Customer Application Privacy Policy Template

Customer Application Privacy Policy Template

Publication status: merchant template. Each Merchant must replace all merchant-specific fields before publishing. Appthework provides this template as an operational starting point, not as legal advice.

1. Controller

1.1 The controller for this ecommerce application is AppTheWork SRL , Str. Ernest Juvara 14, 615200, SECTOR 6, B, RO , 46315821 , support+tenant-1@dev.dropthework.test .

1.2 Dropthework, operated by Appthework SRL, provides the technical platform. Lnknst, operated by Appthework SRL, may provide authentication.

2. Personal data collected

2.1 Account data, including name, email and login identifiers.

2.2 Order data, including products purchased, billing details, delivery details and order history.

2.3 Payment references, including payment status and transaction references from payment providers.

2.4 Delivery data, including address, telephone number and courier information.

2.5 Communication data, including support messages and complaint correspondence.

2.6 Marketing consent and preference data where marketing is enabled.

2.7 Authentication data processed through Lnknst where login is enabled.

2.8 Technical and security data, including IP address, device/browser data, logs and fraud-prevention signals where applicable.

3. Purposes and legal bases

3.1 To process orders and deliver products. Legal basis: contract performance.

3.2 To issue invoices and comply with tax obligations. Legal basis: legal obligation.

3.3 To provide customer support. Legal basis: contract performance and legitimate interests.

3.4 To manage accounts and authentication. Legal basis: contract performance and legitimate interests.

3.5 To send marketing communications where legally permitted. Legal basis: consent or legitimate interests depending on applicable law.

3.6 To prevent fraud and secure the application. Legal basis: legitimate interests.

3.7 To manage returns, withdrawal requests, complaints and legal guarantee claims. Legal basis: contract performance, legal obligation and legitimate interests.

4. Processors and recipients

4.1 Dropthework, operated by Appthework SRL, processes data as technical platform provider.

4.2 Lnknst, operated by Appthework SRL, may process authentication data as identity provider.

4.3 Payment providers may process payment data.

4.4 Logistics providers may process delivery data.

4.5 Email, hosting, analytics and support providers may process data as needed.

4.6 Public authorities may receive data where required by law.

5. Retention

5.1 Order and invoice data are retained according to applicable tax and accounting laws.

5.2 Account data are retained while the account is active and afterward where necessary for legal, security or dispute purposes.

5.3 Marketing data are retained until withdrawal of consent or objection, unless a longer retention is justified.

5.4 Backup data may remain for approximately 30 days in technical backup systems.

5.5 Complaint, return and warranty data are retained as needed to manage legal obligations, disputes and claims.

6. Rights

6.1 Customers may request access, rectification, deletion, restriction, portability and objection where applicable.

6.2 Requests may be sent to support+tenant-1@dev.dropthework.test .

6.3 Some requests may be limited where retention is required by law, tax obligations, consumer claims, security, fraud prevention or legal claims.

7. Cookies

7.1 Cookies and similar technologies are described in the Cookie Policy at https://morfilio-srl-cfpmap.apthework.com/privacy .

7.2 Non-essential cookies or tracking technologies should be used only where legally permitted and, where required, after consent.

8. International transfers

8.1 Some providers may process data outside the European Economic Area.

8.2 Where this occurs, the Merchant should ensure that appropriate GDPR safeguards are used.

9. Complaints

9.1 Customers may contact support+tenant-1@dev.dropthework.test .

9.2 Customers may also lodge a complaint with the competent data protection authority.

10. Changes

10.1 The Merchant may update this Privacy Policy when the application, services, providers or legal requirements change.