Shoplyst

Privacy Policy

SHOPLYST LIMITED

Address: 14 Fox Street, Gillingham, England, ME7 1HQ
Email: [email protected]
Effective Date: 25 May 2025

Introduction

SHOPLYST LIMITED ("we," "our," or "us") operates the website https://shoplyst.store ("Site") and is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect personal data in accordance with the UK GDPR and the UK Data Protection Act 2018.

By using our website or services, you agree to the terms of this policy. If you have any questions, you may contact us at: 14 Fox Street, Gillingham, England, ME7 1HQ or by email: [email protected].

1. What data we collect

When you use our website or services, we may collect and process various types of personal data about you, including:

1.1 Identification and contact information
During interaction with our website, when placing orders or contacting us, we may collect the following identification and contact information about you:
  • Full name — used for personalized service, order processing, invoicing, and support.
  • Email address — required for order confirmation, sending digital products, service communication, and (with your consent) newsletters and promotions.
  • Phone number — may be used to contact you regarding orders or support (if provided).
  • Residential/delivery address (if applicable) — may be requested for physical goods, tax reporting, or specifying country for tax calculation.
  • Date of birth — may be requested solely to verify age under legal requirements (e.g., age restrictions).
  • Country and city of residence — used to determine applicable taxes, delivery terms (if any), and personalize offers.
  • Company name (if applicable) — if ordering on behalf of a legal entity.
  • Messenger or social media identifiers (e.g., Telegram, Instagram) — only if you voluntarily provide these when contacting support.
We collect this data:
  • when you place an order;
  • when you subscribe to our mailing list;
  • when you contact support;
  • when participating in promotions, webinars, or other activities on the site.

All data is provided voluntarily, and you have the right not to provide any information. However, this may affect your ability to use our products or receive support.

1.2 Payment information

When you make a purchase on our site, we collect and process certain payment-related information. Payment and billing information: data necessary to process your payments via Stripe, including masked credit/debit card data and billing address. This information is securely processed by Stripe and is not stored on our servers.

This information includes:
  • Transaction ID — a unique code related to your payment.
  • Payment amount and currency — for proper order processing and accounting.
  • Payment date and time — to confirm purchase and for internal records.
  • Payment method — e.g., bank card, Apple Pay, etc.
  • Transaction status — successful, failed, canceled, refunded, etc.
  • Payment provider information — to understand through which payment platform you completed the payment.

2. Processing security

We do not store or process full details of your bank cards, including:
  • Full card numbers;
  • CVV/CVC codes (three digits on the back of the card);
  • Personal payment details allowing transactions on your behalf.

All payments are processed exclusively through Stripe — one of the most reliable and certified payment providers globally, compliant with PCI DSS Level 1 security standards.

Stripe may process the following data (in encrypted and protected form):
  • Last 4 digits of your card;
  • Card type (Visa, MasterCard, etc.);
  • Expiry date;
  • Issuing country.
Why we process payment information:
  • To confirm payment and complete order processing;
  • To ensure access to digital products;
  • To handle refund and support issues;
  • For tax and accounting reporting.
Who else can see this information:

Our staff do not have access to your card data and cannot perform transactions on your behalf. We may use anonymized transaction data for analytics (e.g., how many orders were paid via Stripe in a month).

3. Details of purchase history

We collect and process information about your purchases to ensure proper functioning of our service and improve the quality of services provided.

Specifically, we may collect the following data:
  • Name of the purchased product — the name of the template, guide, checklist, digital package, or other digital goods.
  • Date and time of purchase — allows us to generate reports, confirm transactions, and resolve disputes.
  • Purchase price — including applied discounts, promo codes, and currency.
  • Payment method — we may see if PayPal, bank card, Apple Pay, etc., was used (but do not store full bank card details).
  • Transaction status — successful, declined, refunded, or canceled purchase.
  • Order number and/or transaction ID — for internal accounting and support.
  • Downloaded files — information about which digital products were downloaded after payment.
  • Quantity purchased — if multiple copies of a product can be bought.
  • History of refunds and inquiries — if you requested a refund or contacted support regarding a specific purchase.
This information helps us:
  • Provide access to previously purchased products;
  • Improve digital products and user experience;
  • Offer personalized recommendations (only with your consent);
  • Maintain service security and prevent fraud;
  • Conduct proper accounting and tax records.

