Updated: May 16, 2023
Autopilot provides its Services to help its approved and contracted store-based clients (hereinafter “Store-based Clients”) to achieve the Purposes, as defined above. Autopilot, at the written direction and authorization of our Store-based Clients, may obtain certain information regarding Shoppers as they use and provide information to our Store-based Clients. No matter who provides us with personal information, however, our commitment to privacy remains strong.
We collect two types of information. Both types of information are required to provide the Autopilot Purposes that are offered via a Autopilot-enabled Store-based Client’s eCommerce platform, or through related channels (e.g. Emails, Messages, Advertising, etc.).
The first type of information is Personally-Identifying Information (“PII”). The other type of information is Non-Personally Identifying Information (“NPII”).
PII includes information that is uniquely associated with an identifiable Shopper, or that identifies a Shopper, and may specifically include age, gender, location, email address, phone number, and, in some cases, IP address.
NPII may include information that is collected directly from a Shopper, during a Shopper’s interaction with the site, or from information provided to a third-party, and which does not identify, or is not uniquely associated with, an identifiable Shopper. NPII includes, but is not limited to, a Store-based Client’s name and location, Store-based Client product and collections information, non-identifying order information, Store-based Client CRM/Loyalty programs, age range, association with a geographical or network area, Shoppers’ general interests as indicated by their interaction with an e-Commerce Platform (such as selections thereon), Shoppers’ shopping behavior, and Shoppers’ choices within Autopilot’s enabled e-Commerce Platforms. NPII may also include information that is non-personally identifying but was generated from PII, such as by aggregation with other PII or anonymization.
Granting us this permission not only allows us to provide our Products and Services as they exist today but also allows us to provide innovative features, products, software and services we may develop in the future that uses the information we receive about Shoppers in new ways.
Autopilot owns the databases and all rights to our applications and software. While Store-based Clients and Shoppers allow us to process the information we receive, such Store-based Clients and Shoppers using Autopilot enabled stores always own all of their own personally identifiable information.
The security of Shopper information is important to us. We implement reasonable security measures to protect the security of your information both online and offline, and we are committed to the protection of Shopper information. Only those individuals at Autopilot that have an obligation to maintain confidentiality may access Shopper PII.
When we handle Shopper information on the Internet we encrypt the transmission of that information using secure socket layer technology (“SSL”). Shopper information is pseudonymized and rendered as NPII. Autopilot has redundant and distributed systems, and other system measures, that provide for ongoing confidentiality, integrity, availability, and resilience. Our systems are routinely tested or assessed for their measures to ensure the security of Shopper Data.
However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect Shopper information, we cannot guarantee that unauthorized access, hacking, data loss or other breaches will never occur.
We will notify the Store-based Client, who is ultimately the data controller, from whom we obtain information in the event of unauthorized access or disclosure of such information. We will take reasonable administrative steps, by making it a condition of our Terms of service with them, to ensure that such Store-based Client takes steps to inform the affected Shopper to the extent that it is required under applicable law.
If you have any questions about how we strive to keep information secure, you can contact us at email@example.com.
We may transfer, store and process Shoppers’ information, both PII and NPII, to or on computers and servers located in the United States or Europe. Accordingly, such information may be subject to the laws of these relevant jurisdictions.
Autopilot’s technical infrastructure relies on data centers and cloud service providers that are located in the United States and in Europe on Amazon’s AWS and Google Cloud platform.
Google and Amazon appear on the Department of Commerce’s list of Privacy Shield certified entities and are certified under the EU-US Privacy Shield Framework since 2016. The European Commission adopted the EU-US Privacy Shield Framework on July 12th, 2016, replacing the International Safe Harbor Privacy Principles as the mechanism for allowing companies in the EU and the US to transfer personal data across the Atlantic in a manner compliant with the EU data protection requirements, as stated on PrivacyShield.gov.
There is no fixed period for storage of Shoppers’ PII. We will remove Shoppers’ PII upon any of the following:
The storage period for any NPII that does not relate to, or uniquely identify, a Shopper is indefinite.
Autopilot supports Shoppers’ rights in the following ways: