Privacy Policy

Who we are

Arched Trading Ltd t/a friee.pl is responsible for the personal data described in this policy unless a separate agreement says otherwise.

Contact: Arched Trading Ltd t/a friee.pl, 43 Stratton Way, Biggleswade, Bedfordshire, SG18 0NS, United Kingdom. Telephone: +44 7933 353101.

What this policy covers

This policy covers personal data processed through:

• the friee.pl website and related public pages;
• support, sales, and operational communications with us;
• the Friee.pl Importer Shopify app, including the embedded Shopify admin experience, OAuth installation flow, webhooks, and Shopify Admin API sync features.

Data we collect

Website and contact data

• name, business name, email address, phone number, and message content;
• technical data such as IP address, browser type, device data, and page usage;
• records of support requests, commercial discussions, and service updates.

Shopify merchant and app data

• Shopify shop domain, shop ID, app installation status, scopes, and settings;
• merchant account and store contact information made available by Shopify;
• OAuth tokens, session identifiers, app configuration, sync status, and audit logs;
• product, variant, inventory level, location, fulfilment, and order data needed to run the app;
• customer data contained in Shopify orders where needed for order import, fulfilment, tracking, support, or compliance. This can include customer name, delivery address, billing address, email address, phone number, order contents, order notes, fulfilment status, and tracking details.

How we use data

• to provide, operate, secure, and improve friee.pl and the Shopify app;
• to connect Shopify stores to friee.pl accounts and maintain that connection;
• to import eligible Shopify orders into friee.pl for fulfilment workflows;
• to sync inventory, locations, fulfilments, tracking, and customer notifications where enabled;
• to respond to support requests, investigate errors, and prevent misuse;
• to comply with legal, tax, accounting, security, and Shopify platform obligations.

Lawful bases

We process personal data under the UK GDPR where one or more of these bases applies:

• contract, where processing is needed to provide the requested service;
• legitimate interests, including service security, support, fraud prevention, and app improvement;
• legal obligation, where records or disclosures are required by law;
• consent, where we ask for optional consent such as non-essential cookies or marketing.

Shopify app privacy and GDPR webhooks

When a merchant installs the Friee.pl Importer app, Shopify grants the app only the scopes needed for the features the app provides. Current app functionality can involve orders, fulfilments, inventory, locations, and products.

Shopify may send privacy compliance webhooks to us, including customer data requests, customer redaction requests, and shop redaction requests. We use those webhooks to locate, provide, or delete relevant app-held data in line with Shopify requirements and applicable law.

If a merchant uninstalls the app, we stop using the Shopify access token for that shop. We may retain limited records where needed for security, dispute handling, accounting, legal compliance, or backup integrity, and we delete or anonymise app data when it is no longer needed.

Sharing data

We share personal data only where needed for the service or where required by law. Recipients may include:

• Shopify, where the app reads from or writes to a merchant store on Shopify;
• hosting, database, monitoring, security, and infrastructure providers;
• fulfilment, delivery, and operational partners where needed to process orders;
• professional advisers, insurers, regulators, law enforcement, or courts where necessary;
• a buyer or successor if our business or assets are transferred.

International transfers

Some service providers may process data outside the United Kingdom or the European Economic Area. Where this happens, we use appropriate safeguards such as adequacy regulations, standard contractual clauses, or equivalent protections.

Retention

We keep personal data only for as long as reasonably needed for the purposes described in this policy. Typical retention factors include account status, app installation status, order fulfilment needs, support history, legal limitation periods, accounting requirements, security logs, and backup cycles.

Security

We use technical and organisational measures designed to protect personal data, including access controls, encrypted transport, credential controls, logging, and least-privilege access where practical. No internet service can be guaranteed completely secure.

Your rights

Depending on your location and relationship with us, you may have rights to access, correct, delete, restrict, object to, or receive a copy of your personal data. You may also withdraw consent where consent is the lawful basis.

To exercise rights, contact us using the details above. Shopify customers may also contact the merchant they purchased from, because the merchant normally controls the order relationship.

You can complain to the UK Information Commissioner Office at ico.org.uk if you are unhappy with how your data is handled.

Cookies

We use cookies and similar technologies as described in our Cookie Policy.

Changes

We may update this policy from time to time. The latest version will be posted on this page with the updated date.