We do not use purchase history for automated decision-making, including profiling, without your separate consent.

4. Technical Data

When you visit and use our website, we automatically collect certain technical information necessary for the proper functioning of the site, performance analysis, and security. These data are collected using cookies, server logs, and third-party analytics tools (e.g., Google Analytics, etc.).

Which technical data we may collect:
  • Device IP address — used to determine geolocation, prevent fraud, restrict access (e.g., due to legal country restrictions).
  • Browser type and version — helps adapt site display for your device and screen resolution.
  • Operating system and device type — allows us to optimize interface and performance.
  • URL referrer — helps understand where the traffic comes from (e.g., search engines or social networks).
  • Visit time and session duration — used for engagement and usability analysis.
  • Viewed pages and site actions — e.g., which pages were opened, which buttons were clicked.
  • Browser language and time zone — enable interface adjustment and price/date display.
  • Cookie and session identifiers — allow recognizing users on repeat visits, saving login, preferences, and cart.
Why we use this data:
  • To ensure stable and secure site operation;
  • To protect against DDoS attacks and other threats;
  • To analyze user behavior and improve user experience;
  • To personalize content (e.g., displaying the site in the appropriate language);
  • To evaluate marketing campaign effectiveness.
Processing and storage:
  • These data may be temporarily stored in server logs;
  • For analytics, we use anonymized data that do not directly identify users;
  • Data may be processed via third-party services (e.g., Google Analytics), which have their own privacy policies and comply with international requirements (including GDPR).

We use both essential cookies (for site functionality) and analytics cookies (for statistics and analysis). Users can manage cookie settings in their browser or via the consent banner at first site visit.

5. Usage Data

When you interact with our website or services, we automatically collect data reflecting how you use the site and services, including page views, click paths, and interactions. These data help us better understand user behavior, improve site structure and content, and personalize your experience.

Which usage data we may collect:
  • Viewed pages and sections — which pages you visited, how long you stayed, in what order you navigated;
  • Time spent on the site — total time, average session duration, activity time on each page;
  • Repeat visits — how often you return, behavior changes on subsequent visits;
  • Clicks and interactions — which buttons, links, forms you clicked;
  • Site preferences — e.g., selected language, sorting or filters applied on pages;
  • Account actions data — login, logout, profile changes, file uploads, etc.;
  • Errors and crashes — if an error or crash occurs, we may collect information to fix issues;
  • Order and activity history — if you place orders, download digital products, subscribe to newsletters.
Why we use usage data:
  • To improve site usability and functionality;
  • To optimize and develop new features;
  • To personalize content and recommendations;
  • To analyze marketing and advertising effectiveness;
  • To ensure security and prevent fraud.

We process these data in compliance with data protection laws, taking into account your rights and preferences.

6. How We Use Your Information

6.1 For providing and improving our products and services:

We use identification, contact, and reservation data to process and fulfill your orders, including delivering digital products, granting access to purchased materials, providing technical support, and responding to your inquiries. We personalize the interface and user experience on the site, improve site quality and structure based on user behavior analysis.

6.2 For payment processing:

Your payment information is used to collect fees for our services and bookings. Payments are processed via Stripe, which uses your data solely for payment processing and fraud prevention.

6.3 For administrative, accounting, and legal purposes:

We use data for internal record-keeping, ensuring compliance with terms, resolving disputes, protecting rights, and fulfilling tax and legal obligations.

6.4 For marketing and communication (only with your consent):

With your consent, we send newsletters, promotional offers, news, and recommendations. You can withdraw consent and unsubscribe at any time. We use data to analyze campaign effectiveness and improve content.

