removal of some information (e.g. email address) during an active membership term may negatively affect your ability to use the Vendsta service.

We cannot delete any invoices, as these are kept for tax purposes.

You can request that we restrict processing of your personal information, object to processing of your information or request portability of your personal information. For these requests please contact us. We will comply with your request where your rights have been exercised in accordance with applicable laws.

If we have collected and processed your personal information with your consent, then you can withdraw that consent at any time. To be clear, we may still continue to process your data if we have a different legal basis for doing so (for example, if we are required by law to do so, or we need to do so for the purposes of fulfilling our obligations to you under our terms and conditions of service).

You also have the right to ask us to stop processing your personal data for direct marketing purposes. You can do this via email. If you wish to exercise this right via email, you should:
  • put your request in writing (an email with a header that says 'Unsubscribe' is acceptable);
  • provide us with enough information to identify you (e.g email address); and
  • verify that you are the party that you're requesting the data of; and
  • if your objection is not to direct marketing in general, but to direct marketing by a particular channel (e.g., email or telephone), please specify the channel you are objecting to.

CHANGES TO OUR PRIVACY POLICY
Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. However, we advise that you check this page regularly to keep up to date with any necessary changes.

COMPLAINTS
If you have any questions or comments regarding our use of your data, please contact us by email. If you make a complaint to us and think we have not dealt with it to your satisfaction, you may send your complaint to the Information Commissioner for investigation. For more information on the Information Commissioner, and how to make a complaint, please visit their website.

VENDSTA'S DATA PROTECTION OFFICER
Vendsta has a Data Protection Officer who is responsible for matters relating to privacy and data protection. This Data Protection Officer can be reached at the following email address: [email protected]

YOUR ACCEPTANCE OF THESE TERMS
By using this Site, you signify your acceptance of this policy and terms of service. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.

CONTACT
Questions, comments and requests regarding this privacy policy are welcomed and you should simply contact us to do so.