Your rights under the California Consumer Privacy Act
The California Consumer Privacy Act (CCPA) provides you with rights regarding how your data or personal information is treated. Under the legislation, California residents can choose to opt out of the “sale” of their personal information to third parties. Based on the CCPA definition, “sale” refers to data collection for the purpose of creating advertising and other communications. Learn more about CCPA and your privacy rights.
How to opt out
General Data Protection Regulation (GDPR)
The European Union's General Data Protection Regulation (GDPR) came into effect on May 25, 2018. The GDPR imposes new obligations and responsibilities on controllers and processors of data.
As a merchant, you are generally the controller of your customers’ data. This means that you collect your customers’ data and choose how it is handled. Additionally, though it is a European regulation, the GDPR might apply to your business if you make goods and services available in Europe, even if you or your business are not located in Europe.
As a processor for your customers’ data, Shopify follows your instructions on how to handle that data. For more information about the roles of data controller and processor, see Shopify’s GDPR whitepaper (in English). For information about Shopify’s obligations as a data processor for your customer data, see the Data Processing Addendum.
Shopify believes strongly in protecting your customers’ personal data as well as your own, and understands that doing so is critical to help you preserve the trust and confidence of your customers. Shopify has designed its platform to allow merchants to operate anywhere in the world. GDPR-compliant features are built into Shopify's platform, including features to enable you to offer your customers transparency into and control over their personal data, and technical measures to ensure that your customers’ personal data is protected as it crosses borders. Shopify believes in making it easy for you to use our platform in a manner that complies with privacy and data protection laws like the GDPR.
While Shopify does what it can to set you up for success, there are also steps you will need to take on your own, and ultimately, compliance with the GDPR is the responsibility of each individual merchant. If you have legal questions specific to your obligations under the GDPR, consult with a local lawyer who is familiar with data protection laws.