6.5 For analytics and statistics:

We collect technical and user data (often via cookies) to analyze site usage, improve user experience, and conduct A/B tests.

6.6 For compliance with legal obligations:

We respond to lawful requests from authorities, document consents and opt-outs according to UK GDPR and other regulations.

6.7 Based on your actions and consents:

We use data only for purposes you consented to. You can change or withdraw consent at any time without affecting the lawfulness of prior processing.

6.8 Legal grounds for processing:

Main grounds include contract performance, compliance with legal obligations, legitimate interests of the company, and user consent (e.g., for marketing).

7. Disclosure of Your Information (Third-Party Sharing)

7.1 Third-party service providers:

We share data with hosting providers, analytics systems, payment processors (Stripe, PayPal), mailing services, and IT support contractors. These parties process data on our behalf under contractual obligations.

7.2 Legal obligations and requirements:

We disclose information as required by law, court orders, or government requests, as well as to protect rights and safety of users and staff.

7.3 Transfers in business transactions:

In mergers, acquisitions, or reorganizations, personal data may be transferred to a new owner in compliance with law.

7.4 With your consent:

In other cases, transfer occurs only after your explicit consent.

8. International Data Transfers

8.1 General information:

SHOPLYST LIMITED is based in the UK but may transfer personal data abroad, for example, using cloud services, payment systems, and analytics tools located in other countries.

8.2 Protection measures:

Data transfers occur only when adequate protection is in place or using standard contractual clauses, risk assessments, and technical security measures such as encryption.

8.3 Countries with adequate protection:

Transfers to countries recognized by the UK or European Commission as providing adequate data protection do not require additional safeguards.

8.4 Transfers to other countries:

For countries without adequate protection, additional security measures apply, including standard contractual clauses, risk assessment, and technical protections.

8.5 Examples of providers outside the EEA/UK:

Cloud platforms (Amazon Web Services, Google Cloud, Microsoft Azure), marketing and analytics tools (Google Analytics, Meta/Facebook Business Tools), payment processors (Stripe, PayPal), which may be registered in the USA or other jurisdictions.

8.6 Security guarantees:

We ensure compliance with data protection laws and take all reasonable steps to secure personal data.

9. Data Retention

We store your personal data only for as long as necessary to achieve the purposes for which it was collected, including any legal, accounting, or reporting requirements:

  • Account data: stored as long as you actively use our service. Upon account deletion, your data will be deleted or anonymized within 30 days, except where longer retention is required by law.
  • Order and transaction data: stored for 6 years after the end of the financial year in which the transaction occurred, in accordance with UK tax and accounting laws.
  • Communications and support requests: stored up to 3 years from the last interaction to provide evidence of interactions and maintain service quality.
  • Marketing preferences and consents: stored until consent is withdrawn, or up to 2 years from the last interaction (e.g., email opened or link clicked).
Data Deletion and Anonymization

When data is no longer needed for the stated purposes, we:

  • Delete it from our systems;
  • Or anonymize it so it can no longer be linked to an individual, and use it for statistical or analytical purposes.
Storage Security

We apply technical and organizational measures to prevent unauthorized access, loss, alteration, or disclosure of your data, including:

  • Storing data in encrypted form;
  • Restricting access to authorized personnel only;
  • Regular security checks and access process audits;
  • Using reliable cloud service providers compliant with international security standards (e.g., ISO/IEC 27001).
Your Rights

You have the right to request deletion of your data if:

  • The purpose of processing has been achieved;
  • You have withdrawn your consent (if processing was based on consent);
  • The processing was unlawful;
  • The data is no longer needed for legal obligations.
Data Backup

To ensure service resilience and prevent data loss, we regularly back up all data, including user data:

  • Backups are stored securely and accessible only to authorized technical staff;
  • Backups are kept for a limited time (usually no more than 90 days) and then automatically deleted;
  • When data is deleted or corrected in the main system, changes apply to backups at their next update;
  • We protect backups with encryption and physical server security.
Inactive Account Deletion

If you do not log into your account for an extended period, it may be considered inactive. In this case:

  • After 18 months of inactivity, we will send you an email notification asking to confirm account activity;
  • If no activity or response occurs within 30 days of the notification, we reserve the right to delete or anonymize your account and personal data;
  • This rule does not apply if otherwise required by law (e.g., transaction data must be retained longer).

