General Data Protection Regulation (GDPR)
The European Union's General Data Protection Regulation (GDPR) imposes obligations and responsibilities with respect to personal data for businesses located in or offering goods or services to individuals in the European Economic Area, and Switzerland and the United Kingdom have adopted equivalent laws for UK and Swiss businesses and residents. By using Shopify, there are tools and information that you can use to help you to analyze your business practices and help ensure that you comply with your GDPR obligations. Using services offered by Shopify alone doesn't guarantee that you comply with GDPR.
You're generally the controller of your customers’ data. This means that you choose how your customers’ data is handled. If you make goods and services available to individuals in Europe, even if you or your business aren't located in Europe, then GDPR might apply to your business.
When Shopify acts as a processor for your customers' data, Shopify follows your instructions on how to handle that data. In addition, if you have enabled Shopify Network Intelligence and use Enhanced Services, then you agree that Shopify will process your customer data as a controller or business, as described in the Additional Services Terms and Appendix E of the Data Processing Addendum. For more information about how Shopify processes your customer data, refer to the Data Processing Addendum.