GDPR Compliance

Byte‑Apps takes data protection seriously and is committed to complying with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) where applicable. This section explains our responsibilities and your rights under GDPR.

1. Role as Controller / Processor

   
   

   • For the personal data we collect directly from users via our Services, Byte‑Apps acts as a data controller.

   • If we process data on behalf of a Shopify store or another entity, we may act as a processor under a separate data processing agreement.

   
   

2. Legal Basis for Processing

   We process personal data only when we have a legal basis, which may include:

   
   

   • Consent you have given.

   • Performance of a contract with you.

   • Compliance with legal obligation.

   • Legitimate interests, provided your rights do not override these.

   
   

3. Data Subject Rights

   Under GDPR, you have the following rights:

   
   

   • Right to access your data.

   • Right to rectification.

   • Right to erasure (“right to be forgotten”) in certain circumstances.

   • Right to restrict processing.

   • Right to data portability.

   • Right to object.

   • Right not to be subject to automated decision‑making or profiling (if applicable).

   
   

4. Consent

   
   

   • Where required by law, we obtain explicit consent before collecting or processing personal data for certain purposes (e.g. marketing, non‑essential cookies).

   • You have the right to withdraw consent at any time, without affecting the lawfulness of prior processing.

   
   

5. Data Breach Notification

   
   

   • In the event of a personal data breach that is likely to result in risk to individuals, we will notify the relevant supervisory authority in the EU within 72 hours, and where required, notify affected data subjects without undue delay.

   
   

6. Data Transfers Outside the EU / EEA

   
   

   • If we transfer personal data outside the European Economic Area (EEA), we will ensure appropriate safeguards are in place (e.g. EU Standard Contractual Clauses, Binding Corporate Rules, or adequacy decisions).

   
   

7. Record Keeping and Accountability

   
   

   • We maintain records of processing activities, data protection impact assessments (where required), and maintain appropriate data protection policies and technical/organizational safeguards.