Our Relationship to Our Clients and Their Shoppers
Nilus provides its Services to help it's approved and contracted store-based clients (hereinafter “Store-based Clients”) to achieve the Purposes, as defined above.
Nilus, at the written direction and authorization of our Store-based Clients, may obtain certain information regarding Shoppers as they use and provide information to our Store-based Clients. No matter who provides us with personal information, however, our commitment to privacy remains strong.
How We Collect Shopper Information
The Types of Information We May Collect
We collect two types of information. Both types of information are required to provide the Nilus Purposes that are offered via a Nilus-enabled Store-based Client’s eCommerce platform, or through related channels (e.g. Emails, Messages, Advertising, etc.).
The first type of information is the Personally-Identifying Information (“PII”). The other type of information is Non-Personally Identifying Information (“NPII”).
PII includes information that is uniquely associated with an identifiable Shopper, or that identifies a Shopper, and may specifically include age, gender, location, email address, phone number, and, in some cases, IP address.
NPII may include information that is collected directly from a Shopper, during a Shopper’s interaction with the site, or from information provided to a third-party, and which does not identify, or is not uniquely associated with, an identifiable Shopper. NPII includes, but is not limited to, a Store-based Client’s name and location, Store-based Client product, and collections information, non-identifying order information, Store-based Client CRM/Loyalty programs, age range, association with a geographical or network area, Shoppers’ general interests as indicated by their interaction with an e-Commerce Platform (such as selections thereon), Shoppers’ shopping behavior, and Shoppers’ choices within Nilus enabled e-Commerce Platforms. NPII may also include information that is non-personally-identifying but was generated from PII, such as by aggregation with other PII or anonymization.
How We Use and Disclose Information
Performance of Services. We may use Shoppers’ PII and NPII to fulfill the Purposes. We may also use Shoppers’ NPII in connection with other services and features we provide to third-parties or other Store-based Clients. This includes by assessing information relating to, and historical patterns associated with, Shoppers, and/or profiles or categories of classes of Shoppers, such as by observing shopping choices and activities of Shoppers (or Shoppers fitting characteristics relating to such profiles or categories, but not necessarily any information relating to an identifiable Shopper). We may also process Shoppers’ data in association or combination with information relating to that Shopper, or information relating to Shoppers belonging to the same profile or category, from other Store-based Clients. We will also use this information to improve the quality of our Products and Services.
Performance of Services Associated With Third-Party Platforms:
1. Advertising Customization: In order to provide personalized advertising on Third-Party Platforms, Nilus pushes certain NPII information relating to a Shopper (e.g. non-personally-identifying shopping preferences profile information) to such Third-Party Platform which then selectively provides advertising. Except as provided below, none of a Shopper’s PII or NPII information is provided to Nilus from any Third-Party Platform.
2. Authentication: In some cases, Nilus uses authentication services provided by Third-Party Services to authenticate a Shopper with their Nilus data.
Third-Party Service Providers. Nilus may employ or engage other companies to perform tasks on our behalf and may need to share some of your information with them to provide products and services to you. Examples of this may include data storage and analysis. These third parties have access to information needed to perform their functions but may not use it for any other purpose.
Granting us this permission not only allows us to provide our Products and Services as they exist today but also allows us to provide innovative features, products, software, and services we may develop in the future that uses the information we receive about Shoppers in new ways.
Nilus owns the databases and all rights to our applications and software. While Store-based Clients and Shoppers allow us to process the information we receive, such Store-based Clients and Shoppers using Nilus enabled stores always own all of their own personally identifiable information.
How We Keep Your Information Secure
The security of Shopper information is important to us. We implement reasonable security measures to protect the security of your information both online and offline, and we are committed to the protection of Shopper information. Only those individuals at Nilus that have an obligation to maintain confidentiality may access Shopper PII.
When we handle Shopper information on the Internet we encrypt the transmission of that information using secure socket layer technology (“SSL”). Shopper information is pseudonymized and rendered as NPII. Nilus has redundant and distributed systems, and other system measures, that provide for ongoing confidentiality, integrity, availability, and resilience. Our systems are routinely tested or assessed for their measures to ensure the security of Shopper Data.
However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect Shopper information, we cannot guarantee that unauthorized access, hacking, data loss, or other breaches will never occur.
We will notify the Store-based Client, who is ultimately the data controller, from whom we obtain information in the event of unauthorized access or disclosure of such information. We will take reasonable administrative steps, by making it a condition of our terms of services with them, to ensure that such Store-based Client takes steps to inform the affected Shopper to the extent that it is required under applicable law.
If you have any questions about how we strive to keep information secure, you can contact us at firstname.lastname@example.org.
Storage and Transfer of Your Information
We may transfer, store and process Shoppers’ information, both PII and NPII, to or on computers located in the United States, Europe, or Canada. Accordingly, such information may be subject to the laws of these relevant jurisdictions.
Nilus’s technical infrastructure relies on data centers and cloud service providers that are located outside Europe on AWS platform.
There is no fixed period for the storage of Shoppers’ PII. We will remove Shoppers’ PII upon any of the following:
A request from the Shopper via our Shopper Rights Access Portal (see below);
A request from the applicable Store-based Client from which the Shopper, whose data is being deleted, was obtained, or such Shopper notifies Nilus in writing that their consent has been withdrawn;
An objection from a Shopper, via a Shopper or an applicable Store-based Client, is received by Nilus in writing relating to the processing of any Shopper PII;
If Nilus learns that any PII has been collected unlawfully;
A request from any supervisory authority or legal authority (e.g. police, third-party having an applicable court order) having sufficient legal authorization or Nilus being made aware that PII should be deleted to ensure compliance with any applicable legal obligation.
The storage period for any NPII that does not relate to, or uniquely identify, a Shopper is indefinite.
Nilus supports Shoppers’ rights in the following ways:
Accountability and DPO. While Nilus is not a controller of Shopper data, Nilus nevertheless encourages Shoppers to contact the Nilus (email@example.com) for issues relating to Shopper information that is collected or processed by Nilus via a Store-based Client (although Nilus reserves the right to take no action, and/or to forward Shopper’s concerns to the applicable Store-based Client, in cases where the issue relates to Shopper data collected or processed by the Store-based Client). Furthermore, the Shopper has the right to lodge a complaint about Nilus’s data protection with an applicable supervisory authority with jurisdiction to receive such a complaint. We note that for European Shoppers, there is no requirement for Nilus to have a European representative (as Nilus is not a controller); however, the applicable Store-based Client may, if applicable law requires such a representative, may be contacted regarding the processing of any data relating to a European person if that requirement applies to such Store-based Client.
Breaches. Nilus shall notify the Store-based Client that collected the information in the event of any breach or unauthorized access to Shoppers’ PII of the following information: the existence and nature of such breach, our DPO, possible or likely consequences, and measures taken to address or, where possible, mitigate the breach. Our standard terms with our Store-based Clients require them to comply with this requirement, where required by applicable law.
Nilus -enabled eCommerce platforms.
Questions and Concerns
If a Store-based Client or a Shopper using a Nilus-enabled eCommerce platform has any concerns about privacy concerning Nilus, they may contact us at firstname.lastname@example.org with a thorough description and we will try to resolve them.