Privacy Policy

This Privacy Policy describes how SITE.XYZ Ireland Limited ("XYZ," "we," "us," "our") collects, uses, discloses, and protects personal data through its digital commerce Platforms - Website Builder, eCom Pages, and Custom Checkout (each a "Platform", collectively the "Platforms"). By using any of the Platforms, you consent to the collection and processing described here.

1. Introduction & Scope

  • This Policy applies to all data collected via our Platforms, websites, APIs, and associated services.
  • It covers both merchant (you) data and customer data (when your customers use Website Builder / eCom Pages / Custom Checkout).
  • Where there are platform-specific differences (e.g. payment processing in Custom Checkout), this Policy will note them.

2. Consent

By registering with, using, or accessing our Platforms, you consent to the processing of your personal data as outlined in this Policy. You may withdraw consent where appropriate, subject to legal or contractual constraints.

3. Information We Collect

  • Merchant / User Data
  • Contact info: name, business name, email, phone, address
  • Account credentials, login metadata, IP address, device/usage data
  • Merchant content: logos, product data, media (images, descriptions, etc.)
  • Customer / Transaction Data
  • Customer name, shipping & billing address, email
  • Order details (products, quantities, timestamps)
  • Payment metadata (transaction ID, method). Note: card data is handled by third-party processors (such as Global Payments, Stripe, etc.)
  • Metadata: IP, device info, geolocation, logs
  • Usage, Analytics & System Data
  • Platform usage logs, error reports, performance metrics
  • Cookies, web beacons, analytics identifiers

4. Purpose & Legal Bases for Processing

We process personal data for purposes including:

  • Providing, operating, and improving our Platforms
  • Account management, authentication, and support
  • Facilitating transactions via Custom Checkout (through third parties)
  • Sending communications: support, billing, updates, notifications
  • Analyzing usage, preventing fraud, improving security
  • Compliance with legal / tax / regulatory obligations
  • Where applicable, with your consent, marketing and promotions

Legal bases include: contract performance, legitimate interests (e.g., service improvement, fraud prevention), compliance with legal obligations, and consent.

5. Cookies & Web Beacons

We use cookies and similar technologies (e.g. pixels, web beacons) to:

  • Remember your preferences and settings
  • Improve usability and optimize your experience
  • Track usage, page visits, feature interactions
  • Support analytics, metrics, and security operations

You can manage or disable cookies through your browser, though disabling may impair Platform functionality.

6. DoubleClick DART Cookie

We may allow third-party ad networks, including Google, to set DART cookies to serve targeted ads based on your visits to XYZ and other sites.

You may opt out by visiting Google's ad settings or their privacy pages: https://policies.google.com/technologies/ads

We do not control third-party cookies - their usage and policies are subject to their own terms.

7. Data Processing & Hosting

  • All data is hosted in Europe using Amazon Web Services (AWS) infrastructure.
  • We use encryption (SSL/TLS in transit, encryption at rest) and access controls to protect data.
  • Only authorized personnel and sub-processors (under contract) may access data, with confidentiality obligations.

8. Payment & Sensitive Data

  • We are PCI SAQ-A Level 1 compliant: we do not store, process, or transmit raw payment card data.
  • All payment card data is handled entirely by third-party payment providers (e.g. Stripe, Global Payments).
  • XYZ only handles transaction metadata (not the raw card numbers).

9. GDPR & Data Protection Rights

You have rights under GDPR (where applicable):

  • Access: request a copy of your personal data
  • Rectification: correct inaccurate or incomplete data
  • Erasure: request deletion under certain conditions
  • Restriction: limit processing under certain conditions
  • Objection: object to processing based on legitimate interests
  • Portability: request your data in a portable format

We will respond to valid requests within one month, unless extension is needed (we'll inform you). To exercise rights, contact us via Section 17.

10. Children's Information

We do not knowingly collect personal information from children under 13.
If we become aware of such data, we will promptly delete it.
If you believe a child has provided information, contact us and we will act to remove it.

11. Disclosures & Third-Party Sharing

We may share data with:

  • Service providers & sub-processors (hosting, analytics, email, support tools)
  • Third-party integrations you enable (CRMs, marketing platforms)
  • Payment processors (for payment transactions)
  • Legal & compliance authorities, as required
  • In case of corporate transactions (mergers/acquisitions) under proper safeguards

All third parties must commit to protecting data and limiting usage to specified purposes.

12. Retention & Deletion

  • Merchant data retained for duration of account activity and as required by law
  • Customer / transactional data retained for tax, accounting, or support purposes
  • You may request deletion or closure; we will comply subject to legal or operational constraints

13. Merchant Modifications & Risk

You may include custom HTML, JavaScript, CSS, or external scripts in your site or checkout. Any errors, vulnerabilities, security issues, or damages arising from such custom modifications are your responsibility. We disclaim liability for harm caused by merchant modifications.

14. Security Measures & Breach Notification

  • We use industry-standard safeguards (firewalls, encryption, access controls)
  • We monitor systems for malicious activity or intrusions
  • In the event of a data breach, we will notify affected parties and relevant supervisory authorities in line with GDPR and applicable law

15. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated by email or via Platform notification.

Continued use following updates constitutes acceptance.

16. Governing Law & Jurisdiction

This Policy is governed by Irish law.
Disputes are subject to the exclusive jurisdiction of the courts of Dublin, Ireland.

17. Contact / Data Controller

If you have questions, requests, or wish to exercise data rights, contact us:

We act as the data controller for the data collected under this Policy.

Thanks,
XYZ Team

© 2025 XYZ