General Data Protection Regulation (GDPR)
The European Union's General Data Protection Regulation (GDPR) imposes obligations and responsibilities with respect to personal data. By using Shopify, there are tools and information that you can use to help you to analyze your business practices and help ensure that you comply with your GDPR obligations. Using services offered by Shopify alone doesn't guarantee that you comply with GDPR.
You're generally the controller of your customers’ data. This means that you collect your customers’ data and choose how it's handled. If you make goods and services available in Europe, even if you or your business aren't located in Europe, then GDPR might apply to your business.
As a processor for your customers’ data, Shopify follows your instructions on how to handle that data. For information about Shopify’s obligations as a data processor for your customer data, refer to the Data Processing Addendum.