Effective Date

Last updated: October 1, 2021
This page addresses new data regulations that go into effect on May 25th 2018 and explains how API2Cart processes sensitive data to guarantee its customers greater security, transparency, and control over the personal data. Our company strives to provide API2Cart clients with a seamless experience and data security.
This GDPR Compliance policy (the “GDPR Compliance”) is the integral part of the Privacy Policy of API2Cart

1. What is GDPR?

1.1. The General Data Protection Regulation (GDPR) is a regulation within EU law that determines data protection and privacy protection of European Union citizens. GDPR directs the export of personal data outside the European Union as well. According to its terms, a person has to give freely given, specific, informed, and unambiguous consent for the information to be used by the company, otherwise using the personal data of a particular individual is considered illegal.
1.2. Because API2Cart deals with the personal data of EU citizens and since the proper treatment of personal data of all clients, regardless of their nationality, is the company’s primary goal, we have taken a set of measures to get compliant with EU data protection requirements and have made the treatment of sensitive data even more transparent.

2. Quick Summary of the Updates

2.1. API2Cart guarantees that every client or Site visitor has the right to:
  • Know what kind of information is collected by API2Cart and how it will be processed;
  • Inquire why and at what steps of cooperation the personal data is collected;
  • Agree or disagree on providing personal data during the very first interaction with the Site/Service;
  • Request correction, amendment or extraction of their personal data;
  • Ask to specify the ways the data provided is secured by API2Cart;
  • Withdraw the consent for personal data processing.
2.2. Thus, every client has the following rights due to GDPR: to be informed, to request access to, correct (rectify), amend, delete (erase), port to another service provider (if technically feasible), restrict data processing, or object to certain uses of their personal data. 
2.3. API2Cart does not use your personal data for automated decision-making. 
2.4. You may send a request relating to your personal data at email: dpo@api2cart.com and the Data Protection Officer will process your request and send you the report on the actions undertaken. 
2.5. Please note that if you send us a request relating to your personal data, we have to make sure that it is you before we can respond. In order to do so, we may ask to see documentation verifying your identity.

3. What Kind of Personal Data does API2Cart Collect with Your Consent?

3.1. For a Site visitor When you visit API2Cart Site, our server records the information being sent from your browser:
  • Web request (e.g. date, time, etc.);
  • IP address;
  • Browser type;
  • Browser language;
  • One or more cookies identifying the browser.
  Once a person visits API2Cart official Site we send a notification informing what data is being collected and give an opportunity either to agree or disagree with data processing. The data we receive at this stage are used to monitor and analyze Site visitor flow in Google Analytics.

3.2. For a person registering an account

When creating API2Cart account, you are asked to provide the following information:
  • Name;
  • E-mail address;
  • Password for the API2Cart account;
  • Phone number.
  The data collected will be used by the Service to identify the user and guarantee the security.

3.3. For a person performing shopping cart integration

Depending on the type of cart, API2Cart might request the following information:
  • Stores’ URLs;
  • Stores’ API credentials;
  • Type of Shopping Platform;
  • FTP access (used only to set up bridge).
  At every step API2Cart guarantees data protection against unauthorized access to or unauthorized alteration, disclosure or destruction of personal data.

4. How Long the Data is Being Saved

4.1. We retain personal data that you provide us as long as we consider it potentially useful in contacting you about the Service. 
4.2. If your Account is not active for a period of 90 days (no API calls, webhooks and log ins are made), we send you an email notification with information about the deletion and instructions on how to keep the Account active if desired.

5. Servers Location

5.1. Depending on the location of the shopping platform the integrations can be carried out by API2Cart on Hetzner servers located in Germany according to Hetzner Terms and Conditions or on Amazon Web Services (AWS) servers located in the United States of America or in any other country in which AWS maintains facilities according to AWS Customer Agreement.

6. What are Cookies and What Data is Collected

6.1. A computer “cookie” (HTTP cookie, a web cookie, browser cookie or Internet cookie) is a packet of data that a computer receives and sends back without changing. Once you visit any website, it sends cookies to your computer and the data gets saved in a file located inside the web browser. Cookies include information that help any website keep track of the visits and users activities.
6.2. If you visit API2Cart official Site via our Service we collect the following data:
  • User agent (your browser) information;
  • Email and account information;
  • IP address;
  • All forms submitted on our Site.
6.3. How to control cookies? 
  1. You may set up your web browser to refuse cookies, or to be warned when cookies are being sent. It should be taken into consideration that if you do so, some parts of the Site may not function properly. Most browsers allow you to control cookies through their settings, which may be adapted to reflect your consent to the use of cookies. To learn more about browser controls, please consult the documentation that your browser manufacturer provides.
  2.  If you would like to disable “third party” cookies you can turn them off by going to the third party’s website and getting them to generate a one time “no thanks” cookie that will stop any further cookies being written to your machine. We have no control over “third party” cookies. We suggest that you check the privacy policies (if any) of such third party websites for more information about their use of your information and/or how to opt out or delete such information. 
6.4. We use the following types of cookies:
  1.  Strictly necessary cookies. These are cookies that are required for the operation of our Site to enable you to move around our Site and use its features. They include, for example, cookies that enable you to log into secure areas of our Site. Without these cookies our Site does not work properly.
  2.  Analytical/performance cookies. These cookies allow us to recognize and count the number of visitors and to see how visitors move around our Site when they are using it. This helps us to improve the way our site works, for example, by ensuring that users are finding what they are looking for easily. We only use these cookies to improve how our Site works.
  3.  Functionality cookies. These are used to recognize you when you return to our Site and enable us to remember the choices you make when using our Site. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
  7. Why does API2Cart Collect Personal Data?
7.1. GDPR introduces relevant terms to provide online users with greater security, transparency, and control of their personal data — a principle we couldn't agree more with. Therefore, API2Cart is GDPR-friendly company and has implemented all the necessary changes to the ways customers’ information is collected. 
7.2. Here is why we collect customers personal data described in the previous section:
  1. To track the Site traffic and analyze the customers flow to provide the most relevant materials for Site audience;
  2. To perform accurate integration process;
  3. To improve customer journey and usability of API2Cart Site.

8. Key Aspects on Personal Data Deletion

8.1. API2Cart customers can submit a request on personal data deletion any time and being on any step of the integration process (either after registering an account, performing integration). At your consent, the personal data can be completely or partially deleted from the company’s database. Send an email to dpo@api2cart.com and the Data Protection Officer will process your request and send you the report on the actions undertaken.
8.2. Note, that the process of data extraction is irreversible. Thus, after the request has been fulfilled we won’t be able to restore your account.

9. Submit a Request on Personal Data Collected any Time

9.1. API2Cart customers have the right to submit any request on the personal data they submitted while interacting with the online shopping cart integration Service. Drop us a line and we’ll send you the report on your personal data that you’ve provided. Contact the Data Protection Officer at dpo@api2cart.com and get all the necessary information.

10. Changes

10.1 We reserve the right to modify this GDPR Compliance at any time and at our own discretion.
10.2 If we decide to change our GDPR Compliance, we will post those changes on this page. 
10.3 By using our Site and Services, you acknowledge and agree that it is your  responsibility to review this GDPR Compliance periodically and become aware of the possible modifications.

11. More Questions?

11.1. API2Cart Support Managers will be happy to provide you with any assistance regarding your personal details or give you comprehensive answers on the way your data are treated by our system.
11.2. If you have questions or suggestions regarding this GDPR Compliance, please contact us via manager@api2cart.com or dpo@api2cart.com.