Note that in certain circumstances (e.g., disputes, security incidents, or legal requirements) we may retain data longer. We may also keep minimal contact information if you opted out of marketing to avoid accidental future contact.

10. Your Rights under Data Protection Law

Under UK GDPR and other applicable personal data protection laws, you have several rights regarding your personal data. We respect these rights and enable their exercise.

  • Right of access: You may request confirmation whether we process your data, receive a copy of it, and get information on processing purposes, data categories, recipients, and retention periods.
  • Right to rectification: If data is inaccurate or incomplete, you may request correction without undue delay.
  • Right to erasure (“right to be forgotten”): You can request deletion if data is no longer necessary, consent withdrawn, processing unlawful, or required by law. Some data may be retained for legal obligations (e.g., tax).
  • Right to restriction of processing: You may temporarily suspend data processing, for example, while contesting accuracy.
  • Right to data portability: You may receive your data in a structured, machine-readable format and transfer it to another provider if processing is based on consent or contract and done automatically.
  • Right to object: You may object to processing based on legitimate interests or marketing; in the latter case marketing will stop.
  • Right to withdraw consent: You can withdraw consent at any time (e.g., unsubscribe). Withdrawal does not affect lawfulness of processing before withdrawal.
  • Rights related to automated decision-making: We generally do not use automated decisions or profiling. If this changes, you will be informed and may request human intervention.

To exercise your rights, contact us at [email protected] or by mail at: 14 Fox Street, Gillingham, England, ME7 1HQ. We may ask for identity verification. We aim to respond within one month.

Right to complain

If you believe your data is processed incorrectly, you may complain to the Information Commissioner’s Office (ICO):
Website: www.ico.org.uk
Phone: +44 303 123 1113

11. Cookies and Similar Technologies

Our site uses cookies and similar technologies to provide and improve services. Cookies help remember your preferences, analyze site usage, and personalize content.

  • Some cookies are essential for site functionality (e.g., shopping cart);
  • Others are analytical or marketing cookies.

To manage cookies, use our consent tool or browser settings. More details are in our Cookie Policy.

12. Data Security

We apply technical and organizational measures to protect data:

Technical measures:
  • Site and transaction encryption (SSL);
  • Use of PCI-DSS compliant payment processor (Stripe);
  • Access restriction within the company;
  • Regular security updates, antivirus, firewalls;
  • Reliable data storage with backups and encryption.
Organizational measures:
  • Access to data on a need-to-know basis;
  • Confidentiality agreements for employees and contractors;
  • Data protection training and system audits.
In case of incidents:

We promptly contain threats, notify regulators and affected individuals, investigate, and implement prevention measures.

User recommendations:
  • Use strong passwords;
  • Do not share access data;
  • Log out on shared devices;
  • Beware of suspicious emails and links.

While we strive for security, full guarantee is impossible.

13. Links to Other Sites

Our site may contain links to third-party resources (e.g., YouTube, payment systems, partner sites).

  • We do not control their content or privacy policies;
  • By following links, you agree to the third-party site policies;
  • We recommend reviewing their privacy and terms of use.

14. Contact Information

For questions or requests related to personal data processing:
SHOPLYST LIMITED
Registration Number: 16453362
Legal Address: 14 Fox Street, Gillingham, England, ME7 1HQ
Email: [email protected]

15. Privacy Policy Updates

We may update this policy periodically considering changes in law, technology, or our activities.

  • All changes take effect upon posting on the site;
  • For significant changes, we notify you (via site or email);
  • Continued use after updates means acceptance of the new policy.



Last updated: 25 May 2025