Cleverific

Friday, August 7, 2020

Commonly asked questions about GDPR

Cleverific Team
Shopify security
Commonly asked questions about GDPR

Commonly asked questions about GDPR

At Cleverific, we value your privacy and took our preparation for theEU General Data Protection Regulation(GDPR)very seriously. If you are looking for more details about GDPR compliance for Edit Order, here’s a list of some great questions asked by our Shopify merchants:

Do you have a data protection officer?

Cleverific is not required to appoint a DPO under the GDPR. The reasoning is because (1) we don’t fall under the classification of a public authority or body, (2) our core processing activities do not require regular and systematic monitoring of individuals on a large scale, and (3) we don’t process a large scale volume of personal data and have a very short duration and permanence of the core processing activity.

Although we have not voluntarily appointed a DPO and are not required to do so, our co-founder and CTO of Cleverific, Inc, Andrew Le, ensures that our data security and privacy practices meet the highest standard possible for the protection of personal data for our merchants and their customers and maintain our company’s compliance with GDPR. These responsibilities have many overlaps with a DPO as defined by the GDPR.

How do you use the customer data you collect? Specifically customer names, e-mail addresses, phone numbers, physical addresses, geolocations, IP addresses, browser user agents, blog commenter e-mail addresses, IP addresses, and browser user agents.

We only use the above information as necessary per your request to create, edit, and otherwise manage orders in the Shopify platform and to provide platform tools in Edit Order for your convenience when using the product (such as searching for customers or products).

Do you have any subprocessors for data? If so, what are they and what data do they process? Can you clarify on the Third Party Service providers?

At Cleverific, we use Third Party Service Providers for critical parts of Edit Order’s infrastructure, which runs in the cloud. These providers include Amazon Web Services, cloud database vendors, and server monitoring software. As part of our GDPR process, we performed aData Protection Impact Assessmentto ensure that any and all vendors or Third Party Service Providers who we use will also be GDPR compliant and be able to assist us in responding to any merchant or customers’ request when exercising their rights with regard to their personal data. We can provide you with a complete list of our vendors and Third Party Service Providers at your request.

When there is a change in data processing that has a high risk to an individual’s privacy rights, do you have a Data Protection Impact Assessment process in place?

Yes, it is now part of our product development process to carry out a DPIA before any new feature enters development. If there is any change in risk to an individual’s privacy rights, we will disclose the risk and the nature of the risk upon release of the feature and require opt-in acknowledgement from the merchant to use it.

Do you only process our customer data when asked by us, the controller?

Yes, we only process your customer data upon your request, at the time of your request and possibly at a later time depending on the nature of your request. Your personal data and your customers’ personal data is never sold and is never disclosed to third parties for any purpose other than to fulfill your specific request and for activities involved with improving our service.

In the DPA, it mentions that you will delete data if requested. If customer data is deleted on Shopify, is it then in turn automatically deleted on Edit Order?

Edit Order has full support for the erasure request process as described by Shopify here:Processing GDPR Data Requests on Shopify. When you issue this request through the Shopify Admin on behalf of a customer, we will automatically receive the notification and will begin processing it accordingly as quickly as possible.

What is your breach reporting policy?

Please see our DPA (GDPR Contractual Terms, Section 7) for our full explanation ofour breach reporting policy

Where can I find Cleverific’s DPA?You can find ithere

If you have any additional questions regarding GDPR pleaseemail us.

Back to blog

Recent posts

Photo by <a href="https://unsplash.com/@sasun1990?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Sasun Bughdaryan</a> on <a href="https://unsplash.com/photos/a-computer-keyboard-with-a-padlock-on-top-of-it-2T4l02ZYj-k?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Unsplash</a>
Monday, March 9, 2026
Are the AI-built apps on your Shopify store secure? Why governance and SOC2 certification matter now more than ever
AI tools are making it faster than ever to ship Shopify apps. Here's why that makes governance and SOC2 Type II certification more important than ever, and what to look for before you install.
Cleverific post-purchase revenue journey
Monday, March 2, 2026
Introducing the Cleverific PRO platform: post-purchase revenue optimization for Shopify
Most Shopify brands ignore the window between checkout and fulfillment. Here's how Cleverific PRO turns it into 15-40% more revenue from orders you've already won.
Checklist for evaluating Shopify order editing apps in 2026
Friday, February 20, 2026
How to choose a Shopify order editing app in 2026
Not all Shopify order editing apps are built the same. Here is what to actually evaluate before you install: security, architecture, support, and whether the app relies on Shopify Flow to power its own features.

PRO platform

Ready to optimize your
post-purchase revenue?

Get a personalized PRO audit and discover how to capture more revenue after checkout.

Schedule a demo