Navigating your privacy and data protection requirements

As a Shopify merchant, it's essential to understand your obligations and ensure that you configure and use the Shopify platform in a way that complies with applicable privacy laws. Shopify provides a suite of effective tools and information to assist you in meeting these obligations.

Understanding your responsibilities

Shopify's commerce platform isn't a marketplace. Any contract of sale on your site is between you, the merchant, and your customer. This means that you're solely responsible for the creation and operation of your Shopify store, as well as all aspects of the transactions between you and your customers. These aspects include handling purchases, refunds, returns, fraudulent transactions, regulatory compliance, and adherence to local laws in your respective jurisdiction.

Assessing the impact of using Shopify's services

As a merchant, you have an independent obligation to assess the impact of using Shopify's services in a privacy and data protection context. To ensure compliance, we recommend the following steps:

• Read the applicable legal and data protection terms in your contract.
• Consider the information we provide on our privacy compliance.
• Review available security documentation.
• Use our extensive configuration options.
• Ensure our European Union (EU) hosting solution aligns to individual merchant’s needs.
• Read the material available on our subprocessors.
• Consider the overall risk concerning international transfers in their respective compliance documentation.

Remember, Shopify is committed to supporting you in your compliance journey by providing the tools and information you need to make informed decisions.

Available resources

The following resources can be used to find more information on Privacy and Security at Shopify:

• Shopify website
• Shopify Legal
• Shopify Security
• Shopify Compliance Reports
• Shopify Help Center home page
• Shopify Help Center Privacy and Security
• Shopify Help Center Compliance