Zotabox Privacy Policy for Merchants

Basic Information

• When you install a Zotabox app/plugin or manually embed our code in your website footer a Zotabox account is automatically created using the email address associated with your website.
• You may update your email address at any time on your Zotabox account page.
• Your basic account information is not shared with anyone else and is used to create a unique Zotabox account to save and access your tool settings.

Email List

• Zotabox will send you important account, informational and promotional emails when you create a Zotabox account or install one of our apps on your website. You may unsubscribe from these emails at any time by clicking the link at the bottom of any email.
• Our email service, Mailchimp provide users web beacons (single pixel gifs) to track who opens our emails and helps with reporting. Web beacons allow Mailchimp to collect information about when emails are opened, IP address, browser or email client type, and other similar details.
• Some important emails such as ‘overlimit’ emails can NOT be unsubscribed from since we consider these important to the merchant (in cases where they are using Zotabox tools to promote an important promotion on their website and have reached their website visit limit for the current month). We hope you understand.

Cookies

• We follow Google’s recommendations for remarketing to our website visitors and merchants.
• We use cookies to show you ads about our tools and services. You may review Google’s privacy policy here or update your ad choices here.
• Please note, you may receive generic, non personal ads after opting out of personal ads from Zotabox.

Google Analytics

• Zotabox uses Google Analytics to gather non-personal data regarding website visits, conversions and app use. You may review their GDPR policy here.

Payments

• All payments for our premium plans are handled either directly through Shopify or Fast Spring our payment processor. Fast Spring is GDPR and PCI Compliant. Zotabox does NOT store or collect credit card information on our servers or have any access to this private information from our Merchants.

Merchant/Customer Privacy

• Zotabox as the ‘processor’ of basic customer data primarily forwards this data to the merchant when a website visitor enters their information via Zotabox tools on the merchant website, and stores the customer data (for a period of 90 days) for the merchant to download and use according to the conditions the customer agreed to when providing the data on their website.
• All non-basic customer personal data (such as custom fields on contact forms) is encrypted and not accessible by Zotabox with rare exceptions to fix bugs or recover lost data.
• Zotabox STRONGLY recommends NOT requesting and saving sensitive and financial information from customers using our contact form. We recommend merchants redirect customers to their secure payment page or submit private information directly through email.
• Zotabox never shares merchant’s customer data with any 3rd parties except when legally required to do so.
• Merchants may review our full GDPR Policy here.

Backups

• Zotabox continually backs up all customer and merchant data for 30 days to ensure reliable service and in case of damage or loss to our main server. If a request is made to remove data or delete an account, data on primary servers will immediately be removed but data on backups will remain for 30 days and then permanently and automatically deleted.

Passwords

• A password will be emailed to the merchant when you create a Zotabox account or download or install a Zotabox app or plugin on your website (to access your private Zotabox account directly at https://zotabox.com ).
  • These passwords are one-way encrypted and cannot be unencrypted by Zotabox. If a merchant forgets their password, they must ‘reset’ their password when attempting to login (Another secure password will then be sent to the email address associated with their Zotabox account)

Merchant Account Protection

• Merchant is required to protect their Zotabox account information and password and also protect the security of their websites admin to control access to their Zotabox account through any Zotabox app installed on their website.
  • Zotabox can not be held responsible for any data breaches that occur through access to a merchant Zotabox account directly at https://zotabox.com or through their website admin by use of private merchant passwords.
• Zotabox uses dedicated servers accessible only to Zotabox employees.
  • Zotabox employees are committed to the privacy and confidentiality of your data and will not access customer data or private Zotabox accounts unless it is for debugging or recovery purposes only.
  • Zotabox also does not share this data with other 3rd parties or use sub-processors.
• Zotabox does not use any sub-processors to process merchant data with the exception of our payment processor above. If Zotabox engages a sub-processor in the future to processor merchant data, Zotabox will ensure the sub-processor is also GDPR compliant.
• Zotabox shall at all times endeavor to provide an adequate level of protection for the Merchant Data processed, in accordance with the requirements of Data Protection Laws
• Appropriate technical and organisational measures have been taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
• Zotabox is always updating and reviewing our security safeguards and will update our security as new technology becomes available.

Customer Privacy Page

• Merchants may be required to list Zotabox as a processor of customer data (as per GDPR guidelines) and link to Zotabox’s privacy policy for website visitors or email subscribers on their privacy page.

GDPR Compliance

• Zotabox has less than 250 employees but we strive to provide as much information as possible regarding our GDPR compliance. You may review our GDPR policy here.

Transfer of Data

• If Zotabox is acquired by or merged with another company we’ll notify you well before any info about you is transferred and becomes subject to a different privacy policy.

To Delete Zotabox Account

• You may delete your Zotabox account on your account page – https://zotabox.com/customer/account/. This will remove ALL Zotabox settings and personal and customer information permanently from our servers.
  • You may also remove our app or embed code from your website admin (or website footer) to remove ALL Zotabox code from your website.
• Zotabox will automatically delete Merchant accounts with no website traffic or logins to their Zotabox account for 6 consecutive months. Merchants in this case would need to create a new Zotabox account.
• Any payment information will be kept on our payment processor servers in case of contract dispute or refund requests.