1. introduction

Status: 01. April 2025

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes and to what extent in the context of providing our application.

Endereco offers you an auto-complete function for address forms. This helps to recognise and avoid input errors in real time. In this way, we ensure that your ordered products can be delivered correctly and that your contact details are valid for important information about your order or any queries you may have.

The terms used are not gender-specific.

2. Collection and use of data

2.1 The endereco app collects and processes personal data solely for the purpose of providing and improving our services. We collect the following information:

• Information provided by the retailer: When installing the app, we gain access to certain data from your Shopify shop, including your name, email address, phone number and business address. We use this information to integrate the app with your shop and provide support services.
• Customer data: Our app processes address data of your customers to perform address tracking. This includes name, street, city, postcode and country. This processing is carried out exclusively to improve dispatch accuracy and efficiency.

2.2 Controller for data processing within the meaning of the General Data Protection Regulation (GDPR):

endereco UG (limited liability) - Company for Master Data Quality Management
Balthasar Neumann St. 4B
97236 Randersacker
E-mail: info@endereco.de
Tel.: +49(0) 931 - 663 98 39-0

Contact details of our data protection officers:

endereco UG (limited liability) - Company for Master Data Quality Management

Olena Schmitt
Balthasar Neumann St. 4B
97236 Randersacker
E-mail: datenschutz@endereco.de

2.3 We handle personal data in accordance with the principles of data avoidance and data minimisation. Personal data will only be processed until the respective purpose has been achieved or as long as this is required by law. As soon as the purpose no longer applies and/or a statutory retention obligation no longer applies, the processing of the data concerned is restricted and the data is then routinely deleted.

The legal basis for the collection and processing of your data is Art.6 para. 1 p. 1 lit. f DSGVO (a legitimate interest of endereco UG), unless Art. 6 para. 1 p. 1 lit. b or c DSGVO applies due to the initiation or execution of a contract or due to statutory retention obligations.

3. Application

By installing and using endereco Services, users agree to and are subject to this Privacy Policy.

By using and/or providing personal data to endereco, the user consents to the collection, use and disclosure of personal and non-personal data by endereco in accordance with this Privacy Policy.

If a user does not agree with the terms of this Privacy Policy, the user's only option is to stop using the endereco services.

4. Collection of personal data

endereco may collect personal and non-personal data from users. Personal data is information that can be used to personally identify users. Personal data may include a user's name, home address, e-mail address and other similar personal information.

4.1 Data processing via Shopify Stores

By installing and using the endereco app, placing an order or otherwise obtaining services, endereco gains access to the user's Shopify account. The user is informed that endereco may collect information about the user's Shopify online shops as well as data about orders, addresses and customers.

4.2 Non-personal data

endereco may collect non-personal data about users, such as the dates and times endereco was used. The non-personal data does not allow users to be identified and consists of anonymous data.

endereco may periodically conduct surveys in connection with endereco services. Participation in surveys is voluntary. Unless otherwise stated, all data collected in connection with completed surveys is anonymous and does not allow identification of the responding user.

5. Use and disclosure of personal data

endereco uses the personal and non-personal data collected to fulfil the purpose for which the data was collected. The use of personal and non-personal data by endereco is limited to the extent required by the legitimate business interests of endereco and in accordance with the requirements of applicable data protection laws.

5.1 Authentication Services

endereco may use the information derived from users' Shopify accounts for authentication purposes.

5.2 Execution of orders

endereco may use the information from the users' Shopify accounts to fulfil the requests submitted by the users and to provide the services. In particular, endereco may use the data from the users' Shopify shops to provide the services.

5.3 Communication and Support

The User acknowledges and agrees that endereco may use personal data to fulfil the purpose for which the User has provided such data. Accordingly, endereco may use the user's data to respond to enquiries, provide customer support and process claims relating to endereco services. In this sense, endereco may use users' data to inform them of updates to this privacy policy.

5.4 Marketing and promotional materials

endereco may send newsletters and other marketing materials to Users by email. Users have the option to unsubscribe or opt-out of newsletters or other marketing communications from endereco by following the instructions contained in the relevant emails.

5.5 Compliance with Law

endereco may disclose personal information if required to do so by law or to respond to a lawful request, such as a subpoena or court order. endereco may disclose such information to comply with a court order, legal obligation or applicable law.

endereco may use personal information to investigate violations or potential violations of endereco's policies, including, but not limited to, the Terms of Use.

endereco may use personal information for business and commercial purposes to the extent permitted by data protection laws such as the General Data Protection Regulation (GDPR) in the European Union.

In accordance with applicable legislation, endereco will not use additional categories of personal data for purposes beyond those specified in this Privacy Policy.

5.6 Third party providers

endereco may not sell, trade, rent or otherwise disclose personal data to third parties without the prior consent of users.

endereco reserves the right to disclose personal data to authorised third party service providers to enable them to perform tasks that endereco has assigned, delegated or subcontracted to them, including the processing of payments and the verification of customer information.

6. Protection of personal data

endereco has implemented solutions and measures to protect personal data from unauthorised access and disclosure. These precautionary solutions and measures are designed to protect and secure personal data from leaks and other breaches.

Accordingly, personal data may only be accessed by designated endereco employees and authorised third parties who have a legitimate need to know such information.

7. Rights of the data subject

The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, about which we inform you below:

• Right of access under Art. 15 DSGVO: In particular, you have a right of access to your personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right of rectification, erasure, restriction of processing, opposition to processing, complaint to a supervisory authority, the origin of your data if it has not been collected from you by us, the existence of automated decision making including profiling and, if applicable, meaningful information on the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed of the guarantees provided under Art. 46 DPA when your data is transferred to third countries;
• Right to rectification pursuant to Art. 16 GDPR: You have a right to immediate rectification of incorrect data concerning you and/or completion of your incomplete data stored by us;
• Right to deletion in accordance with Art. 17 DSGVO: You have the right to request the deletion of your personal data if the conditions of Art. 17 para. 1 DSGVO are met. However, this right does not exist in particular if the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
• Right to restriction of processing pursuant to Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is being verified, if you refuse to delete your data due to unauthorised data processing and instead request the restriction of the processing of your data, if you need your data for the assertion, exercise or defence of legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection for reasons of your particular situation, as long as it is not yet clear whether our legitimate reasons prevail;
• Right to information in accordance with Art. 19 GDPR: If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
• Right to data portability in accordance with Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller, insofar as this is technically feasible;
• Right to withdraw consent granted in accordance with Art. 7 para. 3 GDPR: You have the right to withdraw consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
• Right to lodge a complaint pursuant to Art. 77 GDPR: If you believe that the processing of personal data concerning you infringes the GDPR, you have the right - without prejudice to any other administrative or judicial remedy - to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

8. Duration of storage of personal data

The duration of the storage of personal data depends on the respective statutory retention periods (e.g. retention periods under commercial and tax law). After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for contract fulfilment or contract initiation and/or we have no legitimate interest in further storage. personal The retention of data is governed by the respective statutory retention periods (e.g. retention periods under commercial and tax law). After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for contract fulfillment or contract initiation and/or we no longer have a legitimate interest in further storage.

9. Updating this privacy policy

endereco may update this privacy policy at any time and at its own discretion and publish it on its website.

Any updates to this Privacy Policy will take effect on the date specified in the updated Privacy Policy or on the date on which users are notified of the updated Privacy Policy, whichever is earlier. It is the responsibility of users to regularly review this Privacy Policy to be aware of the changes that have been made.

The continued use from endereco Services Continued use of endereco Services following the posting of an updated Privacy Policy means that the user agrees and consents to the updated Privacy Policy.