Privacy Policy

This Privacy Policy explains how KEET TECHNOLOGY SOLUTIONS LTD (trading as ShopPro) collects, uses, stores, and shares personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

ShopPro's direct customers are merchant businesses — independent UK retailers (ShopPro Commerce) and barbershops (Clipd) — not members of the public. This policy primarily governs our handling of merchant business contact data, and explains the data processor role we play in relation to End Customer data collected by merchant storefronts.

The data controller for this policy is:

Our data handling falls into two distinct categories, depending on whose data is involved:

A. Merchant business data — ShopPro as data controller

ShopPro is the data controller for personal data relating to merchant business contacts and accounts. This includes:

• Business identity data: business name, trading address, contact name, email address, phone number, company registration details.
• Account credentials: login email and hashed password for the merchant admin dashboard (never stored in plaintext).
• Operational data: product catalogues, pricing, opening hours, and other configuration information provided by the Merchant.
• Financial contact data: billing contact details (bank account details for payment settlement are held by the PSP, not by us).
• Technical data: IP addresses, browser type, and usage logs relating to merchant admin access.

B. End Customer data — ShopPro as data processor

When End Customers (members of the public) place orders or make bookings through a merchant's storefront or booking interface, the merchant is the data controller for that End Customer's personal data. ShopPro acts as a data processor on the merchant's behalf, processing End Customer data only to the extent necessary to operate the platform on the merchant's instruction.

End Customer data processed on the merchant's behalf may include:

• Identity data: name, email address, phone number.
• Contact and delivery data: delivery address, postcode (ShopPro Commerce).
• Transaction or booking data: order history, items purchased, order amounts, appointment history, timestamps.
• Account data: hashed login credentials where the End Customer has created an account on the merchant storefront.

End Customers whose data ShopPro processes on a merchant's behalf should direct data-rights requests (access, erasure, etc.) to the relevant merchant in the first instance. The merchant is responsible for providing End Customers with an appropriate privacy notice under UK GDPR. ShopPro will cooperate with reasonable merchant requests to support compliance.

As data controller for merchant business data, ShopPro relies on the following lawful bases under UK GDPR:

• Contract performance (Article 6(1)(b)): Processing is necessary to deliver the platform services to the merchant and to manage the commercial relationship.
• Legal obligation (Article 6(1)(c)): We may process data where required by law, including financial record-keeping obligations.
• Legitimate interests (Article 6(1)(f)): We process certain technical and usage data to maintain the security and performance of our Services and to prevent fraud.
• Consent (Article 6(1)(a)): Where we seek consent for a specific purpose (such as direct marketing to a merchant contact), we will ask explicitly and you may withdraw it at any time.

As data processor for End Customer data, ShopPro processes data on the merchant's instruction and in accordance with the merchant's own lawful basis. ShopPro does not independently determine the purpose or means of processing End Customer data.

We use merchant business data (as data controller) to:

• Set up, provision, and manage the merchant's account and platform access.
• Communicate with the merchant regarding the Services, billing, and platform updates.
• Maintain, operate, and improve the platform.
• Detect, prevent, and investigate fraud and security incidents.
• Comply with our legal and regulatory obligations.

We use End Customer data (as data processor on the merchant's behalf) only to:

• Process orders and manage bookings on the merchant's storefront or booking interface.
• Send transactional communications (order confirmations, booking confirmations, account notifications) on behalf of the merchant.
• Maintain the security and integrity of the platform for the merchant's benefit.

ShopPro shares data with the following trusted third-party service providers to deliver the platform. Where ShopPro is acting as a data processor (for End Customer data), these parties are sub-processors:

• Viva.com / Viva Wallet (Payment Processing — sub-processor): Card payment data for End Customer transactions is processed by Viva.com, a regulated PSP. Viva acts as a sub-processor of transaction data on behalf of the merchant, and as an independent data controller for payment card data under its own Privacy Policy and PCI DSS obligations. ShopPro does not receive or store raw card numbers, CVVs, or sensitive authentication data.
• Cloud infrastructure providers: We use cloud hosting services to operate our platform. Hosting providers process data on our behalf as data processors.
• Email service providers: For transactional email delivery (order confirmations, booking confirmations, account notifications) sent on behalf of merchants.

We do not sell personal data to third parties. We do not share merchant or End Customer personal data with third parties for their own marketing purposes.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, and in accordance with our legal obligations:

• Transaction records are retained for seven years from the date of the transaction to satisfy financial record-keeping requirements under UK law.
• Account data is retained for the duration of the account and for up to two years after account closure, to handle any outstanding queries or disputes.
• Technical and log data is retained for a maximum of twelve months.

You may request earlier deletion of your personal data; see Section 8 (Your Rights) below.

We take appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, and destruction. These include access controls, encryption of data in transit (TLS), hashed storage of passwords, and regular security reviews. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

Under UK GDPR, individuals have the following rights in relation to their personal data:

• Right of access: Request a copy of the personal data held about you.
• Right to rectification: Request correction of inaccurate personal data.
• Right to erasure (“right to be forgotten”): Request deletion of personal data where there is no compelling reason for continued processing.
• Right to data portability: Request personal data in a structured, commonly-used, machine-readable format.
• Right to restriction: Request that processing be restricted in certain circumstances.
• Right to object: Object to processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

Merchant business contacts wishing to exercise rights in relation to their personal data held by ShopPro (as data controller) should contact us at admin@shoppro.tech. We will respond within one calendar month in accordance with UK GDPR.

End Customers (members of the public who use a merchant's storefront or booking interface) should direct data-rights requests to the relevant merchant in the first instance, as the merchant is the data controller for that data. ShopPro will cooperate with merchant requests to support End Customer rights where ShopPro holds relevant data as processor.

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection. The ICO can be contacted at: ico.org.uk or by post at: ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Before contacting the ICO, we encourage you to contact us first so we can try to resolve your concern directly.

Our Services use functional cookies necessary for the operation of the platform (such as session management and authentication). We may also use analytics cookies to understand how users interact with our Services; where we do so, we will seek your consent.

You can control cookies through your browser settings. Blocking functional cookies may affect the operation of the Services.

We may update this Privacy Policy from time to time. We will indicate the date of the most recent update at the top of this page. We will make reasonable efforts to notify Merchants of material changes via email. Your continued use of our Services after any changes constitutes acceptance of the updated Policy.

For any data protection enquiries, access requests, or to exercise your rights under UK GDPR: