EU GreenPass ("the App") is a Shopify application developed and operated by idnovate.com, innovación y desarrollo, scp ("we", "us"). This policy explains what data the App processes, why, and the rights you and your customers have. We act as a data processor on behalf of the merchant (the Shopify store owner), who is the data controller for their store's data.
The App requests the minimum Shopify permissions it needs to function: read_products, read_locales. With these it processes store & installation data (your store's domain, shop name, locale, currency and the access token issued at install), product & compliance data (product titles, handles, IDs and the material, recycled-content, country-of-origin, repairability and packaging data you enter or import), and the CSV files you upload (stored so you can re-download them and review your import history).
The App does NOT collect, request, or store the personal data of your customers (shoppers). The storefront product passport displays only public, product-level environmental information. The App does not use cookies for tracking and does not build customer profiles.
Data is used solely to provide the App's features: generating EU eco-compliance data (France Triman and repairability index, Germany LUCID/VerpackG, Spain plastics tax), producing the Digital Product Passport and public certificates, and bulk-importing product compliance data. We do not sell your data or use it for advertising.
We share data only with infrastructure providers strictly necessary to run the App (hosting and the Shopify platform itself). We do not share data with third parties for marketing.
We retain store and compliance data for as long as the App is installed. When you uninstall the App, or via Shopify's mandatory GDPR webhooks, we delete the associated store data. We honour the following Shopify compliance webhooks: customers/data_request, customers/redact, shop/redact. Imported CSV history is automatically pruned to the most recent imports and removed when the store is redacted or uninstalls.
Access tokens and store data are stored on access-controlled servers and transmitted over HTTPS. Access is limited to what is required to operate and support the App.
If you are in the EU/EEA you have the right to access, rectify, erase, restrict or port your personal data, and to object to its processing. Merchants can exercise these rights, and request data on behalf of their customers, by contacting us or via Shopify's data-request tooling.
We may update this policy from time to time. Material changes will be reflected by the "Last updated" date above.
For privacy questions or data requests, contact idnovate.com, innovación y desarrollo, scp at privacy@idnovate.com.