1) Controller & contact
Controller: [Legal Entity], [Registered Address], [Country].
Email: privacy@newbrandwelcome.com (or hello@newbrandwelcome.com)
EU/EEA location: Germany. This policy is drafted for GDPR compliance.
2) What we do
NBW helps newly launched Shopify merchants with a 3-point checklist and curated tool recommendations. We monetize through affiliate programs.
3) Personal data we process
- Business contact data: name (if available), business email, store URL, country, category.
- Communication data: emails sent/received, opens/clicks, unsubscribes.
- Technical data: IP address, user-agent, basic server logs for security and delivery.
- Partner tracking: when you click an affiliate link, networks may assign a click ID to attribute referrals (see “Third-party recipients”).
4) How we collect it
- Directly from you (emailing us, requesting the checklist).
- Public sources (your store’s website, WHOIS where public, business directories).
- Email infrastructure and outreach tools (delivery, bounce, and complaint data).
5) Purposes & lawful bases
- Onboarding emails to relevant business contacts — Legitimate interests (GDPR Art. 6(1)(f)): to inform newly launched Shopify stores about practical setup steps. We balance interests by targeting only relevant stores, limiting frequency, and offering instant opt-out.
- Responding to your requests — Performance of a contract / steps prior (Art. 6(1)(b)).
- Affiliate attribution (click IDs, conversions) — Legitimate interests (Art. 6(1)(f)) for accurate partner reporting.
- Security, spam prevention, and abuse handling — Legitimate interests (Art. 6(1)(f)).
- Legal obligations (e.g., tax/audit) — Compliance (Art. 6(1)(c)).
6) Analytics & cookies
Our website uses a minimal, cookieless approach. We avoid setting tracking cookies where possible. If we introduce analytics or consent banners later, we will update this policy.
7) Email practices & your choices
- Every email includes a one-click unsubscribe; we suppress unsubscribed addresses across all domains.
- You can request deletion at any time (see “Your rights”).
- We keep outreach frequency modest (3–5 touches over ~28 days). No fake “Re:” threads.
8) Third-party recipients (processors & partners)
- Hosting: AWS Lightsail (EU/US regions) for site hosting.
- Email: Namecheap Private Email (mail hosting) and/or outreach platform (e.g., Instantly/Mailshake/Lemlist/Apollo) as processors for sending and tracking deliverability (opens, bounces).
- TLS/Certificates: Let’s Encrypt (certificate issuance). No personal data beyond server logs.
- Affiliate networks: PartnerStack, CJ, Awin, ShareASale, Rakuten, Skimlinks/Sovrn, or in-house partner portals. When you click a partner link, those networks may set their own identifiers to attribute sign-ups and pay commissions; see each partner’s privacy policy.
9) International transfers
Where processors or partners are outside the EEA/UK, we rely on adequacy decisions (e.g., EU-US Data Privacy Framework participation) or Standard Contractual Clauses. We assess risk and apply reasonable safeguards.
10) Retention
- Outreach contacts: up to 12 months from last activity, then we re-verify or delete.
- Unsubscribed/complaints: kept indefinitely on a suppression list to honor your choice.
- Partner reporting and invoices: retained per tax law (typically 6–10 years, jurisdiction-dependent).
11) Security
We apply reasonable technical and organizational measures: TLS, least-privilege access, 2FA on mailboxes, suppression lists, and periodic reviews. No method is 100% secure, but we work to reduce risk.
12) Your rights (GDPR)
- Access, rectification, erasure, restriction, objection to processing, and data portability.
- To object to outreach under legitimate interest, use the unsubscribe link or email us.
- You may lodge a complaint with your local supervisory authority. In Germany, see Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI).
13) Children
Our Service targets businesses; we do not knowingly process children’s data.
14) Changes
We may update this policy; changes will be posted here with an updated date.
15) Contact
privacy@newbrandwelcome.com • Postal: [Legal Entity], [Registered Address], [Country]